Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-53143: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#rce#auth#Windows Message Queuing#Security Vulnerability
CVE-2025-53720: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker authenticated on the domain could exploit this vulnerability by tricking a domain-joined user into sending a request to a malicious server via the Routing and Remote Access Service (RRAS) Snap-in. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2025-53147: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-53134: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally.