Microsoft Security Response Center Blog Alerts

CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability

Posted on Tuesday March 11, 2025

In the Security Updates table added Windows Server 2022, 23H2 Edition (Server Core installation) as it is affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.

CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability

Posted on Tuesday March 11, 2025

The following updates have been made to CVE-2024-30098: 1. In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025. 2. To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11. 3. Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.