Source

Microsoft Security Response Center

CVE-2025-27730: Windows Digital Media Elevation of Privilege Vulnerability

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

1 month ago

Open in Source

#vulnerability #windows #git #auth #Windows Digital Media #Security Vulnerability

CVE-2025-27731: Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability

Improper input validation in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #microsoft #auth #ssh #OpenSSH for Windows #Security Vulnerability

CVE-2025-27728: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Kernel-Mode Drivers #Security Vulnerability

CVE-2025-27729: Windows Shell Remote Code Execution Vulnerability

Use after free in Windows Shell allows an unauthorized attacker to execute code locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #rce #auth #Windows Shell #Security Vulnerability

CVE-2025-27727: Windows Installer Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Installer #Security Vulnerability

CVE-2025-27490: Windows Bluetooth Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #buffer_overflow #auth #Windows Bluetooth Service #Security Vulnerability

CVE-2025-27491: Windows Hyper-V Remote Code Execution Vulnerability

Use after free in vhdmp.sys allows an authorized attacker to execute code over a network.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #rce #auth #Windows Hyper-V #Security Vulnerability

CVE-2025-27492: Windows Secure Channel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Secure Channel #Security Vulnerability

CVE-2025-27486: Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #dos #auth #Windows Standards-Based Storage Management Service #Security Vulnerability

CVE-2025-27489: Azure Local Elevation of Privilege Vulnerability

Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #auth #Azure Local #Security Vulnerability