Multiple vulnerabilities in Microsoft Windows Secure Channel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-26649 CVE-2025-27492 |
| CWE-ID | CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Server Operating systems & Components / Operating system Windows Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Race condition
EUVDB-ID: #VU107235
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-26649
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in Windows Secure Channel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: 2012 R2 6.3.9600.21871 - 2025 10.0.26100.3476
Windows: 10 1607 10.0.14393.10 - 11 24H2 10.0.26100.3476
CPE2.3- cpe:2.3:o:microsoft:windows_server:2012_R2:6.3.9600.22470:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1486:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.3476:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7876:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.5039:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.5039:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.3476:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU107236
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-27492
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in Windows Secure Channel. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsWindows Server: 2012 R2 6.3.9600.21871 - 2025 10.0.26100.3476
Windows: 10 1607 10.0.14393.10 - 11 24H2 10.0.26100.3476
CPE2.3- cpe:2.3:o:microsoft:windows_server:2012_R2:6.3.9600.22470:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2022_23H2:10.0.25398.1486:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:2025:10.0.26100.3476:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:10_1607:10.0.14393.7876:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_22H2:10.0.22621.5039:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_23H2:10.0.22631.5039:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:11_24H2:10.0.26100.3476:*:*:*:*:*:*
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27492
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
