Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-62455: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#auth#Windows Message Queuing#Security Vulnerability
CVE-2025-64670: Windows DirectX Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.

CVE-2025-64667: Microsoft Exchange Server Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker could spoof incorrect **5322.From** email address that is displayed to a user.

CVE-2025-62569: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-64672: Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

GHSA-wq34-7f4g-953v: Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

### Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist. ### Patches CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer. ### Workarounds If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.

How phishers hide banking scams behind free Cloudflare Pages

We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.

Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.