#microsoft

CVE-2025-64667: Microsoft Exchange Server Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker could spoof incorrect **5322.From** email address that is displayed to a user.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Microsoft Exchange Server #Security Vulnerability

CVE-2025-62564: Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #rce #auth #Microsoft Office Excel #Security Vulnerability

CVE-2025-62569: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Microsoft Brokering File System #Security Vulnerability

CVE-2025-62563: Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #rce #auth #Microsoft Office Excel #Security Vulnerability

CVE-2025-62562: Microsoft Outlook Remote Code Execution Vulnerability

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #rce #auth #Microsoft Office Outlook #Security Vulnerability

CVE-2025-62561: Microsoft Excel Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #rce #auth #Microsoft Office Excel #Security Vulnerability

CVE-2025-62469: Microsoft Brokering File System Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #auth #Microsoft Brokering File System #Security Vulnerability

GHSA-wq34-7f4g-953v: Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

### Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist. ### Patches CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer. ### Workarounds If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.

2 months ago

ghsa

Open in Source

#vulnerability #microsoft #rce

How phishers hide banking scams behind free Cloudflare Pages

We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.

2 months ago

Malwarebytes

Open in Source

#web #microsoft #git #java #auth

Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.