- Description
- Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
- Exploit added on
- Apr 8, 2025
- Exploit action due
- Apr 29, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-416
- Hype score
- Not currently trending
SEO poisoning ➡️ Fake RVTools ➡️ Python backdoor ➡️ PipeMagic ➡️ CVE-2025-29824 ➡️ #Ransomexx — domain-wide in <19 hrs. The Python backdoor connected to azure-secure-agent[.]com (87.251.67[.]241), enabling cmd/PowerShell exec, payload download, screensho
@TheDFIRReport
19 Feb 2026
2643 Impressions
8 Retweets
32 Likes
6 Bookmarks
2 Replies
0 Quotes
Patch diffing + RCA for clfs.sys can awhile. I gave the diff + binary to a local LLM. It mapped the UAF path, race condition, all IOCTLs in <20 min LLMs don't replace the work, they are momentum. New blog post following the UAF trail of CVE-2025-29824: https://t.co/4wtd0rO
@clearbluejar
3 Feb 2026
5681 Impressions
28 Retweets
92 Likes
55 Bookmarks
3 Replies
0 Quotes
Like this example using Microsoft patched vulnerability in ransomware attack chain. CVE-2025-29824 use-after-free bug CLFS driver used for privilege escalation and system domination by @starlabs_sg https://t.co/xvNkm6YmyF
@cherrywu05
28 Jan 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Эксплуатация уязвимости race condition CVE-2025-29824 в Windows https://t.co/sFtyWCiNrV https://t.co/C5Y0mVTgfw
@VulnersHub
4 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-27877 (Veritas Veritas..) +934.92% - CVE-2025-29824 (CLFS..) +289.16% - CVE-2021-30116 (Kaseya VSA..) +223.20% - CVE-2022-24521 (CLFS..) +208.83% - CVE-2023-20269 (ASA..) +168.29%
@DefusedCyber
11 Nov 2025
1497 Impressions
1 Retweet
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +186086.05% - CVE-2021-27877 (Veritas Veritas..) +879.54% - CVE-2023-20269 (ASA..) +302.13% - CVE-2023-20269 (FTD..) +302.13% - CVE-2025-29824 (CLFS..) +289.16%
@DefusedCyber
3 Nov 2025
12360 Impressions
14 Retweets
55 Likes
13 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +198818.60% - CVE-2021-27877 (Veritas Veritas..) +2502.74% - CVE-2025-29824 (CLFS..) +233.72% - CVE-2021-30116 (Kaseya VSA..) +228.66% - CVE-2021-27878 (Veritas Veritas..)
@DefusedCyber
27 Oct 2025
2764 Impressions
3 Retweets
14 Likes
5 Bookmarks
1 Reply
1 Quote
🚨 Unmasking #CVE-2025-29824: A Deep Dive into the 0-Day Exploit Rocking Enterprise Security https://t.co/VYgqdsxZO5 Educational Purposes!
@UndercodeUpdate
12 Oct 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Malware #VulnerabilityReport PipeMagic Returns: Kaspersky Uncovers Evolving Backdoor Linked to CVE-2025-29824 Exploits https://t.co/szxMV0RQUf
@Komodosec
24 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Working on CVE-2025-29824. Thanks to @starlabs_sg and @RedDrip7. https://t.co/pHFEgGGLEa
@peteribi
19 Sept 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The Zero-Day Hunter's Toolkit: Exploiting and Mitigating #CVE-2025-29824 https://t.co/DMUdBdOU6D Educational Purposes!
@UndercodeUpdate
14 Sept 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
微软修补了产品中的121个漏洞 据该公司称补丁发布时,只有一个漏洞被用于实际攻击:CVE-2025-29824 该漏洞的利用是由PipeMagic恶意软件执行的,该恶意软件我们于2022年12月在一次RansomExx勒索软件活动中首次发现。202
@Patri_670
9 Sept 2025
2315 Impressions
0 Retweets
47 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of Windows CLFS #EoP vuln (#CVE-2025-29824) in-the-wild exploitation sample and root cause Report: https://t.co/DTXak2WHqC ITW sample: https://t.co/ORwLV6dkJW https://t.co/IVncEH7Vqx
@RedDrip7
9 Sept 2025
7695 Impressions
33 Retweets
112 Likes
61 Bookmarks
6 Replies
1 Quote
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824: https://t.co/lTrOkbsCs8 #informationsecurity #cybersecurity #threathunting #incidentresponse #dfir #ransomware #backdoor #cve #vulnerability https://t.co/TmW8gKyORh
@blackstormsecbr
5 Sept 2025
240 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
PipeMagic Evolves 🚨 Backdoor linked to RansomExx now exploits a new Windows zero-day (CVE-2025-29824). Active in Middle East & Brazil, uses diverse loaders & advanced techniques. https://t.co/3uqIndFuyi
@ciatech_network
1 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-29824: LPE vulnerability in Windows CLFS driver (clfs.sys) via Use-After-Free https://t.co/7bAFLvDf8K Today’s one-liner is about a Use-After-Free vulnerability discovered in the Windows CLFS driver. An attacker can manipulate freed structure pointers to
@hackyboiz
30 Aug 2025
3511 Impressions
17 Retweets
65 Likes
28 Bookmarks
0 Replies
0 Quotes
PipeMagic reaparece en ataques de ransomware como RansomExx, usando la CVE-2025-29824 para escalar privilegios en Windows. Aunque parchada, sigue siendo explotada en sistemas sin actualizar. 🔗 https://t.co/nLNyd7EeGh
@trustlock_sec
29 Aug 2025
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Cybersecurity researchers have uncovered a new wave of RansomExx ransomware attacks leveraging a now-patched Windows flaw (CVE-2025-29824) to deploy the PipeMagic malware framework. https://t.co/gLWPhPZvMR #Cybersecurity #Ransomware #Microsoft
@onestepsecureit
25 Aug 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fausse appli "ChatGPT" = backdoor PipeMagic ➡️ Escalade via CVE-2025-29824 (CLFS) ➡️ Objectif final : rançongiciel À faire dès maintenant : ✅ Bloquer applis non signées ✅ Patch CLFS ✅ EDR en mode blocage Ta défense stoppe un MSBuild piégé
@FredPOULALION
25 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Inside the Exploit Chain: How Cybercriminals Weaponize Windows CLFS to Deploy PipeMagic Ransomware https://t.co/RBeU1JPc3k A critical security flaw in Microsoft Windows, tracked as CVE-2025-29824, has been exploited in targeted ransomware campaigns, leveraging a sophisticated
@f1tym1
20 Aug 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft dissects PipeMagic backdoor → disguised as ChatGPT app - Linked to Storm-2460 / RansomEXX - Exploits Windows 0-day (CVE-2025-29824) - Modular, stealthy, memory-resident malware - Used in ransomware ops across US, EU, S. America, Middle East #CyberSecurity https
@TechNadu
20 Aug 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Researchers warn: PipeMagic malware is back, powering RansomExx ransomware attacks. The framework exploits CVE-2025-29824 (Windows CLFS vuln) to escalate privileges. https://t.co/f3bfXW8jlJ
@BreachNet
20 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft has issued a warning: hackers are disguising the PipeMagic backdoor as a fake ChatGPT desktop app and leveraging a critical Windows zero-day (CVE-2025-29824) to infiltrate systems and deploy ransomware. Don’t be fooled by familiar AI branding.#technews #Microsoft http
@techawarenepal
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → Dissecting PipeMagic: Inside the architecture of a modular backdoor framework. ■ Adversary: Storm-2460 ■ Indicator: CVE-2025-29824
@CTI131
19 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity researchers revealed the exploitation of CVE-2025-29824, a privilege escalation vulnerability in Microsoft Windows, to deploy PipeMagic malware in RansomExx attacks. This malware, first noted in 2022, acts as a backdoor for remote access. https://t.co/aDo15jiQCm
@securityRSS
19 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
استهداف مؤسسات في السعودية والبرازيل من قبل مجموعة الفدية RansomExx. - يستغل الهجوم ثغرة CVE-2025-29824 في @Windows. - شملت الأضرار قطاع الطاقة والقطاع المالي في البلدين.
