{"id":9116,"date":"2025-12-11T10:03:38","date_gmt":"2025-12-11T10:03:38","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/11\/windows-defender-firewall-service-vulnerability-let-attackers-disclose-sensitive-data\/"},"modified":"2025-12-11T10:03:38","modified_gmt":"2025-12-11T10:03:38","slug":"windows-defender-firewall-service-vulnerability-let-attackers-disclose-sensitive-data","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/11\/windows-defender-firewall-service-vulnerability-let-attackers-disclose-sensitive-data\/","title":{"rendered":"Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data"},"content":{"rendered":"

Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems.<\/p>\n

The vulnerability, tracked as CVE-2025-62468<\/a>, was assigned an Important severity rating and released on December 9, 2025.<\/p>\n

The flaw stems from an out-of-bounds<\/a> read condition in the Windows Defender Firewall Service component.<\/p>\n

According to Microsoft\u2019s security advisory, an authorized attacker with high-level privileges can exploit this vulnerability to read portions of heap memory without user interaction.<\/p>\n

The vulnerability impacts the confidentiality of stored information but does not affect system integrity or availability. The vulnerability carries a CVSS v3.1 base score of 4.4.<\/p>\n

\n\n\n\n\n\n
CVE ID<\/th>\nCNA<\/th>\nImpact<\/th>\nCVSS Score<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-62468<\/td>\nMicrosoft<\/td>\nInformation Disclosure<\/td>\n4.4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Classified with the following characteristics: local attack vector, low attack complexity, high privileges required, and no user interaction needed.<\/p>\n

Microsoft assessed the likelihood of exploitation as unlikely, with no public exploit code or active exploitation reported at the time of disclosure.<\/p>\n

Microsoft released security updates addressing CVE-2025-62468 across multiple Windows platforms<\/a>.<\/p>\n

Affected Products\u00a0<\/strong><\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n
Product<\/th>\nKB Article<\/th>\nBuild Numbers<\/th>\n<\/tr>\n<\/thead>\n
Windows Server 2025<\/td>\nKB5072033, KB5072014<\/td>\n10.0.26100.7462 \/ 10.0.26100.7392<\/td>\n<\/tr>\n
Windows 11 Version 24H2 (x64)<\/td>\nKB5072033, KB5072014<\/td>\n10.0.26100.7462 \/ 10.0.26100.7392<\/td>\n<\/tr>\n
Windows 11 Version 24H2 (ARM64)<\/td>\nKB5072033, KB5072014<\/td>\n10.0.26100.7462 \/ 10.0.26100.7392<\/td>\n<\/tr>\n
Windows Server 2022 23H2 (Server Core)<\/td>\nKB5071542<\/td>\n10.0.25398.2025<\/td>\n<\/tr>\n
Windows 11 Version 23H2 (x64)<\/td>\nKB5071417<\/td>\n10.0.22631.6345<\/td>\n<\/tr>\n
Windows 11 Version 23H2 (ARM64)<\/td>\nKB5071417<\/td>\n10.0.22631.6345<\/td>\n<\/tr>\n
Windows 11 Version 25H2 (x64)<\/td>\nKB5072033, KB5072014<\/td>\n10.0.26200.7462 \/ 10.0.26200.7392<\/td>\n<\/tr>\n
Windows 11 Version 25H2 (ARM64)<\/td>\nKB5072033, KB5072014<\/td>\n10.0.26200.7462 \/ 10.0.26200.7392<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

The patches are available for Windows Server 2025, Windows Server 2022, Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows 11 Version 23H2 on both x64 and ARM64-based systems.<\/p>\n

Organizations can obtain the necessary patches through Microsoft Update<\/a> or the Microsoft Update Catalog. Windows Server 2025 and recent Windows 11 versions received two types of updates.<\/p>\n

Standard security updates and security hotpatch<\/a> updates, allowing flexibility in deployment strategies. Administrators should promptly apply security updates to mitigate exposure risks.<\/p>\n

The vulnerability requires high-level privilege escalation<\/a>, limiting the immediate threat scope. But underscores the importance of restricting administrative access and monitoring privileged user activities.<\/p>\n

The out-of-bounds read weakness (CWE-125) allows attackers to access memory regions beyond intended boundaries. Successfully exploiting this vulnerability requires membership in specific user groups with elevated permissions.<\/p>\n

Making this a targeted threat, primarily affecting organizations with strict access controls and privileged-user monitoring protocols<\/a>.<\/p>\n

Security researchers from Kunlun Lab deserve credit for responsibly disclosing this vulnerability to Microsoft through coordinated disclosure channels.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems. The vulnerability, tracked as CVE-2025-62468, was assigned an Important severity rating and released on December 9, 2025. The flaw stems from an […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648,395],"tags":[130],"class_list":["post-9116","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","category-windows","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9116"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9116"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9116\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}