Severity
High
Analysis Summary
CVE-2025-62572 CVSS:7.8
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-62550 CVSS:8.8
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
CVE-2025-62463 CVSS:6.5
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62465 CVSS:6.5
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.
CVE-2025-62573 CVSS:7
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-62469 CVSS:7
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Impact
- Denial of Service
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-62572
CVE-2025-62550
CVE-2025-62463
CVE-2025-62465
CVE-2025-62573
CVE-2025-62469
Affected Vendors
- Microsoft
Affected Products
- Microsoft Azure Monitor Agent
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 25H2 for ARM64-based Systems
- Microsoft Windows 11 Version 25H2 for x64-based Systems
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.