Lucene search
K

KB5063906: Windows Server 2012 Security Update (August 2025)

🗓️ 12 Aug 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Win Server 2012 needs security update 5063906 (Aug 2025) to fix CVE-2025-53766, 49743, 49761.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
13 Aug 202505:40
githubexploit
GithubExploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
13 Aug 202508:16
githubexploit
Information Security Automation
August Microsoft Patch Tuesday
13 Aug 202522:04
avleonov
BDU FSTEC
The vulnerability of the Windows Ancillary Function Driver for WinSock on Windows operating systems allows attackers to exploit their privileges.
8 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the NTLM protocol implementation in Windows operating systems allows attackers to increase their privileges.
14 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Windows GDI+ interface on Windows operating systems allows a perpetrator to gain unauthorized access to protected information and execute arbitrary code.
14 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Windows File Explorer on Windows operating systems allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
15 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of desktop window managers in Windows operating systems allows a hacker to execute arbitrary code.
20 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Windows Ancillary Function Driver for WinSock on Windows operating systems allows attackers to exploit their privileges.
20 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Windows NT OS Kernel component allows a hacker to gain unauthorized access to protected information.
20 Aug 202500:00
bdu_fstec
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(249123);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/29");

  script_cve_id(
    "CVE-2025-49743",
    "CVE-2025-49761",
    "CVE-2025-49762",
    "CVE-2025-50153",
    "CVE-2025-50154",
    "CVE-2025-50155",
    "CVE-2025-50156",
    "CVE-2025-50157",
    "CVE-2025-50158",
    "CVE-2025-50159",
    "CVE-2025-50160",
    "CVE-2025-50161",
    "CVE-2025-50162",
    "CVE-2025-50163",
    "CVE-2025-50164",
    "CVE-2025-50166",
    "CVE-2025-50167",
    "CVE-2025-50173",
    "CVE-2025-50177",
    "CVE-2025-53132",
    "CVE-2025-53134",
    "CVE-2025-53136",
    "CVE-2025-53137",
    "CVE-2025-53138",
    "CVE-2025-53140",
    "CVE-2025-53141",
    "CVE-2025-53143",
    "CVE-2025-53144",
    "CVE-2025-53145",
    "CVE-2025-53147",
    "CVE-2025-53148",
    "CVE-2025-53149",
    "CVE-2025-53152",
    "CVE-2025-53153",
    "CVE-2025-53154",
    "CVE-2025-53155",
    "CVE-2025-53718",
    "CVE-2025-53719",
    "CVE-2025-53720",
    "CVE-2025-53722",
    "CVE-2025-53723",
    "CVE-2025-53724",
    "CVE-2025-53725",
    "CVE-2025-53726",
    "CVE-2025-53766",
    "CVE-2025-53778"
  );
  script_xref(name:"MSKB", value:"5063906");
  script_xref(name:"MSFT", value:"MS25-5063906");
  script_xref(name:"IAVA", value:"2025-A-0604-S");
  script_xref(name:"IAVA", value:"2025-A-0603-S");

  script_name(english:"KB5063906: Windows Server 2012 Security Update (August 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5063906. It is, therefore, affected by multiple vulnerabilities

  - Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
    (CVE-2025-53766)

  - Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft
    Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

  - Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
    (CVE-2025-49761)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5063906");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5063906");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-53766");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(122, 125, 190, 197, 200, 287, 362, 367, 400, 416, 476, 843, 908, 1390);

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/08/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2012");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

var bulletin = 'MS25-08';
var kbs = make_list(
  '5063906'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

var share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'6.2',
                   sp:0,
                   rollup_date:'08_2025',
                   bulletin:bulletin,
                   rollup_kb_list:[5063906])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation