CVE-2025-32709

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain administrator privileges.

I am running Windows Server 2008 or Windows Server 2008 R2. How do I protect my system from this vulnerability?

The protections for this vulnerability are not included in the following May 2025 monthly rollup or security-only updates released on May 13, 2025:

• Windows Server 2008 R2: KB5058454 (Security-only update)
• Windows Server 2008 R2: KB5058430 (Monthly Rollup)
• Windows Server 2008: KB5058429 (Security-only update)
• Windows Server 2008: KB5058449 (Monthly Rollup)

Instead, customers running these versions of Windows Server need to install the following Out-of-Band (OOB) updates, released also on May 13, 2025, as applicable:

• Windows Server 2008 R2: KB5061195 (Security-only update)
• Windows Server 2008 R2: KB5061196 (Monthly Rollup)
• Windows Server 2008: KB5061197 (Security-only update)
• Windows Server 2008: KB5061198 (Monthly Rollup)

Note These OOB updates are cumulative, so if you haven't already installed the May 2025 monthly rollup or security-only updates, you can install the applicable OOB update directly. If you have already installed the May 2025 monthly rollup or security-only updates, you need to also install the OOB updates to be protected from this vulnerability.