CVE-2025-21244

Q: What is the severity of CVE-2025-21244?

CVE-2025-21244 has a CVSS score of 8.8 (HIGH). This is a remote code execution vulnerability in the Windows Telephony Service that allows attackers to execute arbitrary code on affected systems. It affects Windows systems with the Telephony Service enabled, potentially allowing attackers to take control of vulnerable machines.

8.8 HIGH

Remote Code Execution

📋 TL;DR

This is a remote code execution vulnerability in the Windows Telephony Service that allows attackers to execute arbitrary code on affected systems. It affects Windows systems with the Telephony Service enabled, potentially allowing attackers to take control of vulnerable machines.

💻 Affected Systems

Products:

Windows Telephony Service

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Telephony Service enabled are vulnerable. Some server configurations may have this disabled by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation across the network.

🟠

Likely Case

Local privilege escalation leading to lateral movement within the network and credential harvesting.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: MEDIUM - Requires specific service exposure and network access to vulnerable Telephony Service endpoints.

🏢 Internal Only: HIGH - Can be exploited from within the network without internet exposure, facilitating lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to the Telephony Service and may require some level of system interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest Windows security updates for affected versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates via Windows Update. 2. For enterprise environments, deploy patches through WSUS or SCCM. 3. Verify patch installation and restart systems as required.

🔧 Temporary Workarounds

Disable Windows Telephony Service

Windows

Disable the vulnerable Telephony Service if not required for business operations

sc config TapiSrv start= disabled
sc stop TapiSrv

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems with Telephony Service
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if Telephony Service is running: sc query TapiSrv

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the latest security updates and Telephony Service version

📡 Detection & Monitoring

Log Indicators:

Unusual Telephony Service process creation
Suspicious network connections to Telephony Service ports

Network Indicators:

Anomalous traffic to Telephony Service default ports
Unexpected RPC calls to Telephony Service

SIEM Query:

Process Creation where Image contains 'tapisrv' AND CommandLine contains suspicious patterns

📊 Metadata

CVE ID: CVE-2025-21244

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 1.76% exploit probability (82.3th percentile)

Published: January 14, 2025

Last Updated: January 24, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21244 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft