Primary

Context

Microsoft Virtual Hard Disk Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Virtual Hard Disk (VHDX) component of Microsoft Windows. This issue arises from an integer overflow or wraparound, which allows an unauthorized attacker to execute code locally. The vulnerability affects several versions of Windows Server 2008, 2008 R2, 2012, and 2012 R2.

Impact

Exploitation of this vulnerability could lead to remote code execution on affected systems running Windows Server 2008, but only cause a denial-of-service on systems with Windows Server 2008 R2 or newer.

Remediation

Users can apply the security updates provided by Microsoft. These can be downloaded via the Microsoft Update Catalog or through the Windows Server Update Services (WSUS).

Added: Jul 8, 2025, 8:14 PM

Updated: Jul 8, 2025, 8:14 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Virtual Hard Disk Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Windows Server 2008

Microsoft Windows Server 2012

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating