CVE-2025-49730: Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability

CVE-2025-49729: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-49724: Windows Connected Devices Platform Service Remote Code Execution Vulnerability

CVE-2025-49722: Windows Print Spooler Denial of Service Vulnerability

CVE-2025-49706: Microsoft SharePoint Server Spoofing Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L) while user interaction is required (UI:R). What does that mean for this vulnerability?**

An attacker can trick a local user on a vulnerable system into mounting a specially crafted VHD that would then trigger the vulnerability.

Headline

CVE-2025-47973: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News