Microsoft Universal Plug and Play Information Disclosure Vulnerability

A vulnerability in Universal Plug and Play (upnp.dll) allows an authorized attacker to locally disclose information. This issue arises from improper access control, which could enable the unauthorized sharing of file contents.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users can apply the security update for this vulnerability, which is available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5082200 for various Windows 10 versions, KB5082052 for Windows 11 versions 23H2 and 24H2, KB5083769 for Windows 11 version 25H2, and KB5082123 for Windows Server 2019. For Windows Server 2022, the relevant update is KB5082142. Windows Server 2012 R2 users can refer to KB5082126.