AI description
CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.
- Description
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-707
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
ロシア系 APT Water Gamayun が Windows MMC のゼロデイ CVE-2025-26633 (MSC EvilTwin) を悪用。.msc/.msi 経由でバックドア/Stealer を配布、情報窃取と持続侵入。未パッチ環境は即更新を。#WaterGamayun #MSCEvilTwin #WindowsSecurity https:
@01ra66it
28 Nov 2025
558 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 𝐖𝐚𝐭𝐞𝐫 𝐆𝐚𝐦𝐚𝐲𝐮𝐧 𝐖𝐞𝐚𝐩𝐨𝐧𝐢𝐳𝐞𝐬 “𝐌𝐒𝐂 𝐄𝐯𝐢𝐥𝐓𝐰𝐢𝐧” 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐟𝐨𝐫 𝐒𝐭𝐞𝐚𝐥𝐭𝐡𝐲 𝐁𝐚𝐜𝐤𝐝𝐨𝐨𝐫 𝐀𝐭𝐭𝐚𝐜
@PurpleOps_io
27 Nov 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russia-aligned APT Water Gamayun exploits zero-day CVE-2025-26633, dubbed MSC EvilTwin, to stealthily inject malware via trusted Windows processes like MMC, using fake business sites to deliver payloads. #WaterGamayun #MSC_EvilTwin #Russia https://t.co/5PNrai1456
@TweetThreatNews
27 Nov 2025
137 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
📝 𝐖𝐚𝐭𝐞𝐫 𝐆𝐚𝐦𝐚𝐲𝐮𝐧 𝐖𝐞𝐚𝐩𝐨𝐧𝐢𝐳𝐞𝐬 &#𝟑𝟒;𝐌𝐒𝐂 𝐄𝐯𝐢𝐥𝐓𝐰𝐢𝐧&#𝟑𝟒; 𝐙𝐞𝐫𝐨-𝐃𝐚𝐲 𝐟𝐨𝐫 𝐒𝐭𝐞𝐚𝐥𝐭𝐡𝐲 𝐁𝐚𝐜𝐤𝐝𝐨𝐨𝐫
@PurpleOps_io
27 Nov 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Water Gamayun Hackers Exploit Windows MSC EvilTwin 0-Day to Inject Stealthy Malware Source: https://t.co/kgaHLV8SzD Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633)
@The_Cyber_News
27 Nov 2025
3883 Impressions
27 Retweets
95 Likes
20 Bookmarks
1 Reply
0 Quotes
Rusya yanlısı Water Gamayun, Windows MMC'deki CVE-2025-26633 açığını sömürerek yeni sızma kampanyası başlattı. Sahte Bing aramaları ve PowerShell ile gizli yükler indirip pencere gizliyor. https://t.co/fBBavY6FUU
@siberhaberler7
26 Nov 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/Bwkh0DbnlN https://t.co/XWLeyoRrbs
@ErcanSah1n
2 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/TzDCdQEE3k https://t.co/Fy8n6cDxdo
@mayurk21
28 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
28 Aug 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
تم رصد استغلال للثغرة CVE-2025-26633 في أنظمة Windows حيث يقوم المهاجمون بانتحال صفة موظفي الدعم الفني عبر Microsoft Teams ثم خداع الضحايا بملفات MSC مزيفة تُستخدم لنشر برم
@jxccr07
23 Aug 2025
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fJq3RFjul2 https://t.co/Yp28VD4K4P
@CloudVirtues
21 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/fIhpfDHh95 https://t.co/O6bdrN0sCa
@SirajD_Official
21 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub attackers exploit MMC CVE-2025-26633 vulnerability for payload delivery https://t.co/NbLZiciQ6R https://t.co/8wcnMYFqcJ
@scandaletti
20 Aug 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ThreatProtection #EncryptHub attackers exploit MMC #CVE-2025-26633 #vulnerability for payload delivery. Read more: https://t.co/fps5fQ6iDb #Cybercrime #Cybersecurity
@threatintel
20 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian threat actor EncryptHub exploits patched Windows vuln CVE-2025-26633 through social engineering and malicious MSC files to deploy Fickle Stealer malware and backdoors. They use fake IT support requests and compromised Brave Support. #cybersecurity
@bigmacd16684
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting CVE-2025-26633 using fake video platforms and Brave Support to deliver malware. Payloads use AES-encrypted PowerShell, sideloaded DLLs, and SOCKS5 tunneling to evade detection. Monitor PowerShell activity and review trusted platform access. #Cyber http
@CloneSystemsInc
18 Aug 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub leverages social engineering calls, Microsoft Teams remote access, and CVE-2025-26633 to deploy malicious .msc files and payloads like Fickle Stealer using Golang tools and Brave Support. #MSCExploitation #BraveSupport #EncryptHub https://t.co/qOHa7TepaP
@TweetThreatNews
18 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cybersecurity Alert Russian group EncryptHub exploits MSC EvilTwin (CVE-2025-26633) to deploy Fickle Stealer via social engineering & rogue MSC files. 🔗 https://t.co/ck8Tv6o4op #CyberSecurity #Malware #ThreatIntel #MSP #TechPIO https://t.co/RvAXSi76OA
@techpio_team
18 Aug 2025
53 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-32778 2 - CVE-2025-8875 3 - CVE-2025-8088 4 - CVE-2025-52970 5 - CVE-2025-26633 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2010-5139 2 - CVE-2025-53783 3 - CVE-2025-26633 4 - CVE-2025-31324 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 Aug 2025
143 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber Alert: Hackers found a Windows bug (CVE-2025-26633). They act like IT staff on Microsoft Teams and send fake files (MSC) that install malware. ⚠️ The hackers are a Russian group called EncryptHub. 👉 Don’t open unknown files or trust random IT messages on Teams! h
@techawarenepal
