Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

KB5071542: Windows Server version 23H2 Security Update (December 2025)

šŸ—“ļøĀ 09 Dec 2025Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessusšŸ”—Ā www.tenable.comšŸ‘Ā 6Ā Views

Host missing update 5071542; RRAS and ReFS flaws enable remote code execution; Cloud Files read enables local privilege escalation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2025-54100
9 Dec 202520:32
ā€“githubexploit
GithubExploit		Exploit for Use After Free in Microsoft
11 Dec 202504:55
ā€“githubexploit
GithubExploit		Exploit for Command Injection in Microsoft
13 Dec 202506:40
ā€“githubexploit
GithubExploit		Exploit for Use After Free in Microsoft
10 Dec 202518:10
ā€“githubexploit
GithubExploit		Exploit for Command Injection in Microsoft
29 Dec 202507:03
ā€“githubexploit
GithubExploit		Exploit for Command Injection in Microsoft
23 Feb 202615:53
ā€“githubexploit
Information Security Automation		January ā€œIn the Trend of VMā€ (#23): vulnerabilities in Windows, React and MongoDB
26 Jan 202613:52
ā€“avleonov
Circl		CVE-2025-54100
9 Dec 202517:29
ā€“circl
Circl		CVE-2025-55233
9 Dec 202517:29
ā€“circl
Circl		CVE-2025-59516
9 Dec 202517:29
ā€“circl
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(277990);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/26");

  script_cve_id(
    "CVE-2025-54100",
    "CVE-2025-55233",
    "CVE-2025-59516",
    "CVE-2025-59517",
    "CVE-2025-62221",
    "CVE-2025-62454",
    "CVE-2025-62456",
    "CVE-2025-62457",
    "CVE-2025-62461",
    "CVE-2025-62462",
    "CVE-2025-62463",
    "CVE-2025-62464",
    "CVE-2025-62465",
    "CVE-2025-62466",
    "CVE-2025-62467",
    "CVE-2025-62468",
    "CVE-2025-62470",
    "CVE-2025-62472",
    "CVE-2025-62473",
    "CVE-2025-62474",
    "CVE-2025-62549",
    "CVE-2025-62565",
    "CVE-2025-62567",
    "CVE-2025-62569",
    "CVE-2025-62571",
    "CVE-2025-62573",
    "CVE-2025-64658",
    "CVE-2025-64661",
    "CVE-2025-64670",
    "CVE-2025-64673"
  );
  script_xref(name:"MSKB", value:"5071542");
  script_xref(name:"MSFT", value:"MS25-5071542");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/12/30");
  script_xref(name:"IAVA", value:"2025-A-0916-S");
  script_xref(name:"IAVA", value:"2025-A-0917-S");

  script_name(english:"KB5071542: Windows Server version 23H2 Security Update (December 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5071542. It is, therefore, affected by multiple vulnerabilities

  - Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized
    attacker to execute code over a network. (CVE-2025-62549)

  - Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to
    execute code over a network. (CVE-2025-62456)

  - Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate
    privileges locally. (CVE-2025-62457)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5071542");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5071542");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-62549");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-64658");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/12/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_23h2");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

var bulletin = 'MS25-12';
var kbs = make_list(
  '5071542'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

var share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  smb_check_rollup(os:'10',
                   os_build:25398,
                   rollup_date:'12_2025',
                   bulletin:bulletin,
                   rollup_kb_list:[5071542])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Feb 2026 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 3.17.5 - 8.8
EPSS0.02342
SSVC
update 5071542routing serviceresilient file systemcloud filesremote code executionprivilege escalation
6