Windows update

  1. CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability

    Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ as follows: 1. Added a reminder to customers that The DisableCapiOverrideForRSA registry key will be removed in April 2026. 2. Added an update that states: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see [Guidance for certificate handling for Smart Card propagated certificates](http://support.microsoft.com/kb/5073121) for guidance for application developers on how to detect the correct handler and resolve these issues. These are informational changes only.

  2. CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability

    The following updates have been made: 1. To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2. Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update.

  3. CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

    Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  4. CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

    Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

  5. CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

    Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  6. CVE-2025-62458 Win32k Elevation of Privilege Vulnerability

    Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

  7. CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability

    Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

  8. CVE-2025-62469 Microsoft Brokering File System Elevation of Privilege Vulnerability

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

  9. CVE-2025-62470 Windows Common Log File System Driver Elevation of Privilege Vulnerability

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  10. CVE-2025-62472 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

    Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

  11. CVE-2025-62473 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

    Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

  12. CVE-2025-62549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

    Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

  13. CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  14. CVE-2025-62563 Microsoft Excel Remote Code Execution Vulnerability

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  15. CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  16. CVE-2025-62571 Windows Installer Elevation of Privilege Vulnerability

    Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.

  17. CVE-2025-62572 Application Information Service Elevation of Privilege Vulnerability

    Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.

  18. CVE-2025-62573 DirectX Graphics Kernel Elevation of Privilege Vulnerability

    Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

  19. CVE-2025-64658 Windows File Explorer Elevation of Privilege Vulnerability

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

  20. CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  21. CVE-2025-64666 Microsoft Exchange Server Elevation of Privilege Vulnerability

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  22. CVE-2025-64670 Windows DirectX Information Disclosure Vulnerability

    Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.

  23. CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability

    Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.

  24. CVE-2025-59516 Windows Storage VSP Driver Elevation of Privilege Vulnerability

    Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

  25. CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability

    Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

  26. CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

    Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

  27. CVE-2025-62461 Windows Projected File System Elevation of Privilege Vulnerability

    Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

  28. CVE-2025-62462 Windows Projected File System Elevation of Privilege Vulnerability

    Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  29. CVE-2025-62463 DirectX Graphics Kernel Denial of Service Vulnerability

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

  30. CVE-2025-62464 Windows Projected File System Elevation of Privilege Vulnerability

    Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  31. CVE-2025-62465 DirectX Graphics Kernel Denial of Service Vulnerability

    Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

  32. CVE-2025-55233 Windows Projected File System Elevation of Privilege Vulnerability

    Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  33. CVE-2025-62467 Windows Projected File System Elevation of Privilege Vulnerability

    Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

  34. CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability

    Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.

  35. CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

    Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

  36. CVE-2025-62550 Azure Monitor Agent Remote Code Execution Vulnerability

    Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.

  37. CVE-2025-62552 Microsoft Access Remote Code Execution Vulnerability

    Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

  38. CVE-2025-62553 Microsoft Excel Remote Code Execution Vulnerability

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  39. CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  40. CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  41. CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  42. CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  43. CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  44. CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  45. CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  46. CVE-2025-62567 Windows Hyper-V Denial of Service Vulnerability

    Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.

  47. CVE-2025-62569 Microsoft Brokering File System Elevation of Privilege Vulnerability

    Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

  48. CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability

    Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.

  49. CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability

    Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.

  50. CVE-2025-64661 Windows Shell Elevation of Privilege Vulnerability

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

Приглашаю на лучшие дистанционные курсы повышения квалификации, курсы профессиональной переподготовки и курсы по специальностям на проверенной образовательной платформе «Знанио».

Воспользуйтесь моим купоном «9954514» при оформлении заказа, чтобы получить скидку -50% на https://znanio.ru на все курсы и другие услуги портала.

Прогноз погоды в Анадырь
world-weather.ru