Microsoft Ürünleri Güvenlik Açığı Bülteni

MSRC Security Update Guide

CVE-2025-21262 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Information published.
CVE-2024-49109 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Updated acknowledgment. This is an informational change only.
Chromium: CVE-2025-0291 Type Confusion in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025 ) for more information.
CVE-2025-21312 Windows Smart Card Reader Information Disclosure Vulnerability
Information published.
CVE-2025-21232 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21286 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Information published.
CVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Information published.
CVE-2025-21403 On-Premises Data Gateway Information Disclosure Vulnerability
Information published.
CVE-2025-21233 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Information published.
CVE-2025-21214 Windows BitLocker Information Disclosure Vulnerability
Information published.
CVE-2025-21215 Secure Boot Security Feature Bypass Vulnerability
Information published.
CVE-2025-21210 Windows BitLocker Information Disclosure Vulnerability
Information published.
CVE-2025-21171 .NET Remote Code Execution Vulnerability
Information published.
CVE-2025-21413 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21339 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Information published.
CVE-2025-21378 Windows CSC Service Elevation of Privilege Vulnerability
Information published.
CVE-2025-21236 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21409 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21237 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21329 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21239 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21187 Microsoft Power Automate Remote Code Execution Vulnerability
Information published.
CVE-2025-21241 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21228 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21242 Windows Kerberos Information Disclosure Vulnerability
Information published.
CVE-2025-21273 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21243 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21305 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21244 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2021-45985 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-read
The following updates have been made: 1) Added Windows Software to the Security Updates table. Microsoft recommends updating to the latest version of their Windows operating system. 2) Added an FAQ to describe further actions customers need to take to be protected from this vulnerability.
CVE-2025-21248 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21361 Microsoft Outlook Remote Code Execution Vulnerability
Information published.
CVE-2025-21249 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service Vulnerability
Information published.
CVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21250 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21252 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21411 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21255 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21405 Visual Studio Elevation of Privilege Vulnerability
Information published.
CVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Information published.
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability
Information published.
CVE-2025-21258 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Information published.
CVE-2025-21260 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21211 Secure Boot Security Feature Bypass Vulnerability
Information published.
CVE-2025-21263 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21226 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21265 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21266 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21261 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21268 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability
Information published.
CVE-2025-21269 Windows HTML Platforms Security Feature Bypass Vulnerability
Information published.
CVE-2025-21292 Windows Search Service Elevation of Privilege Vulnerability
Information published.
CVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21308 Windows Themes Spoofing Vulnerability
Information published.
CVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Information published.
CVE-2025-21323 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21272 Windows COM Server Information Disclosure Vulnerability
Information published.
CVE-2025-21336 Windows Cryptographic Information Disclosure Vulnerability
Information published.
CVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure Vulnerability
Information published.
CVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Information published.
CVE-2025-21372 Microsoft Brokering File System Elevation of Privilege Vulnerability
Information published.
CVE-2025-21281 Microsoft COM for Windows Elevation of Privilege Vulnerability
Information published.
CVE-2025-21218 Windows Kerberos Denial of Service Vulnerability
Information published.
CVE-2025-21282 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21326 Internet Explorer Remote Code Execution Vulnerability
Information published.
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
CVE-2025-21246 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.
CVE-2025-21238 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability
Information published.
CVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Information published.
CVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
Information published.
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
Information published.
CVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21389 Windows upnphost.dll Denial of Service Vulnerability
Information published.
CVE-2025-21288 Windows COM Server Information Disclosure Vulnerability
Information published.
CVE-2025-21395 Microsoft Access Remote Code Execution Vulnerability
Information published.
CVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21217 Windows NTLM Spoofing Vulnerability
Information published.
CVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Information published.
CVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Information published.
CVE-2025-21291 Windows Direct Show Remote Code Execution Vulnerability
Information published.
CVE-2025-21328 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability
Information published.
CVE-2025-21220 Microsoft Message Queuing Information Disclosure Vulnerability
Information published.
CVE-2025-21294 Microsoft Digest Authentication Remote Code Execution Vulnerability
Information published.
CVE-2025-21193 Active Directory Federation Server Spoofing Vulnerability
Information published.
CVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
Information published.
CVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Information published.
CVE-2025-21296 BranchCache Remote Code Execution Vulnerability
