Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2025-27728: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Kernel-Mode Drivers#Security Vulnerability
CVE-2025-27737: Windows Security Zone Mapping Security Feature Bypass Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

CVE-2025-27736: Windows Power Dependency Coordinator Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

CVE-2025-29801: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2025-29800: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2025-29809: Windows Kerberos Security Feature Bypass Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2025-29804: Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an unauthorized attacker to elevate privileges locally.

CVE-2025-29810: Active Directory Domain Services Elevation of Privilege Vulnerability

Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.