Opinions, tips, and news orbiting Microsoft
[CVE-2025-46334](https://www.cve.org/CVERecord?id=CVE-2025-46334) is regarding a vulnerability in Git GUI (Windows only) where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path … Continue reading CVE-2025-46334 MITRE: CVE-2025-46334 Git Malicious Shell Vulnerability
Processor optimization removal or modification of security-critical code in Windows Secure Kernel Mode allows an authorized attacker to disclose information locally. Continue reading CVE-2025-48810 Windows Secure Kernel Mode Information Disclosure Vulnerability
[CVE-2025-27614](https://www.cve.org/CVERecord?id=CVE-2025-27614) is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the … Continue reading CVE-2025-27614 MITRE: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. Continue reading CVE-2025-48808 Windows Kernel Information Disclosure Vulnerability
[CVE-2025-27613](https://www.cve.org/CVERecord?id=CVE-2025-27613) is regarding a vulnerability in Gitk where when a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. … Continue reading CVE-2025-27613 MITRE: CVE-2025-27613 Gitk Arguments Vulnerability
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. Continue reading CVE-2025-48805 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. Continue reading CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-48803 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability