AI description
CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.
- Description
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-707
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
CVE-2025-26633 (CVSS 7.8) โ Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server https://t.co/OlNW8nJSfu
@MBanyamer78465
21 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MSC-EvilTwin-Local-Privilege-Escalation #exploit CVE-2025-26633 (CVSS 7.8) โ Zero-day MMC .msc EvilTwin LPE actively exploited by Water Gamayun APT. PoC creates local admin via malicious MSC file on unpatched Windows 10/11/Server. Patched March 2... https://t.co/rldBK3JiaT
@TheExploitLab
17 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ใญใทใข็ณป APT Water Gamayun ใ Windows MMC ใฎใผใญใใค CVE-2025-26633 (MSC EvilTwin) ใๆช็จใ.msc๏ผ.msi ็ต็ฑใงใใใฏใใข๏ผStealer ใ้ ๅธใๆ ๅ ฑ็ชๅใจๆ็ถไพตๅ ฅใๆชใใใ็ฐๅขใฏๅณๆดๆฐใใ#WaterGamayun #MSCEvilTwin #WindowsSecurity https:
@01ra66it
28 Nov 2025
558 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
๐จ ๐๐๐ญ๐๐ซ ๐๐๐ฆ๐๐ฒ๐ฎ๐ง ๐๐๐๐ฉ๐จ๐ง๐ข๐ณ๐๐ฌ โ๐๐๐ ๐๐ฏ๐ข๐ฅ๐๐ฐ๐ข๐งโ ๐๐๐ซ๐จ-๐๐๐ฒ ๐๐จ๐ซ ๐๐ญ๐๐๐ฅ๐ญ๐ก๐ฒ ๐๐๐๐ค๐๐จ๐จ๐ซ ๐๐ญ๐ญ๐๐
@PurpleOps_io
27 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russia-aligned APT Water Gamayun exploits zero-day CVE-2025-26633, dubbed MSC EvilTwin, to stealthily inject malware via trusted Windows processes like MMC, using fake business sites to deliver payloads. #WaterGamayun #MSC_EvilTwin #Russia https://t.co/5PNrai1456
@TweetThreatNews
27 Nov 2025
137 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
๐ ๐๐๐ญ๐๐ซ ๐๐๐ฆ๐๐ฒ๐ฎ๐ง ๐๐๐๐ฉ๐จ๐ง๐ข๐ณ๐๐ฌ &#๐๐;๐๐๐ ๐๐ฏ๐ข๐ฅ๐๐ฐ๐ข๐ง&#๐๐; ๐๐๐ซ๐จ-๐๐๐ฒ ๐๐จ๐ซ ๐๐ญ๐๐๐ฅ๐ญ๐ก๐ฒ ๐๐๐๐ค๐๐จ๐จ๐ซ
@PurpleOps_io
27 Nov 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Water Gamayun Hackers Exploit Windows MSC EvilTwin 0-Day to Inject Stealthy Malware Source: https://t.co/kgaHLV8SzD Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633)
@The_Cyber_News
27 Nov 2025
3883 Impressions
27 Retweets
95 Likes
20 Bookmarks
1 Reply
0 Quotes
Rusya yanlฤฑsฤฑ Water Gamayun, Windows MMC'deki CVE-2025-26633 aรงฤฑฤฤฑnฤฑ sรถmรผrerek yeni sฤฑzma kampanyasฤฑ baลlattฤฑ. Sahte Bing aramalarฤฑ ve PowerShell ile gizli yรผkler indirip pencere gizliyor. https://t.co/fBBavY6FUU
@siberhaberler7
26 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/Bwkh0DbnlN https://t.co/XWLeyoRrbs
@ErcanSah1n
2 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/TzDCdQEE3k https://t.co/Fy8n6cDxdo
@mayurk21
28 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
28 Aug 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ุชู ุฑุตุฏ ุงุณุชุบูุงู ููุซุบุฑุฉ CVE-2025-26633 ูู ุฃูุธู ุฉ Windows ุญูุซ ูููู ุงูู ูุงุฌู ูู ุจุงูุชุญุงู ุตูุฉ ู ูุธูู ุงูุฏุนู ุงูููู ุนุจุฑ Microsoft Teams ุซู ุฎุฏุงุน ุงูุถุญุงูุง ุจู ููุงุช MSC ู ุฒููุฉ ุชูุณุชุฎุฏู ููุดุฑ ุจุฑู
@jxccr07
23 Aug 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fJq3RFjul2 https://t.co/Yp28VD4K4P
@CloudVirtues
21 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fIhpfDHh95 https://t.co/O6bdrN0sCa
@SirajD_Official
21 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/NbLZiciQ6R https://t.co/8wcnMYFqcJ
@scandaletti
20 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ThreatProtection #EncryptHub attackers exploit MMC #CVE-2025-26633 #vulnerability for payload delivery. Read more: https://t.co/fps5fQ6iDb #Cybercrime #Cybersecurity
@threatintel
20 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian threat actor EncryptHub exploits patched Windows vuln CVE-2025-26633 through social engineering and malicious MSC files to deploy Fickle Stealer malware and backdoors. They use fake IT support requests and compromised Brave Support. #cybersecurity
@bigmacd16684
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting CVE-2025-26633 using fake video platforms and Brave Support to deliver malware. Payloads use AES-encrypted PowerShell, sideloaded DLLs, and SOCKS5 tunneling to evade detection. Monitor PowerShell activity and review trusted platform access. #Cyber http
@CloneSystemsInc
18 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub leverages social engineering calls, Microsoft Teams remote access, and CVE-2025-26633 to deploy malicious .msc files and payloads like Fickle Stealer using Golang tools and Brave Support. #MSCExploitation #BraveSupport #EncryptHub https://t.co/qOHa7TepaP
@TweetThreatNews
18 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Cybersecurity Alert Russian group EncryptHub exploits MSC EvilTwin (CVE-2025-26633) to deploy Fickle Stealer via social engineering & rogue MSC files. ๐ https://t.co/ck8Tv6o4op #CyberSecurity #Malware #ThreatIntel #MSP #TechPIO https://t.co/RvAXSi76OA
@techpio_team
18 Aug 2025
53 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32778 2 - CVE-2025-8875 3 - CVE-2025-8088 4 - CVE-2025-52970 5 - CVE-2025-26633 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-53783 3 - CVE-2025-26633 4 - CVE-2025-31324 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 Aug 2025
