Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2025-49689: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Microsoft Security Response Center
#vulnerability#microsoft#auth#Virtual Hard Disk (VHDX)#Security Vulnerability
CVE-2025-49688: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-33054: Remote Desktop Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.

CVE-2025-47984: Windows GDI Information Disclosure Vulnerability

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

CVE-2025-47976: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-26636: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.