Opinions, tips, and news orbiting Microsoft
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. Continue reading CVE-2025-55236 Graphics Kernel Remote Code Execution Vulnerability
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-53806 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54105 Microsoft Brokering File System Elevation of Privilege Vulnerability
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49734 PowerShell Direct Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Graphics Kernel allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-55223 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-54110 Windows Kernel Elevation of Privilege Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-54902 Microsoft Excel Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. Continue reading CVE-2025-54916 Windows NTFS Remote Code Execution Vulnerability