Source

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #rce #Inbox COM Objects #Security Vulnerability

CVE-2025-58725: Windows COM+ Event System Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #buffer_overflow #auth #Windows COM #Security Vulnerability

CVE-2025-58724: Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #mac #auth #Azure Connected Machine Agent #Security Vulnerability

CVE-2025-58720: Windows Cryptographic Services Information Disclosure Vulnerability

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Cryptographic Services #Security Vulnerability

CVE-2025-58718: Remote Desktop Client Remote Code Execution Vulnerability

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

1 month ago

Microsoft Security Response Center

Open in Source

#vulnerability #rce #auth #Remote Desktop Client #Security Vulnerability