Microsoft Windows Telephony Service Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Windows Telephony Service (TapiSrv). This issue arises from improper memory management, which could allow attackers to execute arbitrary code on affected systems. If exploited, the vulnerability could enable an attacker to gain the same privileges as the logged-in user. In cases where the user has elevated permissions, this could lead to a complete takeover of the system, with potential consequences including unauthorized access, data theft, or overall system compromise.

Impact

Exploitation of this vulnerability could result in remote code execution on the affected system, allowing an attacker to execute arbitrary code with the privileges of the logged-in user. If the user has administrative rights, the attacker could gain full control of the system.

Reproduction

To check if a system is vulnerable to CVE-2025-21371, the status of the Telephony Service (TapiSrv) can be checked. If the service is running, the system may be vulnerable. If the service is stopped or not installed, the system is likely safe from this vulnerability.

Remediation

Users can apply the security update KB5051987 to address this vulnerability. This update is available through the Microsoft Update Catalog.