Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-49743: Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#auth#Microsoft Graphics Component#Security Vulnerability
CVE-2025-50158: Windows NTFS Information Disclosure Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVE-2025-49762: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-49751: Windows Hyper-V Denial of Service Vulnerability

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files. "When extracting a file,

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware. The vulnerabilities have been codenamed