Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Microsoft product.

RSS Feeds for Microsoft security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Microsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 103799 vulnerabilities

Microsoft Windows Server 20163703 vulnerabilities

Microsoft Windows Server 20193570 vulnerabilities

Microsoft Windows Server 20122778 vulnerabilities

Microsoft Windows Server 20082646 vulnerabilities

Microsoft Windows Server 20221876 vulnerabilities

Microsoft Windows 111863 vulnerabilities

Microsoft Windows 71801 vulnerabilities

Microsoft Windows 8.11700 vulnerabilities

Microsoft Windows Rt 8 11567 vulnerabilities

Microsoft Windows 10 1507943 vulnerabilities

Microsoft Windows 11 23h2776 vulnerabilities

Microsoft Office495 vulnerabilities

Microsoft Internet Explorer (IE)430 vulnerabilities
Popular web browser for windows

Microsoft Windows 11 24h2414 vulnerabilities

Microsoft Windows Vista382 vulnerabilities

Microsoft Sharepoint Server370 vulnerabilities

Microsoft Windows XP326 vulnerabilities

Microsoft Windows Server 2025295 vulnerabilities

Microsoft 365 Apps291 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Edge Browser264 vulnerabilities
Web Browser based on Chromium

Microsoft Windows Server 2003262 vulnerabilities

Microsoft Edge Chromium197 vulnerabilities

Microsoft Windows 2003 Server162 vulnerabilities

Microsoft Excel149 vulnerabilities
Spreadsheet Software

Microsoft Exchange Server125 vulnerabilities

Microsoft Sql Server 2019120 vulnerabilities

Microsoft Office Online Server119 vulnerabilities

Microsoft Visual Studio 2019114 vulnerabilities

Microsoft Windows 2000112 vulnerabilities

Microsoft Visual Studio 2022101 vulnerabilities

Microsoft Sql Server 202290 vulnerabilities

Microsoft Visual Studio 201788 vulnerabilities

Microsoft Dynamics 36586 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Windows 10 21h182 vulnerabilities

Microsoft Sql Server 201782 vulnerabilities

Microsoft Sql Server 201680 vulnerabilities

Microsoft Word79 vulnerabilities

Microsoft Outlook65 vulnerabilities

Microsoft Net63 vulnerabilities

Microsoft Windows 861 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Windows Nt55 vulnerabilities

Microsoft Windows Server 20h251 vulnerabilities

Microsoft Visual Studio Code51 vulnerabilities
VSCode Developer IDE

Microsoft Windows Rt46 vulnerabilities

Microsoft Windows 10 190945 vulnerabilities

Microsoft Windows 10 180343 vulnerabilities

Microsoft Visual Studio40 vulnerabilities
Developer IDE

Microsoft Windows 10 170940 vulnerabilities

Microsoft Azure Devops Server39 vulnerabilities

Microsoft SQL Server39 vulnerabilities
Database Server

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft Windows Server 180334 vulnerabilities

Microsoft Excel Viewer33 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Windows 10 170331 vulnerabilities

Microsoft Windows Server 200428 vulnerabilities

Microsoft Windows 10 200426 vulnerabilities

Microsoft Windows 10 190326 vulnerabilities

Microsoft Windows Server 190325 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Windows Server 23h220 vulnerabilities

Microsoft Office Word Viewer20 vulnerabilities

Microsoft Defender For Iot20 vulnerabilities

Microsoft Powershell19 vulnerabilities

Microsoft Visio19 vulnerabilities

Microsoft Remote Desktop17 vulnerabilities

Microsoft Windows 10 151116 vulnerabilities

Microsoft Teams15 vulnerabilities

Microsoft Windows14 vulnerabilities

Microsoft Word Viewer14 vulnerabilities

Microsoft Windows Server 190914 vulnerabilities

Microsoft Windows Server 170913 vulnerabilities

Microsoft Powerpoint13 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Lync12 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Skype For Business11 vulnerabilities

Microsoft Raw Image Extension11 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2025-5958 Chromium: CVE-2025-5958 Use after free in Media June 13, 2025
CVE-2025-5959 Chromium: CVE-2025-5959 Type Confusion in V8 June 13, 2025
CVE-2025-32711 CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability June 11, 2025
CVE-2025-32717 CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability June 11, 2025
CVE-2025-47977 CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability June 10, 2025
CVE-2025-47959 CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability June 10, 2025
CVE-2025-47968 CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability June 10, 2025
CVE-2025-3052 CVE-2025-3052 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass June 10, 2025
CVE-2025-47176 CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability June 10, 2025
CVE-2025-47175 CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability June 10, 2025

