Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-27738: Windows Resilient File System (ReFS) Information Disclosure Vulnerability

Improper access control in Windows FileSystemWatcher allows an authorized attacker to disclose information over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Resilient File System (ReFS)#Security Vulnerability
CVE-2025-27737: Windows Security Zone Mapping Security Feature Bypass Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

CVE-2025-27736: Windows Power Dependency Coordinator Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

CVE-2025-29809: Windows Kerberos Security Feature Bypass Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2025-27735: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Virtualization-based Security feature.

CVE-2025-29808: Windows Cryptographic Services Information Disclosure Vulnerability

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

CVE-2025-27739: Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-27482: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-27481: Windows Telephony Service Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.