Microsoft Windows Server 2025
Moderate fix1 remedy
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft Windows HTML Platforms Security Feature Bypass Vulnerability
Vulnerability
A security feature bypass vulnerability has been identified in the Windows HTML platform, affecting all supported versions of Microsoft Windows. This vulnerability arises because the MSHTML platform does not properly validate the security zone of requests for certain URLs. As a result, an attacker could potentially cause a user to access a URL in a less restricted Internet Security Zone than intended. Exploitation requires convincing the user to open a specially crafted file or click on a manipulated link.
Impact
Successful exploitation of this vulnerability could lead to a security feature bypass, allowing an attacker to manipulate how URLs are accessed in relation to their security zones.
Remediation
Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5050009, KB5050048, KB5050004, KB5049994, KB5050063, KB5049993, and KB5049981.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
0.6exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.