Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-47986: Universal Print Management Service Elevation of Privilege Vulnerability

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
#vulnerability#auth#Universal Print Management Service#Security Vulnerability
CVE-2025-47985: Windows Event Tracing Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-47972: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

CVE-2025-21195: Azure Service Fabric Runtime Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

CVE-2025-49690: Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Capability Consent Manager (camsvc service) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-49676: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.