Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical vulnerability in Microsoft Windows, Can Be Exploited for Remote Code Execution, Patch Immediately!
Image
Gepubliceerd : 26/11/2025
* Last update: 26/11/2025
* Affected products:
→ Windows Server 2025 version 10.0.26100.4851
→ Windows 11 Version 24H2 for x64-based Systems 2025 version 10.0.26100.4851
→ Windows 11 Version 24H2 for ARM64-based Systems 2025 version 10.0.26100.4851
→ Windows Server 2025 (Server Core installation) 2025 version 10.0.26100.4851* Type: Untrusted pointer dereference
* CVE/CVSS:
- CVE-2025-50165: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Microsoft - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50165
Risks
On August 12, Microsoft released security updates for Windows 11 and Windows server patching a critical flaw in a graphics library. This flaw allowed JPEG images to execute arbitrary code when displayed by a user using a program that depends on this library, e.g. Microsoft Office, even when embedded in a document.
This can also happen when the image is previewed in a file manager or displayed in any other program depending on the same library. This has a high impact on Confidentiality, Availability and Integrity.
Description
When a JPEG image is displayed by any application using the windowscodecs.dll library, crafted metadata can trigger an untrusted pointer dereference. An attacker could cause the decoder library to read from a controlled memory address and with heap spraying, place malicious code at that address. This leads to remote code execution, giving control over the affected machine.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NVD NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-50165
Zscaler - https://www.zscaler.com/blogs/security-research/cve-2025-50165-critical-flaw-windows-graphics-component#more-blogs