CVE-2024-21907: VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json

CVE-2025-54901: Microsoft Excel Information Disclosure Vulnerability

CVE-2025-54900: Microsoft Excel Remote Code Execution Vulnerability

CVE-2025-55227: Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2025-55224: Windows Hyper-V Remote Code Execution Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?**

The attacker, initially a non-admin user on the host, could hijack the PowerShell Direct session intended for communication between the admin user on host and a guest VM. This unauthorized access enables the attacker to impersonate the admin host user in communications with the guest, potentially manipulating or controlling guest-side operations.

Headline

CVE-2025-49734: PowerShell Direct Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News