Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-47991: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Use after free in Microsoft Input Method Editor (IME) allows an unauthorized attacker to elevate privileges over a network.

Microsoft Security Response Center
#vulnerability#windows#microsoft#auth#Microsoft Input Method Editor (IME)#Security Vulnerability
CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-47994: Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

CVE-2025-49730: Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

CVE-2025-49706: Microsoft SharePoint Server Spoofing Vulnerability

Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVE-2025-49703: Microsoft Word Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2025-49700: Microsoft Word Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.