17 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nation-state APT UAT-7237 breaches Taiwanese web servers with persistent methods. ERMAC v3.0 source code leak exposes Android banking trojan. Russian group EncryptHub exploits Windows CVE-2025-26633. #Taiwan #ERMAC #WindowsExploit https://t.co/wiVw5DeHb9
@TweetThreatNews
17 Aug 2025
422 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Trustwave report exposes EncryptHub’s latest campaign: social engineering + Brave Support abuse + CVE-2025-26633 (MSC EvilTwin) exploitation. Attackers impersonate IT via Teams, drop dual .msc files, and hijack MMC execution paths. https://t.co/nV5W9f1KB8 🛡️ I’
@0x534c
16 Aug 2025
967 Impressions
2 Retweets
11 Likes
11 Bookmarks
0 Replies
0 Quotes
EncryptHub is exploiting the Microsoft flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs, highlighting the need for layered defense strategies. #CyberSecurity https://t.co/s1raQNUmjT
@Cyber_O51NT
16 Aug 2025
3881 Impressions
25 Retweets
60 Likes
17 Bookmarks
1 Reply
0 Quotes
🚨ACTU CYBER🚨 @EncryptHub exploite la faille Windows CVE-2025-26633 avec des malwares furtifs et du social engineering Lien en bio pour lire la suite ! #cybersécurité https://t.co/fkUmC4ueWw
@cybercare_fr
16 Aug 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تقوم مجموعة إنكريبت هاب الروسية باستغلال ثغرة أمنية تم تصحيحها في نظام ويندوز لنشر برمجيات خبيثة. رصدت Trustwave SpiderLabs حملة لإنكريبت هاب تجمع بين الهندسة ا
@Cybercachear
16 Aug 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHub continues to exploit CVE-2025-26633 in Microsoft MMC, highlighting advanced cyber threat tactics. Learn more: https://t.co/UC0bQxGcxs #CyberSecurity #InfoSec
@threatlight
16 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👨💻 Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malware—masquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files. The group? EncryptHub, a Russian crew blending social engineering with zero-days. Details → https://t.co/U9ob
@TheHackersNews
16 Aug 2025
79692 Impressions
100 Retweets
257 Likes
102 Bookmarks
9 Replies
5 Quotes
Trustwave SpiderLabs researchers report on an EncryptHub campaign using social engineering and Brave Support abuse to exploit the CVE-2025-26633 vulnerability for malicious payload delivery. #CyberSecurity #Malware https://t.co/1cDn7X1GC3
@Cyber_O51NT
14 Aug 2025
232 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/zf2nGqtEh2 https://t.co/nV1qoYZGD3
@compuchris
16 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp #CISO https://t.co/LRr7CbiYd2 https://t.co/jLDH9Gy0ev
@compuchris
8 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro's latest report uncovers the sophisticated "Water Gamayun" cyberespionage campaign, exploiting CVE-2025-26633. With state-sponsored actors using spear-phishing and the WaterBear backdoor, vigilance is crucial. https://t.co/TCSfsjhplM
@The4n6Analyst
22 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
22 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
21 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Water Gamayun’s campaign can lead to data breaches and financial loss. Discover how this Russian threat actor exploits a #zeroday #vulnerability in Microsoft Management Console (CVE-2025-26633) and what you can do to stay safe: ⬇️ https://t.co/Dmyt56AOM6
@TrendMicroRSRCH
21 Apr 2025
219 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
20 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
19 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday #vulnerability to execute malicious code and exfiltrate data from compromised systems. https://t.co/hEIZZSGZ0Z
@TrendMicro
15 Apr 2025
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
14 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
13 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Russian APT just exploited CVE-2025-26633 using a signed Windows MSC attack. Wild stuff. I broke it down + shared why penetration testing is more important than ever in today’s threat landscape. Read the blog 👇 #CyberSecurity #CVE202526633 #infosec
@FennefLabs
12 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
12 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Russian hackers exploit CVE-2025-26633 (MSC EvilTwin) to deploy SilentPrism & DarkWisp malware, stealing data with persistent backdoors. Stay vigilant & patch now! #Cybersecurity #ThreatIntel 👇 https://t.co/UmxzxsL5t7
@_F2po_
12 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
11 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We uncovered Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 0-day #vulnerability to execute malicious code and exfiltrate data from compromised systems. Here’s what you need to know: https://t.co/rtYGSBFNn3 https://t.c
@TrendMicro
11 Apr 2025
436 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]