AI description
CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.
- Description
- Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
- Exploit added on
- Apr 8, 2025
- Exploit action due
- Apr 29, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-416
- Hype score
- Not currently trending
🚨 Cybersecurity researchers have uncovered a new wave of RansomExx ransomware attacks leveraging a now-patched Windows flaw (CVE-2025-29824) to deploy the PipeMagic malware framework. https://t.co/gLWPhPZvMR #Cybersecurity #Ransomware #Microsoft
@onestepsecureit
25 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fausse appli "ChatGPT" = backdoor PipeMagic ➡️ Escalade via CVE-2025-29824 (CLFS) ➡️ Objectif final : rançongiciel À faire dès maintenant : ✅ Bloquer applis non signées ✅ Patch CLFS ✅ EDR en mode blocage Ta défense stoppe un MSBuild piégé
@FredPOULALION
25 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Inside the Exploit Chain: How Cybercriminals Weaponize Windows CLFS to Deploy PipeMagic Ransomware https://t.co/RBeU1JPc3k A critical security flaw in Microsoft Windows, tracked as CVE-2025-29824, has been exploited in targeted ransomware campaigns, leveraging a sophisticated
@f1tym1
20 Aug 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft dissects PipeMagic backdoor → disguised as ChatGPT app - Linked to Storm-2460 / RansomEXX - Exploits Windows 0-day (CVE-2025-29824) - Modular, stealthy, memory-resident malware - Used in ransomware ops across US, EU, S. America, Middle East #CyberSecurity https
@TechNadu
20 Aug 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Researchers warn: PipeMagic malware is back, powering RansomExx ransomware attacks. The framework exploits CVE-2025-29824 (Windows CLFS vuln) to escalate privileges. https://t.co/f3bfXW8jlJ
@BreachNet
20 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft has issued a warning: hackers are disguising the PipeMagic backdoor as a fake ChatGPT desktop app and leveraging a critical Windows zero-day (CVE-2025-29824) to infiltrate systems and deploy ransomware. Don’t be fooled by familiar AI branding.#technews #Microsoft http
@techawarenepal
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → Dissecting PipeMagic: Inside the architecture of a modular backdoor framework. ■ Adversary: Storm-2460 ■ Indicator: CVE-2025-29824
@CTI131
19 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity researchers revealed the exploitation of CVE-2025-29824, a privilege escalation vulnerability in Microsoft Windows, to deploy PipeMagic malware in RansomExx attacks. This malware, first noted in 2022, acts as a backdoor for remote access. https://t.co/aDo15jiQCm
@securityRSS
19 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
استهداف مؤسسات في السعودية والبرازيل من قبل مجموعة الفدية RansomExx. - يستغل الهجوم ثغرة CVE-2025-29824 في @Windows. - شملت الأضرار قطاع الطاقة والقطاع المالي في البلدين.
@cyberscastx
19 Aug 2025
2028 Impressions
0 Retweets
12 Likes
2 Bookmarks
2 Replies
0 Quotes
PipeMagic evolve con exploit CVE-2025-29824 Malware, backdoor, PipeMagic, RansomEXX, Storm-2460 https://t.co/mSLyiEzoHJ https://t.co/xsKeD9LIsB
@matricedigitale
19 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【高度マルウェア攻撃】脅威アクターがMicrosoft Help Index File(.mshi)を悪用してPipeMagicバックドアを展開する洗練された攻撃キャンペーンが発見され、CVE-2025-29824ゼロデイ脆弱性との連携でランサムウェア展開
@nakajimeeee
18 Aug 2025
473 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Microsoft Windows vulnerability CVE-2025-29824 exploited to deploy PipeMagic backdoor linked to RansomExx ransomware. Attackers used DLL hijacking and domain-hosted modules for persistence and lateral movement. #PipeMagic #RansomExx #SaudiArabia https://t.co/oPKgxx7aJC
@TweetThreatNews
18 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows vulnerability exploited for PipeMagic RansomExx attacks using CVE-2025-29824. Patch now! 💻🔒 https://t.co/XQXhyNBeES #RansomExx #PipeMagic #Cybersecurity #WindowsVulnerability #CVE
@0xT3chn0m4nc3r
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RansomExx ransomware attacks exploited patched Microsoft Windows vulnerability CVE-2025-29824, stressing the importance of timely updates. Full article: https://t.co/nHi9msJvxx #Cybersecurity #Ransomware #MalwarePrevention
@threatlight
18 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Hackers just weaponized a Windows flaw (CVE-2025-29824) to drop the PipeMagic backdoor—fueling RansomExx attacks. The bait? Fake ChatGPT apps and Chrome updates. Still active. Still evolving. Details here → https://t.co/ZdSnApAw5H
@TheHackersNews
18 Aug 2025
14192 Impressions
53 Retweets
127 Likes
25 Bookmarks
1 Reply
0 Quotes
