Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-59507: Windows Speech Runtime Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Speech#Security Vulnerability
CVE-2025-59511: Windows WLAN Service Elevation of Privilege Vulnerability

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

CVE-2025-60704: Windows Kerberos Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk. In one such scenario for this vulnerability, the attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol.

CVE-2025-60705: Windows Client-Side Caching Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2025-59509: Windows Speech Recognition Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-59505: Windows Smart Card Reader Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability

About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability. A vulnerability from the October Microsoft Patch Tuesday. The Windows Remote Access Connection Manager (RasMan) service is a core Windows component that manages dial-up and Virtual Private Network (VPN) connections, ensuring secure communication between a computer and remote networks. An access control flaw […]

Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. "Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs," the Genians