AI description
CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It stems from improper neutralization within the MMC, allowing an unauthorized attacker to bypass security restrictions locally. The vulnerability is being actively exploited in the wild by a threat actor known as Water Gamayun (also known as EncryptHub and Larva-208) in a campaign called "MSC EvilTwin". This technique involves the execution of malicious .msc files through a legitimate one by manipulating the Multilingual User Interface Path (MUIPath) to load and execute a malicious file instead of the original one.
- Description
- Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-707
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
Trend Research reveals that Water Gamayun exploits a zero-day vulnerability in Microsoft Management Console (CVE-2025-26633) to deliver custom payloads and execute malicious code on infected machines. #CyberSecurity #ThreatIntel https://t.co/Ul5gr0HW3j
@Cyber_O51NT
29 Mar 2025
219 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
29 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Inside the Water Gamayun Arsenal: We’ve just released a comprehensive analysis of the tools and #backdoors used by #WaterGamayun (aka #Encrypthub). 🔍 Dive into the full report: https://t.co/BXi4UolP53 #CVE-2025-26633 #ThreatResearch #APT #malware https://t.co/jtl1O1SPsG
@AliakbarZahravi
28 Mar 2025
1791 Impressions
8 Retweets
36 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨 Water Gamayun exploits CVE-2025-26633 in Microsoft Management Console for malware deployment. Custom payloads and backdoors SilentPrism & DarkWisp pose severe risks to organizations. #Russia #malware #datatheft link: https://t.co/2S5xfFwxGA https://t.co/rakD9Sl30p
@TweetThreatNews
28 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 Water Gamayun, a suspected Russian threat actor, is exploiting the CVE-2025-26633 vulnerability to execute malicious code and steal data. This #zeroday #vulnerability poses significant risks to businesses. Here's what you need to know: https://t.co/Dmyt56AOM6 https://t.co
@TrendMicroRSRCH
28 Mar 2025
319 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
🚀🔒 @TrendMicro : 𝙲𝚅𝙴-2025-26633 𝚆𝚊𝚝𝚎𝚛 𝙶𝚊𝚖𝚊𝚢𝚞𝚗 #cyber_security_highlights 💡 𝙾𝚟𝚎𝚛𝚟𝚒𝚎𝚠: @TrendMicro latest research uncovers a critical vulnerability—CVE-2025-26633, codenamed “Water Gamayun.” This emerging flaw poses a significant risk to vulnerable ht
@MahRabie
28 Mar 2025
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
28 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day CVE-2025-26633 (CVSS score: 7.0) to deliver a wide range of malware families, including backdoors and information stealers https://t.co/ZsYEH7Hsms https://t
@riskigy
28 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Micro researchers identified a campaign by the Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. https://t.co/UXyM8XCFQj https://t.
@virusbtn
27 Mar 2025
1172 Impressions
8 Retweets
17 Likes
6 Bookmarks
0 Replies
1 Quote
🟠Trend Research descubrió una campaña de Water Gamayun que explota una #vulnerabilidad de día cero en el marco de Microsoft Management Console para malware, llamado MSC EvilTwin (CVE-2025-26633). #QintegraNews #ciberseguridad @TrendMicro https://t.co/FKKaDBvaz3
@QintegraC
27 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Russian Ransomware Exploits Windows Zero-Day 📅 Date: 2025-03-26 📆 Timeline: Active exploitation since before March 2025, following the announcement of CVE-2025-26633. 📌 Attribution: EncryptHub (affiliate of RansomHub, also known as Water Gamayun, Larva-208)
@syedaquib77
27 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHubがMMCのゼロデイ脆弱性(CVE-2025-26633)を悪用し、RhadamanthysやStealCマルウェアを展開。 Microsoftは3月のパッチチューズデーで修正済み。 https://t.co/S6o91ZM4Vb
@01ra66it
27 Mar 2025
115 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ロシアのEncryptHubが、Windows MMCのゼロデイ脆弱性(CVE-2025-26633)を悪用し、リモートコード実行とデータ窃取を実施。 Microsoftは3月のパッチチューズデーで修正済み。 https://t.co/K7owfXnnAq
@01ra66it
27 Mar 2025
167 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: EncryptHub exploits Windows zero-day (CVE-2025-26633) to deploy Rhadamanthys and StealC malware. Update systems and stay vigilant. #CyberSecurity #WindowsZeroDay #EncryptHub https://t.co/vmchu7ImgX https://t.co/Md4YOkCou1
@dailytechonx
26 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Ransomware Gang Exploited Windows Zero-Day Before Patch - (CVE-2025-26633) https://t.co/2orXPnfVrN
@SecurityWeek
26 Mar 2025
1849 Impressions
8 Retweets
5 Likes
1 Bookmark
2 Replies
0 Quotes
🚨 𝐊𝐘𝐁𝐄𝐑𝐗 𝐃𝐢𝐬𝐩𝐚𝐭𝐜𝐡 - 𝐃𝐚𝐢𝐥𝐲 𝐂𝐲𝐛𝐞𝐫 𝐍𝐞𝐰𝐬 - 26-Mar-2025 Recent events have seen significant cyber threats, including: ◾️ Actively exploited zero-day vulnerabilities in Google Chrome (CVE-2025-2783) and Microsoft Windows (CVE-2025-26633), ◾️ Advanced
@tamasbaloghcom
26 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
👀 Running an unpatched Windows system? You’re a target. Hackers are exploiting CVE-2025-26633: EncryptHub hijacks Windows MMC with a stealthy .msc file swap via MUIPath, loading malware like Rhadamanthys and StealC through a fake “en-US” folder. 🧪 Trend Micro calls it "MSC ht
