Multiple Apache Products Vulnerabilities
January 22, 2025Multiple IBM Products Vulnerabilities
January 22, 2025Multiple Apache Products Vulnerabilities
January 22, 2025Multiple IBM Products Vulnerabilities
January 22, 2025Severity
High
Analysis Summary
CVE-2025-21325 CVSS:7.8
Microsoft Windows Secure Kernel Mode could allow a local authenticated attacker to gain SYSTEM privileges.
CVE-2025-21409 CVSS:8.8
Windows Telephony Service Remote Code Execution Vulnerability.
CVE-2025-21417 CVSS:8.8
Windows Telephony Service Remote Code Execution Vulnerability.
CVE-2025-21311 CVSS:9.8
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in NTLM V1 component.
CVE-2025-21333 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Hyper-V NT Kernel Integration VSP component.
CVE-2025-21326 CVSS:7.8
Microsoft Windows could allow a local attacker to execute arbitrary code on the system, caused by a flaw in Internet Explorer component.
CVE-2025-21218 CVSS:7.5
Windows Kerberos Denial of Service Vulnerability.
CVE-2025-21378 CVSS:7.8
Windows CSC Service Elevation of Privilege Vulnerability.
CVE-2025-21370 CVSS:7.8
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability.
Impact
- Code Execution
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-21325
CVE-2025-21409
CVE-2025-21417
CVE-2025-21311
CVE-2025-21333
CVE-2025-21326
CVE-2025-21218
CVE-2025-21378
CVE-2025-21370
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Windows 11 version 22H2 - 10.0.22621.0
- Microsoft Windows 10 Version 22H2 - 10.0.19045.0
- Microsoft Windows Server 2025 (Server Core installation) - 10.0.26100.0
- Microsoft Windows 11 version 22H3 - 10.0.22631.0
- Microsoft Windows Server 2012 (Server Core installation) - 6.2.9200.0
- Microsoft Windows Server 2012 R2 - 6.3.9600.0
- Microsoft Windows Server 2012 R2 (Server Core installation) - 6.3.9600.0
- Microsoft Windows 11 Version 23H2 - 10.0.22631.0
- Microsoft Windows 11 Version 24H2 - 10.0.26100.0
- Microsoft Windows Server 2016 - 10.0.14393.0
- Microsoft Windows Server 2016 (Server Core installation) - 10.0.14393.0
- Microsoft Windows 10 Version 21H2 - 10.0.19043.0
- Microsoft Windows Server 2025 (Server Core installation) - N/A
- Microsoft Windows Server 2025 - 10.0.26100.0
- Microsoft Windows 10 Version 1507 - 10.0.10240.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.