Primary

Context

Microsoft Windows Performance Recorder Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Windows Performance Recorder (WPR) due to improper link resolution before file access, known as 'link following'. This issue allows an authorized attacker to disrupt services locally. The vulnerability affects multiple Windows 10 versions and Windows Server 2016, 2019, and 2022.

Impact

Exploitation of this vulnerability leads to a local denial-of-service condition, causing affected systems to become unresponsive or unavailable.

Remediation

Users can apply the security update KB5062554 for Windows 10 Version 21H2 (all architectures) and KB5062572 for Windows Server 2022 (both Server Core and full installations). For Windows Server 2019 (Server Core and full installations), the security update KB5062557 is available. Windows Server 2016 users can also apply KB5062560.

Added: Jul 8, 2025, 8:21 PM

Updated: Jul 8, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.0

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows Performance Recorder Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating