Avvisi di Sicurezza Zscaler

Consulenza sulla sicurezza - febbraio 11, 2025

Zscaler protects against 4 new vulnerabilities for Windows

  1. CVE-2025-21414 – Windows Core Messaging Elevation of Privileges Vulnerability
  2. CVE-2025-21358 – Windows Core Messaging Elevation of Privileges Vulnerability
  3. CVE-2025-21400 – Microsoft SharePoint Server Remote Code Execution Vulnerability
  4. CVE-2025-21184 – Windows Core Messaging Elevation of Privileges Vulnerability

CVE-2025-21414 – Windows Core Messaging Elevation of Privileges Vulnerability

Severity: Important

Subscriptions Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

Affected Software

  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows Server 2025
  • Windows Server 2025
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows Server 2025 (Server Core installation)
  • Windows Server 2025 (Server Core installation)
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

CVE-2025-21358 – Windows Core Messaging Elevation of Privileges Vulnerability

Severity: Important

Subscriptions Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

Affected Software

  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows Server 2025
  • Windows Server 2025
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows Server 2016 (Server Core installation)
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows Server 2025 (Server Core installation)
  • Windows Server 2025 (Server Core installation)
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems

CVE-2025-21400 – Microsoft SharePoint Server Remote Code Execution Vulnerability

Severity: Important

Subscriptions Required

  • Advanced Threat Protection

Affected Software

  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Enterprise Server 2016

CVE-2025-21184 – Windows Core Messaging Elevation of Privileges Vulnerability

Severity: Important

Subscriptions Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

Affected Software

  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 for 32-bit Systems
  • Windows Server 2025
  • Windows Server 2025
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for x64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows 11 Version 24H2 for ARM64-based Systems
  • Windows Server 2022, 23H2 Edition (Server Core installation)
  • Windows 11 Version 23H2 for x64-based Systems
  • Windows 11 Version 23H2 for ARM64-based Systems
  • Windows Server 2025 (Server Core installation)
  • Windows Server 2025 (Server Core installation)
  • Windows 10 Version 22H2 for 32-bit Systems
  • Windows 10 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for x64-based Systems
  • Windows 11 Version 22H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for x64-based Systems
  • Windows 10 Version 21H2 for ARM64-based Systems
  • Windows 10 Version 21H2 for 32-bit Systems
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems