Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-59229: Microsoft Office Denial of Service Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

Microsoft Security Response Center
#vulnerability#microsoft#dos#Microsoft Office#Security Vulnerability
CVE-2025-59209: Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

CVE-2025-59221: Microsoft Word Remote Code Execution Vulnerability

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

CVE-2025-59214: Microsoft Windows File Explorer Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59191: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.