#securelist@kaspersky PipeMagic в 2025 году: как изменились тактики операторов бэкдора Изучаем развитие бэкдора PipeMagic и TTP его операторов: от инцидента с RansomExx до атак в Бр
@kmscom6
18 Aug 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#securelist@kaspersky PipeMagic в 2025 году: как изменились тактики операторов бэкдора Изучаем развитие бэкдора PipeMagic и TTP его операторов: от инцидента с RansomExx до атак в Б
@kmscom3
18 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 | 18-08-2025 Source: https://t.co/cn6ttnbhAI Key details below ↓ 💀Threats: Pipemagic, Ransomexx, Dll_hijacking_technique, Procdump_tool, 🎯Victims: Indust
@rst_cloud
18 Aug 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 https://t.co/Iqnf4zaqmd In April 2025, Microsoft addressed 121 vulnerabilities, with one actively exploited: CVE-2025-29824. This exploit was linked to PipeMagic malware, initially detected in 2
@f1tym1
18 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PipeMagic: de RansomExx a CVE-2025-29824. Evolución de una peligrosa backdoor. https://t.co/Q49FPpmmKd
@Leopoldo1048398
18 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824. The malware, discovered in Dec. 2022 in a RansomExx ransomware campaign, was seen again in 2025. Our solutions prevented PipeMagic infections at organizations in Brazil 🇧🇷 and Saudi Arabia
@assolini
18 Aug 2025
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''My `Blind Date` with CVE-2025-29824'' #infosec #pentest #redteam #blueteam https://t.co/nOG8reHvIP
@CyberWarship
12 Aug 2025
1581 Impressions
6 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8AD6Bt – spot what’s trending before it’s everywhere: CVE-2025-29824 CVE-2025-6543 CVE-2025-20337 CVE-2025-6558 (via @_clem1) CVE-2025-49144 CVE-2025-24985 CVE-2025-20274 CVE-2025-23266 (via @nirohfeld @shirtamari) CVE-2021-41773
@ptdbugs
18 Jul 2025
129 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: A shocking vulnerability! Discover the explosive details of CVE-2025-29824—an exploit that could redefine cybersecurity threats this year. Learn how this blind date became a nightmare for IT pros. 🔓 🔗 [https://t.co/XuIqmYwvSx]( #CyberSecurity #CVE2025
@AIShiftProtocol
16 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: https://t.co/Ig6RbvhLmZ Done by our intern, Ong How Chong
@starlabs_sg
16 Jul 2025
9755 Impressions
30 Retweets
114 Likes
38 Bookmarks
0 Replies
1 Quote
Windows CLFS en jaque: CVE-2025-29824 (CVSS 7.8) permitía EoP a SYSTEM y ya la vieron en ataques de ransomware. Parchéalo YA. 😉 #CVE2025 #Windows https://t.co/ZfKOPwUa6S
@gorkaelbochi
6 Jul 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Malware #Vulnerability Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks https://t.co/YdAt6j2AQh
@Komodosec
1 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Storm2460 turned CVE-2025-29824 into a VIP pass 🛑🔓 Skip the intel all-nighter—grab our newsletter. 👉 https://t.co/x5v1vefCCH #AlphaHunt #CyberSecurity #ZeroDay
@alphahunt_io
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: The exploitation of zero-day vulnerabilities like CVE-2025-29824 truly underscores the need for proactive security measures. In addition to patching, how can organizations b... #RansomwareDefense https://t.co/wQoaIH3byg
@storagetechnews
12 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: The escalation of privileges via the CLFS driver vulnerability (CVE-2025-29824) highlights the importance of proactive threat hunting and anomaly detection, especially conce... #RansomwareDefense https://t.co/WMELuw3IjK
@storagetechnews
9 Jun 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Symantec's Threat Hunter Team reported that Play ransomware attackers exploited a zero-day vulnerability (CVE-2025-29824) in a U.S. organization, deploying the Grixba infostealer but no ransomware payload during the intrusion. #CyberSecurity https://t.co/MGkXuFMkV1
@Cyber_O51NT
6 Jun 2025
1390 Impressions
9 Retweets
26 Likes
3 Bookmarks
1 Reply
0 Quotes
Storm-2460 just turned your firewall into a welcome mat. 🧙♂️ CVE-2025-29824? They’re already in. Still relying on that 2012 threat report? Cute. We did the research so you don't have to. Read the newsletter. Stay ahead. 👉 https://t.co/x5v1vefCCH #AlphaHunt #Cy
@alphahunt_io
4 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting... https://t.co/dTVb9ZYiPJ
@SecurityAid
31 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Fixes Actively Exploited Windows CLFS Zero-Day (CVE-2025-29824) In response to the ongoing threat landscape reshaping the cybersecurity wor https://t.co/c28VwnwQ6I https://t.co/lNXfQntpBj
@AegisLens
31 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on Se...