Information published.
CVE-2025-21186 Microsoft Access Remote Code Execution Vulnerability
Information published.
CVE-2025-21297 Windows Remote Desktop Services Remote Code Execution Vulnerability
Information published.
CVE-2025-21213 Secure Boot Security Feature Bypass Vulnerability
Information published.
CVE-2025-21298 Windows OLE Remote Code Execution Vulnerability
Information published.
CVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Information published.
CVE-2025-21299 Windows Kerberos Security Feature Bypass Vulnerability
Information published.
CVE-2025-21227 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21301 Windows Geolocation Service Information Disclosure Vulnerability
Information published.
CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21302 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21231 IP Helper Denial of Service Vulnerability
Information published.
CVE-2025-21303 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21256 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Information published.
CVE-2025-21189 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21306 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21274 Windows Event Tracing Denial of Service Vulnerability
Information published.
CVE-2025-21309 Windows Remote Desktop Services Remote Code Execution Vulnerability
Information published.
CVE-2025-21276 Windows MapUrlToZone Denial of Service Vulnerability
Information published.
CVE-2025-21314 Windows SmartScreen Spoofing Vulnerability
Information published.
CVE-2025-21287 Windows Installer Elevation of Privilege Vulnerability
Information published.
CVE-2025-21315 Microsoft Brokering File System Elevation of Privilege Vulnerability
Information published.
CVE-2025-21300 Windows upnphost.dll Denial of Service Vulnerability
Information published.
CVE-2025-21316 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Information published.
CVE-2025-21318 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21310 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21319 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21317 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21320 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21172 .NET and Visual Studio Remote Code Execution Vulnerability
Information published.
CVE-2025-21321 Windows Kernel Memory Information Disclosure Vulnerability
Information published.
CVE-2025-21331 Windows Installer Elevation of Privilege Vulnerability
Information published.
CVE-2025-21327 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21338 GDI+ Remote Code Execution Vulnerability
Information published.
CVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Information published.
CVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Information published.
CVE-2025-21178 Visual Studio Remote Code Execution Vulnerability
Information published.
CVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Information published.
CVE-2025-21173 .NET Elevation of Privilege Vulnerability
Information published.
CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Information published.
CVE-2025-21341 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21374 Windows CSC Service Information Disclosure Vulnerability
Information published.
CVE-2025-21344 Microsoft SharePoint Server Remote Code Execution Vulnerability
Information published.
CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability
Information published.
CVE-2025-21345 Microsoft Office Visio Remote Code Execution Vulnerability
Information published.
ADV990001 Latest Servicing Stack Updates
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.
CVE-2025-21346 Microsoft Office Security Feature Bypass Vulnerability
Information published.
CVE-2025-21332 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability
Information published.
CVE-2025-21311 Windows NTLM V1 Elevation of Privilege Vulnerability
Information published.
CVE-2025-21356 Microsoft Office Visio Remote Code Execution Vulnerability
Information published.
CVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Information published.
CVE-2025-21357 Microsoft Outlook Remote Code Execution Vulnerability
Information published.
CVE-2025-21417 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21363 Microsoft Word Remote Code Execution Vulnerability
Information published.
CVE-2025-21240 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21364 Microsoft Excel Security Feature Bypass Vulnerability
Information published.
CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21365 Microsoft Office Remote Code Execution Vulnerability
Information published.
CVE-2025-21245 Windows Telephony Service Remote Code Execution Vulnerability
Information published.
CVE-2025-21366 Microsoft Access Remote Code Execution Vulnerability
Information published.
CVE-2025-21362 Microsoft Excel Remote Code Execution Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
CVE-2025-21382 Windows Graphics Component Elevation of Privilege Vulnerability
Information published.
CVE-2025-21354 Microsoft Excel Remote Code Execution Vulnerability
Information published.
CVE-2025-21219 MapUrlToZone Security Feature Bypass Vulnerability
Information published.
CVE-2025-21324 Windows Digital Media Elevation of Privilege Vulnerability
Information published.
CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
CVE-2025-21385 Microsoft Purview Information Disclosure Vulnerability
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
CVE-2024-43594 Microsoft System Center Elevation of Privilege Vulnerability
Fixed a typo in the FAQ.
CVE-2024-49051 Microsoft PC Manager Elevation of Privilege Vulnerability
To comprehensively address CVE-2024-49051, Microsoft released security updates on December 10, 2024 for Microsoft PC Manager. Microsoft recommends that customers running this product install the updates to be fully protected from the vulnerability.
CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability
Clarified that the product containing the vulnerability is Visual Studio Code for Linux. This is an informational change only.
CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
Providing further clarification about how to configure the EnableCertPaddingCheck registry value to implement and revert the improvement to authenticode signature verification. Customers who had successfully followed previous guidance do not need to make further changes to their systems. Although Windows treats the EnableCertPaddingCheck value as a DWORD, its actual registry value type does not matter, as long as all these length and data requirements are met. See the **Suggested Actions** section for more information.
CVE-2024-43600 Microsoft Office Elevation of Privilege Vulnerability
In the Security Updates Table, removed KB2920716 from the Office 2016 for 32-bit version as this update does not apply to this version.
Chromium: CVE-2024-12695 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12694 Use after free in Compositing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.

Arif Akyüz Sistem Network Yöneticisi ve Siber Güvenlik Uzmanı

Arif Akyüz
Bilgi Teknolojileri
Sistem Network Yöneticisi
ve Siber Güvenlik Uzmanı
[email protected]