Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-21202: Windows Recovery Environment Agent Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker needs physical access to the victim's machine.

Microsoft Security Response Center
Open in Source
#vulnerability#mac#windows#Windows Recovery Environment Agent#Security Vulnerability
CVE-2025-21230: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

CVE-2025-21229: Windows Digital Media Elevation of Privilege Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2025-21228: Windows Digital Media Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-21224: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server.

CVE-2025-21213: Secure Boot Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Secure Boot.

CVE-2025-21232: Windows Digital Media Elevation of Privilege Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2025-21231: IP Helper Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?** As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash.

CVE-2025-21226: Windows Digital Media Elevation of Privilege Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2025-21225: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.