@SecurityAid
31 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Storm-2460 just turned your firewall into a welcome mat. 🧙♂️ CVE-2025-29824? They’re already in. Still relying on that 2012 threat report? Cute. We did the research so you don't have to. Read the newsletter. Stay ahead. 👉 https://t.co/x5v1vegasf #AlphaHunt #Cyb
@alphahunt_io
24 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play ransomware gang used a Windows zero-day, CVE-2025-29824, to breach a U.S. firm before Microsoft issued a security patch. #CyberSecurity #RansomwareAttack #ZeroDayExploit https://t.co/Vov3xiZKTJ
@CyberSecTV_eu
24 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/oFiZ1oZAHe
@TheCyphere
19 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
17 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization Threat actors with links to the P 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech
@Edgeitech
16 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
16 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2025年、脆弱性の公開から24時間以内に28.3%が悪用されるという調査結果が示された。 ゼロデイ脆弱性の80%はパッチ提供前に攻撃されており、従来の月次パッチ運用では対応が間に合わない状況である。 CVE-2
@yousukezan
14 May 2025
5077 Impressions
17 Retweets
68 Likes
27 Bookmarks
0 Replies
0 Quotes
https://t.co/moILmlv9Gy Play ransomware exploits Windows zero-day vulnerability According to Symantec, the Play ransomware group and affiliated groups are using an exploit targeting the zero-day vulnerability CVE-2025-29824. Although the vulnerability was patched by Microsof
@B2bCyber
14 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
14 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
14 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
12 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
11 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Storm-2460 just waltzed through CVE-2025-29824 like it was an open bar 🍸 PipeMagic's doing tricks, and your EDR's still "thinking about it" 💤 Skip the guesswork. We did the research. You just read it. 🧠 👉 https://t.co/x5v1vefCCH #AlphaHunt #CyberSecurity
@alphahunt_io
11 May 2025
247 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
10 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Play Ransomware exploited the CVE-2025-29824 vulnerability in Windows before the patch, gaining elevated privileges and full system control. Affected countries include the US, Venezuela, Spain. 🔗https://t.co/ohGeRApIAM #Ransomware #CyberSecurity #ZeroDay #PatchNow htt
@protecticore
10 May 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "83B3306F-C4EE-45A6-8139-6FAFC46DC696",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "EDE77D74-EFE2-42C5-A080-AE16F604968B",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FDD937C8-E2F9-4A39-8023-E4C06078074E",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "BCF4434C-9197-405A-BBB3-53EA66ADAC9A",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "3630C9CC-2C8C-4089-926D-0981277CA599",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "6D97B26B-F2C1-4C94-B549-FE1728E925EB",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "350A5C83-A85B-4CC1-81C6-F36C1BE0687E",
"versionEndExcluding": "10.0.22621.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AAB1352F-725F-427E-A3F3-73A48287D0C7",
"versionEndExcluding": "10.0.22621.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "0A9C8BFA-DC5B-4E27-AEA1-0CF52B4FDF88",
"versionEndExcluding": "10.0.22631.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "1718BEDA-0AF8-4A6D-B053-AE746C7617C8",
"versionEndExcluding": "10.0.22631.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "39A448D0-EB9F-42FE-85A2-A4AA88D4CEBD",
"versionEndExcluding": "10.0.26100.3775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "8B1600DE-F4B9-456C-A42F-5E5CDB2D6DEF",
"versionEndExcluding": "10.0.26100.3775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AA03AE1F-F78C-4864-A1B6-15846AAD4899",
"versionEndExcluding": "10.0.26100.3775"
}
],
"operator": "OR"
}
]
}
]