Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2025-53722: Windows Remote Desktop Services Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

Microsoft Security Response Center
#vulnerability#windows#dos#auth#Windows Remote Desktop Services#Security Vulnerability
CVE-2025-47954: Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-53156: Windows Storage Port Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.

CVE-2025-49707: Azure Virtual Machines Spoofing Vulnerability

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.

CVE-2025-50164: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

CVE-2025-50158: Windows NTFS Information Disclosure Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVE-2025-50154: Microsoft Windows File Explorer Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-50172: DirectX Graphics Kernel Denial of Service Vulnerability

Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.

CVE-2025-50171: Remote Desktop Spoofing Vulnerability

Weak authentication in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.