Severity
High
Analysis Summary
CVE-2025-47978 CVSS:6.5
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2025-26636 CVSS:5.5
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-48808 CVSS:5.5
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-47996 CVSS:7.8
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-49682 CVSS:7.3
Use after free in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-49691 CVSS:8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
CVE-2025-49716 CVSS:7.5
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
CVE-2025-49725 CVSS:7.8
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49726 CVSS:7.8
Use after free in Windows Notification allows an authorized attacker to elevate privileges locally.
CVE-2025-49680 CVSS:7.3
Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.
Impact
- Denial of Service
- Information Disclosure
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-47978
CVE-2025-26636
CVE-2025-48808
CVE-2025-47996
CVE-2025-49682
CVE-2025-49691
CVE-2025-49716
CVE-2025-49725
CVE-2025-49726
CVE-2025-49680
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 for 32-bit Systems
- Microsoft Windows 10 for x64-based Systems
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 Version 1809 for 32-bit Systems
- Microsoft Windows 10 Version 1809 for x64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2022
- Microsoft Windows Server 2019 (Server Core installation)
- Microsoft Windows Server 2022 (Server Core installation)
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Microsoft Windows Server 2012 (Server Core installation)
- Microsoft Windows Server 2012 R2 (Server Core installation)
- Microsoft Windows Server 2016 (Server Core installation)
- Microsoft Windows Server 2025
- Microsoft Windows 11 Version 24H2 for x64-based Systems
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems
- Microsoft Windows 11 Version 23H2 for x64-based Systems
- Microsoft Windows 11 Version 23H2 for ARM64-based Systems
- Microsoft Windows Server 2025 (Server Core installation)
- Microsoft Windows 10 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for x64-based Systems
- Microsoft Windows 11 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for x64-based Systems
- Microsoft Windows 10 Version 22H2 for 32-bit Systems
- Microsoft Windows 10 Version 22H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for ARM64-based Systems
- Microsoft Windows 10 Version 21H2 for 32-bit Systems
- Microsoft Windows Server 2022 23H2 Edition (Server Core installation)
Remediation
Refer to Microsoft Website for patch, upgrade, or suggested workaround information.