@TheHackersNews
26 Mar 2025
12748 Impressions
68 Retweets
103 Likes
29 Bookmarks
5 Replies
0 Quotes
CVE-2025-26633: Water Gamayun Exploits Windows MMC in Active Zero-Day Campaign The Water Gamayun group is leveraging a Windows MMC zero-day to target organizations. Immediate mitigation is advised. https://t.co/iSbc1pkis2 #Cybersecurity #ZeroDay #WindowsMMC
@adriananglin
26 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EncryptHubがWindowsシステムでのMMCゼロデイ攻撃に関連付けられる(CVE-2025-26633) https://t.co/85oHLd9qUf #Security #セキュリティ #ニュース
@SecureShield_
26 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin CVE-2025-26633 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/lBEbpoTVAm #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
26 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Trend Research reports that Russian threat actor Water Gamayun is exploiting the zero-day vulnerability CVE-2025-26633 in Microsoft Management Console to execute malicious code and exfiltrate data. #CyberSecurity #ThreatIntel https://t.co/Z27TgdHpXH
@Cyber_O51NT
26 Mar 2025
161 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 New threat alert: Water Gamayun exploits CVE-2025-26633 in Microsoft Management Console, running malicious code via MUIPath. Serious risk for enterprises! 🔒 #Russia #Microsoft #ZeroDayVulnerability link: https://t.co/WPa9FIG3i9 https://t.co/KAfo9N9dMx
@TweetThreatNews
25 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 EncryptHub exploits CVE-2025-26633 in Microsoft Management Console to execute zero-day attacks on Windows systems, leading to data breaches and ransomware. Ongoing development detected. 🖥️🔒 #Windows #DataBreach #MalwareAnalysis link: https://t.co/kyhBt1MLM8 https://t.co/rx8
@TweetThreatNews
25 Mar 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/uJDJApiniJ https://t.co/AXWFVDaFdd
@IT_Peurico
25 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ロシア系の高度な脅威グループ「Water Gamayun」が、Windowsの管理ツールであるMMCのゼロデイ脆弱性(CVE-2025-26633)を悪用する攻撃を展開している。 攻撃手法は「MSC
@yousukezan
25 Mar 2025
2638 Impressions
5 Retweets
17 Likes
9 Bookmarks
0 Replies
0 Quotes
1/6 Trend Zero Day Initiative™ (ZDI) has discovered that Russian threat actor Water Gamayun is actively exploiting CVE-2025-26633, a #zeroday #vulnerability in the Microsoft Management Console (MMC). https://t.co/ujSejQte0j
@TrendMicroRSRCH
25 Mar 2025
5077 Impressions
10 Retweets
18 Likes
1 Bookmark
2 Replies
1 Quote
🚨🕵️ 1/3 We've released our research on #CVE-2025-26633 — detailing how Water Gamayun (aka. #EncryptHub) weaponizes MUIPath via the MSC #EvilTwin technique. This bug in Microsoft Management Console (mmc.exe) is abused to proxy execute #malicious code on an infected system.👇🧵 h
@AliakbarZahravi
25 Mar 2025
3241 Impressions
9 Retweets
39 Likes
16 Bookmarks
3 Replies
1 Quote
Actively exploited CVE : CVE-2025-26633
@transilienceai
23 Mar 2025
18 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
21 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
21 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
20 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
19 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/BiiSgsJ0zP https://t.co/1aVALoUNon
@Trej0Jass
18 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
18 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/NP9FqFSjkQ https://t.co/zNAUxfGQv6
@dansantanna
17 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/I1FUNvyWiy https://t.co/gCQYEQrO14
@NickBla41002745
17 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
17 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-26633 Alert! 🚨 A critical Windows MMC vulnerability (CVSS 7.0 - High) allows attackers to bypass security features & escalate privileges. https://t.co/8dKFO0kpwj
@Jordilla_
16 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
15 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26633
@transilienceai
14 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/qj9V35ZLqu https://t.co/rJ7ZorckHf
@TechMash365
12 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-26633 🔴 HIGH (7) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/bbtmYVTsqz #CyberCron #VulnAlert #InfoSec https://t.co/9Q5ddUlgV1
@cybercronai
12 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/Bs76x1WUgc https://t.co/MnAIyLhIRe
@secured_cyber
12 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/iEnnKi4FhE https://t.co/edMd37EuBC
@ggrubamn
12 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/IC5Y4cLVn9 https://t.co/rx1J8mhJit
@Trej0Jass
12 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/DICKOo36oF https://t.co/QSVFeLKsqy
@Art_Capella
12 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/Uw6ZamXizW https://t.co/9SAb6FL3MD
@pcasano
12 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! 🔹 Key threats: CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware CVE-2025-26633 – Security bypass flaw in Microso
@dysafhackx
12 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CE542697-31D8-4EC2-8135-F0468431FD19",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]