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-32706 Exploit Probability: 12.1%
May 13, 2025
Microsoft Windows Scripting Engine Type Confusion Vulnerability Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.
CVE-2025-30397 Exploit Probability: 12.8%
May 13, 2025
Microsoft Windows DWM Core Library Use-After-Free Vulnerability Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-30400 Exploit Probability: 3.7%
May 13, 2025
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
CVE-2025-32709 Exploit Probability: 4.2%
May 13, 2025
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-32701 Exploit Probability: 4.2%
May 13, 2025
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24054 Exploit Probability: 35.4%
April 17, 2025
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-29824 Exploit Probability: 2.7%
April 8, 2025
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to execute code over a network.
CVE-2025-26633 Exploit Probability: 5.5%
March 11, 2025
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code with a physical attack.
CVE-2025-24985 Exploit Probability: 1.2%
March 11, 2025
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that could allow for information disclosure.
CVE-2025-24991 Exploit Probability: 3.1%
March 11, 2025
Microsoft Windows Win32k Use-After-Free Vulnerability Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-24983 Exploit Probability: 1.7%
March 11, 2025
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that could allow an authorized attacker to execute code locally.
CVE-2025-24993 Exploit Probability: 5.5%
March 11, 2025
Microsoft Windows NTFS Information Disclosure Vulnerability Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an authorized attacker to disclose information locally. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.
CVE-2025-24984 Exploit Probability: 18.7%
March 11, 2025
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
CVE-2018-8639 Exploit Probability: 20.8%
March 3, 2025
Microsoft Partner Center Improper Access Control Vulnerability Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
CVE-2024-49035 Exploit Probability: 4.5%
February 25, 2025
Microsoft Power Pages Improper Access Control Vulnerability Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
CVE-2025-24989 Exploit Probability: 10.2%
February 21, 2025
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVE-2025-21418 Exploit Probability: 12.2%
February 11, 2025
Microsoft Windows Storage Link Following Vulnerability Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.
CVE-2025-21391 Exploit Probability: 4.0%
February 11, 2025
Microsoft Outlook Improper Input Validation Vulnerability Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
CVE-2024-21413 Exploit Probability: 93.7%
February 6, 2025
Microsoft .NET Framework Information Disclosure Vulnerability Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
CVE-2024-29059 Exploit Probability: 93.7%
February 4, 2025

Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited Microsoft vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Microsoft Vulnerabilities

Based on the current exploit probability, these Microsoft vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2020-1472 94.4% NetLogon Privilege Escalation Vulnerability
2 CVE-2019-0708 94.4% "BlueKeep" Microsoft Windows Remote Desktop Remote Code Execution Vulnerability
3 CVE-2020-0796 94.4% Microsoft SMBv3 Remote Code Execution Vulnerability
4 CVE-2020-0688 94.4% Microsoft Exchange Server Key Validation Vulnerability
5 CVE-2019-0604 94.4% Microsoft SharePoint Remote Code Execution Vulnerability
6 CVE-2017-11882 94.4% Microsoft Office memory corruption vulnerability
7 CVE-2021-26855 94.4% Microsoft OWA Exchange Control Panel (ECP) Exploit Chain
8 CVE-2017-0199 94.4% Microsoft Office/WordPad Remote Code Execution Vulnerability with Windows API
9 CVE-2017-7269 94.4% Microsft Windows Server 2003 R2 IIS WEBDAV buffer overflow Remote Code Execution vulnerability (COVI
10 CVE-2023-29357 94.4% Microsoft SharePoint Server Privilege Escalation Vulnerability

By the Year

In 2025 there have been 629 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year, in 2024 Microsoft had 1366 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.21




Year Vulnerabilities Average Score
2025 629 7.36
2024 1366 7.57
2023 1466 7.28
2022 1299 7.44
2021 1113 7.45
2020 1208 7.26
2019 764 7.10
2018 580 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Improper neutralization of special elements used in a command ('command injection') in Visual Studio

CVE-2025-47959 7.1 - High - June 13, 2025

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

Command Injection

Untrusted search path in .NET and Visual Studio

CVE-2025-30399 7.5 - High - June 13, 2025

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

Untrusted Path

Ai command injection in M365 Copilot

CVE-2025-32711 9.3 - Critical - June 11, 2025

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Command Injection

Use after free in Media in Google Chrome prior to 137.0.7151.103

CVE-2025-5958 - June 11, 2025

Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103

CVE-2025-5959 - June 11, 2025

Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Heap-based buffer overflow in Microsoft Office Word

CVE-2025-32717 8.4 - High - June 11, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software

CVE-2025-3052 - June 10, 2025

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform

CVE-2025-47977 8.2 - High - June 10, 2025

Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.

