Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2025-53804: Windows Kernel-Mode Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Kernel#Security Vulnerability
CVE-2025-55245: Xbox Gaming Services Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in XBOX allows an authorized attacker to elevate privileges locally.

CVE-2025-54913: Windows UI XAML Maps MapControlSettings Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.

CVE-2025-55317: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

CVE-2025-55228: Windows Graphics Component Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

CVE-2025-55226: Graphics Kernel Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.

CVE-2025-55243: Microsoft OfficePlus Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network.