CVE-2025-47988: Azure Monitor Agent Remote Code Execution Vulnerability

CVE-2025-49744: Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2025-49742: Windows Graphics Component Remote Code Execution Vulnerability

CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-49676: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?**

Exploitation of this attack requires a local attacker to create arbitrary directories. User interaction is necessary as the attacker relies on an Administrator to run wprui.exe for the first time.

Headline

CVE-2025-49680: Windows Performance Recorder (WPR) Denial of Service Vulnerability

Microsoft Security Response Center: Latest News