![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
272 questions
Hello,
CVE-2025-21298 applies to Windows Server, which affects Windows operating systems and applications, including Windows Server. CVE-2025-21298 is a Critical vulnerability. It has been assigned a CVSS 3.1 score of 9.8 and is considered a high-severity vulnerability.
Affected operating systems: Windows 10, 11, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2025.
Here are some mitigations you can take:
- Read email messages in plain text: Configuring Microsoft Outlook to display email messages in plain text reduces the risk of triggering malicious OLE objects. However, this approach will affect the readability of the email because rich text content, such as images and special fonts, will no longer display correctly. For more information, please refer to Microsoft's documentation.
- Avoid opening RTF files from untrusted sources: Users should be cautious with emails that contain RTF attachments or content, especially from unknown senders.
- Apply the principle of least privilege: Restrict user privileges to reduce the impact of successful exploits.
Microsoft has released security updates in January 2025, and we recommend that you apply updates for the appropriate system version to reduce the risk of exploitation.
CVE-2025-21298 - Security Update Guide - Microsoft - Windows OLE Remote Code Execution Vulnerability
I hope this information helps.
Best regards,
Jingjing Wu