The remote Windows host is missing security update 5050009. It is, therefore, affected by multiple vulnerabilities

  - Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311)

  - Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233,     CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241,     CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21250,     CVE-2025-21252, CVE-2025-21266, CVE-2025-21273, CVE-2025-21282, CVE-2025-21286, CVE-2025-21302,     CVE-2025-21303, CVE-2025-21305, CVE-2025-21306, CVE-2025-21339, CVE-2025-21409, CVE-2025-21411,     CVE-2025-21413, CVE-2025-21417)

  - Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5050009: Windows 11 Version 24H2 / Windows Server 2025 Security Update (January 2025)

critical Nessus Plugin ID 214124

Version 1.6

Version 1.4

Version 1.3

Version 1.2

Version 1.6 Feb 14, 2025, 12:18 PM IAVM reference Plugin Feed: 202502141218
Version 1.4 Feb 4, 2025, 10:34 AM Plugin metadata (added CVE-2025-21325) Plugin Feed: 202502041034
Version 1.3 Jan 17, 2025, 3:25 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202501171525
Version 1.2 Jan 15, 2025, 1:31 AM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") New Plugin Feed: 202501150131