Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-21183: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Resilient File System (ReFS) Deduplication Service#Security Vulnerability
CVE-2025-21419: Windows Setup Files Cleanup Elevation of Privilege Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?** This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.

CVE-2025-21182: Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-21383: Microsoft Excel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability?** An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).

CVE-2025-21206: Visual Studio Installer Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of this vulnerability requires that a local user executes the Visual Studio installer

CVE-2025-0451: Chromium: CVE-2025-0451 Inappropriate implementation in Extensions API

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**