Month: July 2025

Use after free in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49733 Win32k Elevation of Privilege Vulnerability→

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Teams allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49737 Microsoft Teams Elevation of Privilege Vulnerability→

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Continue reading CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability→

Improper link resolution before file access (‘link following’) in Visual Studio allows an unauthorized attacker to elevate privileges over a network. Continue reading CVE-2025-49739 Visual Studio Elevation of Privilege Vulnerability→

Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49738 Microsoft PC Manager Elevation of Privilege Vulnerability→

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-33054 Remote Desktop Spoofing Vulnerability→

Updated links to security updates. This is an informational change only. Continue reading CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability→

Improper control of generation of code (‘code injection’) in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Continue reading CVE-2025-49704 Microsoft SharePoint Remote Code Execution Vulnerability→