Security
Headlines

Headlines Latest CVEs

Tag

#microsoft

CVE-2025-49689: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #auth #Virtual Hard Disk (VHDX)#Security Vulnerability

CVE-2025-47993: Microsoft PC Manager Elevation of Privilege Vulnerability

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #auth #Microsoft PC Manager #Security Vulnerability

CVE-2025-47991: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Use after free in Microsoft Input Method Editor (IME) allows an unauthorized attacker to elevate privileges over a network.

1 month ago

Microsoft Security Response Center

#vulnerability #windows #microsoft #auth #Microsoft Input Method Editor (IME)#Security Vulnerability

CVE-2025-49711: Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #rce #auth #Microsoft Office Excel #Security Vulnerability

CVE-2025-48812: Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #auth #Microsoft Office Excel #Security Vulnerability

CVE-2025-49694: Microsoft Brokering File System Elevation of Privilege Vulnerability

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #Microsoft Brokering File System #Security Vulnerability

CVE-2025-49717: Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

1 month ago

Microsoft Security Response Center

#sql #vulnerability #microsoft #rce #buffer_overflow #auth #SQL Server #Security Vulnerability

CVE-2025-47994: Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #auth #Microsoft Office #Security Vulnerability

CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

1 month ago

Microsoft Security Response Center

#vulnerability #microsoft #Microsoft Brokering File System #Security Vulnerability

CVE-2025-49687: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

1 month ago

Microsoft Security Response Center

#vulnerability #windows #microsoft #auth #Microsoft Input Method Editor (IME)#Security Vulnerability