Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Secure Channel

CVE-2025-27492: Windows Secure Channel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Secure Channel#Security Vulnerability
CVE-2025-26649: Windows Secure Channel Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

CVE-2024-43550: Windows Secure Channel Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.

CVE-2023-28233: Windows Secure Channel Denial of Service Vulnerability

**Does this vulnerability affect all versions of TLS?** No. Only those devices running TLS 1.3 are affected. For more information on supported TLS implementations please visit: https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-