Unknown · Web Threat Defense · CVE-2025-29971
Name of the Vulnerable Software and Affected Versions:
Web Threat Defense versions prior to May 2025 update
Description:
The issue is an out-of-bounds read in Web Threat Defense (WTD.sys) that allows an unauthorized attacker to deny service over a network. This can be exploited by remote attackers to crash systems, posing a kernel-level denial-of-service threat.
Recommendations:
For versions prior to the May 2025 update, apply the patch KB5058411 to resolve the issue. As a temporary workaround, consider restricting network access to minimize the risk of exploitation.