@cyberscastx
19 Aug 2025
2028 Impressions
0 Retweets
12 Likes
2 Bookmarks
2 Replies
0 Quotes
PipeMagic evolve con exploit CVE-2025-29824 Malware, backdoor, PipeMagic, RansomEXX, Storm-2460 https://t.co/mSLyiEzoHJ https://t.co/xsKeD9LIsB
@matricedigitale
19 Aug 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【高度マルウェア攻撃】脅威アクターがMicrosoft Help Index File(.mshi)を悪用してPipeMagicバックドアを展開する洗練された攻撃キャンペーンが発見され、CVE-2025-29824ゼロデイ脆弱性との連携でランサムウェア展開
@nakajimeeee
18 Aug 2025
473 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
Microsoft Windows vulnerability CVE-2025-29824 exploited to deploy PipeMagic backdoor linked to RansomExx ransomware. Attackers used DLL hijacking and domain-hosted modules for persistence and lateral movement. #PipeMagic #RansomExx #SaudiArabia https://t.co/oPKgxx7aJC
@TweetThreatNews
18 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows vulnerability exploited for PipeMagic RansomExx attacks using CVE-2025-29824. Patch now! 💻🔒 https://t.co/XQXhyNBeES #RansomExx #PipeMagic #Cybersecurity #WindowsVulnerability #CVE
@0xT3chn0m4nc3r
18 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RansomExx ransomware attacks exploited patched Microsoft Windows vulnerability CVE-2025-29824, stressing the importance of timely updates. Full article: https://t.co/nHi9msJvxx #Cybersecurity #Ransomware #MalwarePrevention
@threatlight
18 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Hackers just weaponized a Windows flaw (CVE-2025-29824) to drop the PipeMagic backdoor—fueling RansomExx attacks. The bait? Fake ChatGPT apps and Chrome updates. Still active. Still evolving. Details here → https://t.co/ZdSnApAw5H
@TheHackersNews
18 Aug 2025
14192 Impressions
53 Retweets
127 Likes
25 Bookmarks
1 Reply
0 Quotes
#securelist@kaspersky PipeMagic в 2025 году: как изменились тактики операторов бэкдора Изучаем развитие бэкдора PipeMagic и TTP его операторов: от инцидента с RansomExx до атак в Бр
@kmscom6
18 Aug 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#securelist@kaspersky PipeMagic в 2025 году: как изменились тактики операторов бэкдора Изучаем развитие бэкдора PipeMagic и TTP его операторов: от инцидента с RansomExx до атак в Б
@kmscom3
18 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 | 18-08-2025 Source: https://t.co/cn6ttnbhAI Key details below ↓ 💀Threats: Pipemagic, Ransomexx, Dll_hijacking_technique, Procdump_tool, 🎯Victims: Indust
@rst_cloud
18 Aug 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 https://t.co/Iqnf4zaqmd In April 2025, Microsoft addressed 121 vulnerabilities, with one actively exploited: CVE-2025-29824. This exploit was linked to PipeMagic malware, initially detected in 2
@f1tym1
18 Aug 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PipeMagic: de RansomExx a CVE-2025-29824. Evolución de una peligrosa backdoor. https://t.co/Q49FPpmmKd
@Leopoldo1048398
18 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824. The malware, discovered in Dec. 2022 in a RansomExx ransomware campaign, was seen again in 2025. Our solutions prevented PipeMagic infections at organizations in Brazil 🇧🇷 and Saudi Arabia
@assolini
18 Aug 2025
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''My `Blind Date` with CVE-2025-29824'' #infosec #pentest #redteam #blueteam https://t.co/nOG8reHvIP
@CyberWarship
12 Aug 2025
1581 Impressions
6 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8AD6Bt – spot what’s trending before it’s everywhere: CVE-2025-29824 CVE-2025-6543 CVE-2025-20337 CVE-2025-6558 (via @_clem1) CVE-2025-49144 CVE-2025-24985 CVE-2025-20274 CVE-2025-23266 (via @nirohfeld @shirtamari) CVE-2021-41773
@ptdbugs
18 Jul 2025
129 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: A shocking vulnerability! Discover the explosive details of CVE-2025-29824—an exploit that could redefine cybersecurity threats this year. Learn how this blind date became a nightmare for IT pros. 🔓 🔗 [https://t.co/XuIqmYwvSx]( #CyberSecurity #CVE2025
