Primary

Context

Microsoft Windows SMB Remote Code Execution Vulnerability

Vulnerability

A race condition vulnerability has been identified in Windows Server 2025, Windows 11 Version 24H2 for x64-based and ARM64-based Systems, and Windows Server 2025 (Server Core installation). This vulnerability allows an unauthorized attacker to execute code remotely over the network. The issue arises from improper synchronization in concurrent execution using shared resources, creating a race condition that can be exploited.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security updates KB5063878 and KB5064010 to address this vulnerability. These updates are available through the Microsoft Update Catalog.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows SMB Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Windows Server 2025

Microsoft Windows 11

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating