SB2025070848 - Multiple vulnerabilities in Microsoft Virtual Hard Disk
Published: July 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-47971)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Virtual Hard Disk. A remote attacker can trick a victim into mounting a specially crafted VHD, trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.
2) Integer overflow (CVE-ID: CVE-2025-49683)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Microsoft Virtual Hard Disk. A remote attacker can trick a victim into mounting a specially crafted VHD, trigger integer overflow and execute arbitrary code on the target system.
3) Integer overflow (CVE-ID: CVE-2025-49689)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Microsoft Virtual Hard Disk. A remote attacker can trick a victim into mounting a specially crafted VHD, trigger integer overflow and execute arbitrary code on the target system with elevated privileges.
4) Out-of-bounds read (CVE-ID: CVE-2025-47973)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Virtual Hard Disk. A remote attacker can trick a victim into mounting a specially crafted VHD, trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.
Remediation
Install update from vendor's website.