#Security Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.

Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.66 09/11/2025 140.0.7339.133

Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.

**I am running SQL Server on my system. What action do I need to take?** Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates. **There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?** * First, determine your SQL Server version number. For more information on determining your SQL Server version number, see Microsoft Knowledge Base Article 321185 - How to determine the version, edition, and update level of SQL Server and its components. * Second, in the following table, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install. **Note** If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product to apply this and future security updates. Update Number T...

**Are there any further actions I need to take to be protected from relay attacks?** The security updates released on September 9, 2025 enable support for auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server. Please see https://support.microsoft.com/help/5066913 for more information.

Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.