XSS

Improper input validation in Microsoft AutoUpdate (MAU)

CVE-2025-47968 7.8 - High - June 10, 2025

Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Use after free in Microsoft Office Word

CVE-2025-47957 8.4 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Exposure of sensitive information to an unauthorized actor in Windows Hello

CVE-2025-47969 4.4 - Medium - June 10, 2025

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

Information Disclosure

Improper access control in Windows SDK

CVE-2025-47962 7.8 - High - June 10, 2025

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

Authorization

External control of file name or path in Windows Security App

CVE-2025-47956 5.5 - Medium - June 10, 2025

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.

External Control of File Name or Path

Improper privilege management in Windows Remote Access Connection Manager

CVE-2025-47955 7.8 - High - June 10, 2025

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Improper Privilege Management

Use after free in Microsoft Office

CVE-2025-47953 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

'.../...//' in Microsoft Office Outlook allows an authorized

CVE-2025-47176 7.8 - High - June 10, 2025

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Use after free in Microsoft Office PowerPoint

CVE-2025-47175 7.8 - High - June 10, 2025

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Excel

CVE-2025-47174 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Improper input validation in Microsoft Office

CVE-2025-47173 7.8 - High - June 10, 2025

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

Improper Restriction of Names for Files and Other Resources

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint

CVE-2025-47172 8.8 - High - June 10, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

SQL Injection

Improper input validation in Microsoft Office Outlook

CVE-2025-47171 6.7 - Medium - June 10, 2025

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Improper Input Validation

Use after free in Microsoft Office Word

CVE-2025-47170 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Heap-based buffer overflow in Microsoft Office Word

CVE-2025-47169 7.8 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Use after free in Microsoft Office Word

CVE-2025-47168 7.8 - High - June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Office

CVE-2025-47167 8.4 - High - June 10, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Deserialization of untrusted data in Microsoft Office SharePoint

CVE-2025-47166 8.8 - High - June 10, 2025

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

Use after free in Microsoft Office Excel

CVE-2025-47165 7.8 - High - June 10, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Use after free in Microsoft Office

CVE-2025-47164 8.4 - High - June 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Deserialization of untrusted data in Microsoft Office SharePoint

CVE-2025-47163 8.8 - High - June 10, 2025

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Marshaling, Unmarshaling

Improper access control in Windows SMB

CVE-2025-33073 8.8 - High - June 10, 2025

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Authorization

Heap-based buffer overflow in Microsoft Office

CVE-2025-47162 8.4 - High - June 10, 2025

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Protection mechanism failure in Windows Shell

CVE-2025-47160 5.4 - Medium - June 10, 2025

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Protection Mechanism Failure

Improper link resolution before file access ('link following') in Windows Installer

CVE-2025-33075 7.8 - High - June 10, 2025

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

insecure temporary file

Protection mechanism failure in Windows DHCP Server

CVE-2025-33050 7.5 - High - June 10, 2025

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Protection Mechanism Failure

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-32719 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-32720 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Improper link resolution before file access ('link following') in Windows Recovery Driver

CVE-2025-32721 7.3 - High - June 10, 2025

Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

insecure temporary file

Improper access control in Windows Storage Port Driver

CVE-2025-32722 5.5 - Medium - June 10, 2025

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Authorization

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS)

CVE-2025-32724 7.5 - High - June 10, 2025

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33058 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33059 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33060 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33061 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33062 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33063 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS)

CVE-2025-33064 8.8 - High - June 10, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33065 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Improper access control in Microsoft Local Security Authority Server (lsasrv)

CVE-2025-33056 7.5 - High - June 10, 2025

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Authorization

Null pointer dereference in Windows Local Security Authority (LSA)

CVE-2025-33057 6.5 - Medium - June 10, 2025

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

NULL Pointer Dereference

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service

CVE-2025-33068 7.5 - High - June 10, 2025

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.