CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-49676: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-49661: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-49658: Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability

CVE-2025-49672: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?**

A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver.

Headline

CVE-2025-49733: Win32k Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News