Detections
Analytics
KB5071506: Windows Server 2008 R2 Security Update (December 2025)
high Nessus Plugin ID 277984
Language:
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is missing security update 5071506. It is, therefore, affected by multiple vulnerabilities- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)
- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)
- Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. (CVE-2025-62466)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Apply Security Update 5071506 or Cumulative Update 5071501See Also
Plugin Details
Severity: High
ID: 277984
File Name: smb_nt_ms25_dec_5071506.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 12/9/2025
Updated: 12/12/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-62549
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows_server_2008:r2
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 12/9/2025
Vulnerability Publication Date: 12/9/2025
Reference Information
CVE: CVE-2025-54100, CVE-2025-62455, CVE-2025-62458, CVE-2025-62466, CVE-2025-62470, CVE-2025-62472, CVE-2025-62473, CVE-2025-62474, CVE-2025-62549, CVE-2025-62571