CVE-2025-29971 is a high-severity vulnerability identified in Microsoft Windows 11 version 22H2 (build 10.0.22621.0). The flaw is an out-of-bounds read (CWE-125) occurring within the Web Threat Defense driver (WTD.sys), a component responsible for network threat detection and mitigation. An out-of-bounds read vulnerability arises when a program reads data outside the boundaries of allocated memory, which can lead to undefined behavior, crashes, or information disclosure. In this case, the vulnerability allows an unauthenticated attacker to remotely trigger a denial-of-service (DoS) condition over the network by exploiting the WTD.sys component. The CVSS 3.1 base score of 7.5 reflects a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity impact. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component without extending to other system components. No known exploits are currently observed in the wild, and no patches have been published yet. The vulnerability was reserved in March 2025 and published in May 2025. Given the nature of the vulnerability, exploitation could cause system crashes or reboots, disrupting services relying on Windows 11 22H2 machines, especially those using Web Threat Defense features.

For European organizations, this vulnerability poses a significant risk to availability of systems running Windows 11 version 22H2, particularly those utilizing Web Threat Defense capabilities. Organizations with network-facing Windows 11 endpoints or servers could be targeted remotely without authentication or user interaction, enabling attackers to cause denial-of-service conditions. This could disrupt critical business operations, especially in sectors relying heavily on continuous network security monitoring and threat defense, such as finance, healthcare, and government. The disruption could lead to operational downtime, loss of productivity, and potential cascading effects on dependent services. While confidentiality and integrity are not directly impacted, the availability impact alone can have severe consequences in environments requiring high uptime and reliability. Additionally, the lack of a patch at the time of disclosure increases the window of exposure, necessitating immediate mitigation efforts.

Given the absence of an official patch, European organizations should implement specific mitigations to reduce exposure. These include: 1) Network segmentation and firewall rules to restrict external access to systems running Windows 11 22H2 with Web Threat Defense enabled, limiting exposure to untrusted networks. 2) Monitoring network traffic for unusual patterns targeting WTD.sys or related components to detect potential exploitation attempts early. 3) Temporarily disabling or limiting the use of Web Threat Defense features if feasible, until a patch is available. 4) Applying strict access controls and endpoint protection measures to reduce the attack surface. 5) Keeping Windows 11 systems updated with the latest cumulative updates, as Microsoft may release an out-of-band patch promptly. 6) Preparing incident response plans to quickly address potential denial-of-service incidents. 7) Engaging with Microsoft support and threat intelligence sources for updates on exploit developments and patches.