Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2025-29957: Windows Deployment Services Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#dos#auth#Windows Deployment Services#Security Vulnerability
CVE-2025-29961: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

CVE-2025-29974: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2025-32702: Visual Studio Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.

CVE-2025-29842: UrlMon Security Feature Bypass Vulnerability

No cwe for this issue in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-21264: Visual Studio Code Security Feature Bypass Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and some loss of integrity (I:L) and no loss of availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.