Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-21322: Microsoft PC Manager Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Microsoft PC Manager#Security Vulnerability
CVE-2025-24036: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.

CVE-2023-32002: HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability

**Why is this HackerOne CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** To successfully exploit this remote code execution vulnerability, an attacker could send a malicious logon request to the target domain controller.

CVE-2025-21383: Microsoft Excel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files

Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.

UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more.

ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code

Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…

Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE

Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.