Microsoft: >> Windows Server 2025 Security Vulnerabilities
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
CVSS Score
6.5
EPSS Score
0.007
Published
2026-06-09
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVSS Score
9.6
EPSS Score
0.003
Published
2026-06-09
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2026-06-09
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2026-06-09
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.002
Published
2026-06-09
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.003
Published
2026-06-09
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Mitigation FAQs
Should I leverage the temporary mitigation?
Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.
What impact to service availability/management could be caused by implementing the mitigations?
Implementing these mitigations will not impact service availability or management operations.
Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?
No. The security update will maintain the mitigation's behavior once the security update is installed.
I am using TPM+PIN, am I at risk of this vulnerability being exploited
No, if you are using TPM+PIN the vulnerability is not exploitable.
CVSS Score
6.8
EPSS Score
0.008
Published
2026-05-20