Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-47981: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.

Microsoft Security Response Center
#vulnerability#rce#Windows SPNEGO Extended Negotiation#Security Vulnerability
CVE-2025-47980: Windows Imaging Component Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVE-2025-48804: BitLocker Security Feature Bypass Vulnerability

Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-48802: Windows SMB Server Spoofing Vulnerability

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

CVE-2025-48800: BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2025-47998: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2025-47996: Windows MBT Transport Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-48799: Windows Update Service Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.