143 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Alert: Hackers found a Windows bug (CVE-2025-26633). They act like IT staff on Microsoft Teams and send fake files (MSC) that install malware. โ ๏ธ The hackers are a Russian group called EncryptHub. ๐ Donโt open unknown files or trust random IT messages on Teams! h
@techawarenepal
17 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nation-state APT UAT-7237 breaches Taiwanese web servers with persistent methods. ERMAC v3.0 source code leak exposes Android banking trojan. Russian group EncryptHub exploits Windows CVE-2025-26633. #Taiwan #ERMAC #WindowsExploit https://t.co/wiVw5DeHb9
@TweetThreatNews
17 Aug 2025
422 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
๐จ New Trustwave report exposes EncryptHubโs latest campaign: social engineering + Brave Support abuse + CVE-2025-26633 (MSC EvilTwin) exploitation. Attackers impersonate IT via Teams, drop dual .msc files, and hijack MMC execution paths. https://t.co/nV5W9f1KB8 ๐ก๏ธ Iโ
@0x534c
16 Aug 2025
967 Impressions
2 Retweets
11 Likes
11 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting the Microsoft flaw CVE-2025-26633 (โMSC EvilTwinโ) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs, highlighting the need for layered defense strategies. #CyberSecurity https://t.co/s1raQNUmjT
@Cyber_O51NT
16 Aug 2025
3881 Impressions
25 Retweets
60 Likes
17 Bookmarks
1 Reply
0 Quotes
๐จACTU CYBER๐จ @EncryptHub exploite la faille Windows CVE-2025-26633 avec des malwares furtifs et du social engineering Lien en bio pour lire la suite ! #cybersรฉcuritรฉ https://t.co/fkUmC4ueWw
@cybercare_fr
16 Aug 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
๐ ุชููู ู ุฌู ูุนุฉ ุฅููุฑูุจุช ูุงุจ ุงูุฑูุณูุฉ ุจุงุณุชุบูุงู ุซุบุฑุฉ ุฃู ููุฉ ุชู ุชุตุญูุญูุง ูู ูุธุงู ูููุฏูุฒ ููุดุฑ ุจุฑู ุฌูุงุช ุฎุจูุซุฉ. ุฑุตุฏุช Trustwave SpiderLabs ุญู ูุฉ ูุฅููุฑูุจุช ูุงุจ ุชุฌู ุน ุจูู ุงูููุฏุณุฉ ุง
@Cybercachear
16 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub continues to exploit CVE-2025-26633 in Microsoft MMC, highlighting advanced cyber threat tactics. Learn more: https://t.co/UC0bQxGcxs #CyberSecurity #InfoSec
@threatlight
16 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จโ๐ป Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malwareโmasquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files. The group? EncryptHub, a Russian crew blending social engineering with zero-days. Details โ https://t.co/U9ob
@TheHackersNews
16 Aug 2025
79692 Impressions
100 Retweets
257 Likes
102 Bookmarks
9 Replies
5 Quotes
Trustwave SpiderLabs researchers report on an EncryptHub campaign using social engineering and Brave Support abuse to exploit the CVE-2025-26633 vulnerability for malicious payload delivery. #CyberSecurity #Malware https://t.co/1cDn7X1GC3
@Cyber_O51NT
14 Aug 2025
232 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/zf2nGqtEh2 https://t.co/nV1qoYZGD3
@compuchris
16 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/LRr7CbiYd2 https://t.co/jLDH9Gy0ev
@compuchris
8 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro's latest report uncovers the sophisticated "Water Gamayun" cyberespionage campaign, exploiting CVE-2025-26633. With state-sponsored actors using spear-phishing and the WaterBear backdoor, vigilance is crucial. https://t.co/TCSfsjhplM
@The4n6Analyst
22 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
22 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
21 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Water Gamayunโs campaign can lead to data breaches and financial loss. Discover how this Russian threat actor exploits a #zeroday #vulnerability in Microsoft Management Console (CVE-2025-26633) and what you can do to stay safe: โฌ๏ธ https://t.co/Dmyt56AOM6
@TrendMicroRSRCH
21 Apr 2025
219 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
20 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
19 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Research uncovers Water Gamayunโs arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. https://t.co/hEIZZSGZ0Z
@TrendMicro
15 Apr 2025
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
14 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
13 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Russian APT just exploited CVE-2025-26633 using a signed Windows MSC attack. Wild stuff. I broke it down + shared why penetration testing is more important than ever in todayโs threat landscape. Read the blog ๐ #CyberSecurity #CVE202526633 #infosec
@FennefLabs
12 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian hackers exploit CVE-2025-26633 (MSC EvilTwin) to deploy SilentPrism & DarkWisp malware, stealing data with persistent backdoors. Stay vigilant & patch now! #Cybersecurity #ThreatIntel ๐ https://t.co/UmxzxsL5t7
@_F2po_
12 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]