The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5043050. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Windows Remote Desktop Licensing Service Spoofing Vulnerability (CVE-2024-43455)

- Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43467)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5043050

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2639

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/09/10, Modified: 2025/10/22

The remote host is missing one of the following rollup KBs :
- 5043050

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6292

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5044277. It is, therefore, affected by multiple vulnerabilities

- libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. (CVE-2024-6197)
- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

- An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
(CVE-2024-43607)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5044277

Critical

9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

8.6 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.5847

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2024/10/08, Modified: 2024/11/18

The remote host is missing one of the following rollup KBs :
- 5044277

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6414

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5046615. It is, therefore, affected by multiple vulnerabilities

- Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)

- Windows NT OS Kernel Elevation of Privilege Vulnerability (CVE-2024-43623)

- Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5046615

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

10.0

0.9039

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2024/11/12, Modified: 2025/01/23

The remote host is missing one of the following rollup KBs :
- 5046615

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6530

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5063877

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

7.4

0.017

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/08/12, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5063877

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7671

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066586

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7919

The Microsoft SQL Server installation on the remote host is missing a security update.

The Microsoft SQL Server installation on the remote host is missing a security update. It is affected by the following vulnerabilities:

- An elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. (CVE-2024-37341, CVE-2024-37965, CVE-2024-37980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released security updates for Microsoft SQL Server.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.076

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/09/12, Modified: 2025/01/08

KB : 5042214
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.2000.5
Should be : 2019.150.2120.1

SQL Server Version : 15.0.2000.5 Standard Edition
SQL Server Instance : MSSQLSERVER

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5048661. It is, therefore, affected by multiple vulnerabilities

- Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2024-49074)

- Input Method Editor (IME) Remote Code Execution Vulnerability (CVE-2024-49079)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49090)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49112)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5048661

Critical

8.4 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)

8.0 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.8871

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true)

Published: 2024/12/10, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5048661

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6640

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5050008. It is, therefore, affected by multiple vulnerabilities

- Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21250, CVE-2025-21252, CVE-2025-21266, CVE-2025-21273, CVE-2025-21282, CVE-2025-21286, CVE-2025-21302, CVE-2025-21303, CVE-2025-21305, CVE-2025-21306, CVE-2025-21339, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417)

- Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5050008

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.5

0.7811

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Metasploit (true)

Published: 2025/01/14, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5050008

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6766

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5052000. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-21208, CVE-2025-21410)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190, CVE-2025-21200, CVE-2025-21371, CVE-2025-21406, CVE-2025-21407)

- Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21368, CVE-2025-21369)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5052000

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

7.4

0.2857

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Core Impact (true)

Published: 2025/02/11, Modified: 2025/10/06

The remote host is missing one of the following rollup KBs :
- 5052000

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.6893

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5053596. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035, CVE-2025-24045)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5053596

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.5654

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/03/11, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5053596

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7009

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5055519. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5055519

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.2827

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/04/08, Modified: 2025/09/17

The remote host is missing one of the following rollup KBs :
- 5055519

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7131

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5058392. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5058392

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.2127

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/05/13, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5058392

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7309

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5060531. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5060531

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.5119

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Core Impact (true) Metasploit (true)

Published: 2025/06/10, Modified: 2025/10/21

The remote host is missing one of the following rollup KBs :
- 5060531

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7434

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5062557. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5062557

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0055

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/07/08, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5062557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7558

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065428

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.7786

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068791

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.8024

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071544

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.6189
Should be : 10.0.17763.8146

Arbitrary code can be executed on the remote host through Microsoft Active Template Library.

The remote Windows host contains a version of the Microsoft Active Template Library (ATL), included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities :

- On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized and, by supplying a corrupt stream, to execute arbitrary code. (CVE-2009-0901)

- On systems with components and controls installed that were built using Visual Studio ATL, unsafe usage of OleLoadFromStream could allow instantiation of arbitrary objects that can bypass related security policy, such as kill bits within Internet Explorer.
(CVE-2009-2493)

- On systems with components and controls installed that were built using Visual Studio ATL, an issue in the ATL headers could allow a string to be read without a terminating NULL character, which could lead to disclosure of information in memory. (CVE-2009-2495)

Microsoft has released a set of patches for Visual Studio .NET 2003, Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008.

High

5.9

0.6425

7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

5.6 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2009/07/30, Modified: 2020/08/05

The following Visual C++ Redistributable Packages have not
been patched :

Product : Visual C++ 2005 SP1 Redistributable Package
File : atl80.dll
Installed version : 8.0.50727.762
Fixed version : 8.0.50727.4053

Product : Visual C++ 2008 SP1 Redistributable Package
File : atl90.dll
Installed version : 9.0.30729.1
Fixed version : 9.0.30729.4148

Product : Visual C++ 2008 Redistributable Package
File : atl90.dll
Installed version : 9.0.21022.8
Fixed version : 9.0.21022.218

An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.

The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0214

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/03/15, Modified: 2024/03/18

Path : C:\Program Files\Azure Data Studio\
Installed version : 1.41.2.0
Fixed version : 1.48.0

The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.4

0.0029

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/07/14, Modified: 2025/12/09

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.90.0.0
Fixed version : 7.12 Beta 1

The remote Windows host has an application installed which is affected by a directory traversal vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.13 or later.

Critical

8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.0562

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/08/11, Modified: 2025/08/21

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.90.0.0
Fixed version : 7.13

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1

0.4002

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published: 2009/11/23, Modified: 2025/02/12

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A remote code execution vulnerability. An attacker can exploit this issue to cause the affected component to execute unauthorized code. (CVE-2025-21176)

Note that Nessus has relied upon on the application's self-reported version number.

Microsoft has released security updates for Microsoft .NET Framework.

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0035

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/01/16, Modified: 2025/04/09

Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5049608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.7.4108.0
Should be : 4.7.4126.0

The Microsoft .NET Framework installation on the remote host is missing a security update.

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2024-43483, CVE-2024-43484)

Note that Nessus has relied upon on the application's self-reported version number.

Microsoft has released security updates for Microsoft .NET Framework.

High

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

6.5 (CVSS:3.0/E:U/RL:O/RC:C)

4.4

0.0338

7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

5.8 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/10/11, Modified: 2025/03/31

Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.4108.0
Should be : 4.7.4115.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044022

The Microsoft SQL Server installation on the remote host is missing a security update.

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-23384) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Microsoft has released security updates for Microsoft SQL Server.

High

7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

3.4

0.0079

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2023/05/12, Modified: 2023/08/11

KB : 5021125
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.2000.5
Should be : 2019.150.2101.7

SQL Server Version : 15.0.2000.5 Standard Edition
SQL Server Instance : MSSQLSERVER

The Microsoft SQL Server installation on the remote host is missing a security update.

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An elevation of privilege vulnerability. (CVE-2025-53727)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released security updates for Microsoft SQL Server.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.7

0.0007

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

I