Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-49562: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#linux#Mariner#Security Vulnerability
CVE-2022-49552: bpf: Fix combination of jit blinding and pointers to bpf subprogs.

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

CVE-2022-49543: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

CVE-2022-49469: btrfs: fix anon_dev leak in create_subvol()

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

CVE-2022-49173: spi: fsi: Implement a timeout for polling status

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

CVE-2025-11411: Possible domain hijacking via promiscuous records in the authority section

**Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?** One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.

Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand

Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid.

Strings in the maze: Finding hidden strengths and gaps in your team

In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats.

Thousands of online stores at risk as SessionReaper attacks spread

A Magento bug called SessionReaper is doing the rounds, and researchers warn it’s letting attackers hijack real shopping sessions.

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its