Microsoft Windows Server 2025
Moderate fix1 remedy
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft Virtual Secure Mode Spoofing Vulnerability
Vulnerability
A spoofing vulnerability has been identified in Virtual Secure Mode, allowing an authorized attacker to use a key beyond its expiration date to perform spoofing locally. This issue affects multiple Microsoft products, including Windows Server 2025, Windows 11 (various versions), Windows Server 2022, Windows Server 2019, and Windows 10 (various versions).
Impact
Exploitation of this vulnerability could lead to unauthorized spoofing, allowing an attacker to impersonate another user or entity.
Remediation
Users can apply the security update KB5066835 for Windows Server 2025, Windows 11 Version 24H2 (x64 and ARM64), and Windows 10 Version 22H2 (x64, ARM64, and 32-bit). For Windows Server 2022, 23H2 Edition (Server Core installation), the security update KB5066780 is available. Windows Server 2019 users can apply the security update KB5066586. For Windows 10 Version 21H2, the security update KB5066791 is recommended. Users can download these security updates through the Microsoft Update Catalog.
Added: Oct 14, 2025, 5:26 PM
Updated: Oct 14, 2025, 10:08 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
1.3exploitability
3.3remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.