@AIShiftProtocol
16 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: https://t.co/Ig6RbvhLmZ Done by our intern, Ong How Chong
@starlabs_sg
16 Jul 2025
9755 Impressions
30 Retweets
114 Likes
38 Bookmarks
0 Replies
1 Quote
Windows CLFS en jaque: CVE-2025-29824 (CVSS 7.8) permitía EoP a SYSTEM y ya la vieron en ataques de ransomware. Parchéalo YA. 😉 #CVE2025 #Windows https://t.co/ZfKOPwUa6S
@gorkaelbochi
6 Jul 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Malware #Vulnerability Zero-Day CLFS Vulnerability (CVE-2025-29824) Exploited in Ransomware Attacks https://t.co/YdAt6j2AQh
@Komodosec
1 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Storm2460 turned CVE-2025-29824 into a VIP pass 🛑🔓 Skip the intel all-nighter—grab our newsletter. 👉 https://t.co/x5v1vefCCH #AlphaHunt #CyberSecurity #ZeroDay
@alphahunt_io
28 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: The exploitation of zero-day vulnerabilities like CVE-2025-29824 truly underscores the need for proactive security measures. In addition to patching, how can organizations b... #RansomwareDefense https://t.co/wQoaIH3byg
@storagetechnews
12 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: The escalation of privileges via the CLFS driver vulnerability (CVE-2025-29824) highlights the importance of proactive threat hunting and anomaly detection, especially conce... #RansomwareDefense https://t.co/WMELuw3IjK
@storagetechnews
9 Jun 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Symantec's Threat Hunter Team reported that Play ransomware attackers exploited a zero-day vulnerability (CVE-2025-29824) in a U.S. organization, deploying the Grixba infostealer but no ransomware payload during the intrusion. #CyberSecurity https://t.co/MGkXuFMkV1
@Cyber_O51NT
6 Jun 2025
1390 Impressions
9 Retweets
26 Likes
3 Bookmarks
1 Reply
0 Quotes
Storm-2460 just turned your firewall into a welcome mat. 🧙♂️ CVE-2025-29824? They’re already in. Still relying on that 2012 threat report? Cute. We did the research so you don't have to. Read the newsletter. Stay ahead. 👉 https://t.co/x5v1vefCCH #AlphaHunt #Cy
@alphahunt_io
4 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting... https://t.co/dTVb9ZYiPJ
@SecurityAid
31 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "83B3306F-C4EE-45A6-8139-6FAFC46DC696",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "EDE77D74-EFE2-42C5-A080-AE16F604968B",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FDD937C8-E2F9-4A39-8023-E4C06078074E",
"versionEndExcluding": "10.0.19044.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "BCF4434C-9197-405A-BBB3-53EA66ADAC9A",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3630C9CC-2C8C-4089-926D-0981277CA599",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "6D97B26B-F2C1-4C94-B549-FE1728E925EB",
"versionEndExcluding": "10.0.19045.5737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "350A5C83-A85B-4CC1-81C6-F36C1BE0687E",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AAB1352F-725F-427E-A3F3-73A48287D0C7",
"versionEndExcluding": "10.0.22621.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "0A9C8BFA-DC5B-4E27-AEA1-0CF52B4FDF88",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1718BEDA-0AF8-4A6D-B053-AE746C7617C8",
"versionEndExcluding": "10.0.22631.5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "39A448D0-EB9F-42FE-85A2-A4AA88D4CEBD",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "8B1600DE-F4B9-456C-A42F-5E5CDB2D6DEF",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AA03AE1F-F78C-4864-A1B6-15846AAD4899",
"versionEndExcluding": "10.0.26100.3775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]