Opinions, tips, and news orbiting Microsoft
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53154 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-25007 Microsoft Exchange Server Spoofing Vulnerability
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Continue reading CVE-2025-50156 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Continue reading CVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability