| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Search Remote Code Execution Vulnerability |
| Windows Error Reporting Service Elevation of Privilege Vulnerability |
| Windows Mark of the Web Security Feature Bypass Vulnerability |
| Microsoft WordPad Information Disclosure Vulnerability |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Windows SmartScreen Security Feature Bypass Vulnerability |
| Windows MSHTML Platform Elevation of Privilege Vulnerability |
| Microsoft Streaming Service Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
| The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate’s TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement. |
| Windows Kernel Elevation of Privilege Vulnerability |
| SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.
The SMB Server already supports mechanisms for hardening against relay attacks:
SMB Server signing
SMB Server Extended Protection for Authentication (EPA)
Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.
If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA.
Adopt appropriate SMB Server hardening measures. |
| Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network. |
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. |
