The remote Windows host is missing security update 5050061. It is, therefore, affected by multiple vulnerabilities

  - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307)

  - Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233,     CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21240, CVE-2025-21243, CVE-2025-21244,     CVE-2025-21245, CVE-2025-21246, CVE-2025-21250, CVE-2025-21252, CVE-2025-21266, CVE-2025-21273,     CVE-2025-21282, CVE-2025-21286, CVE-2025-21302, CVE-2025-21303, CVE-2025-21305, CVE-2025-21306,     CVE-2025-21339, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417)

  - Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5050061: Windows Server 2008 Security Update (January 2025)

high Nessus Plugin ID 214129

Version 1.6

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.6 Feb 14, 2025, 12:18 PM IAVM reference Plugin Feed: 202502141218
Version 1.4 Jan 27, 2025, 7:07 AM CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2025-21307" to none) Plugin Feed: 202501270707
Version 1.3 Jan 23, 2025, 6:46 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202501230646
Version 1.2 Jan 17, 2025, 3:25 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202501171525
Version 1.1 Jan 15, 2025, 1:31 AM New Plugin Feed: 202501150131