Opinions, tips, and news orbiting Microsoft
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53135 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Access of resource using incompatible type (‘type confusion’) in Graphics Kernel allows an authorized attacker to execute code locally. Continue reading CVE-2025-50176 DirectX Graphics Kernel Remote Code Execution Vulnerability
Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Continue reading CVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Access of resource using incompatible type (‘type confusion’) in Windows Win32K – ICOMP allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-50168 Win32k Elevation of Privilege Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-49736 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Continue reading CVE-2025-53722 Windows Remote Desktop Services Denial of Service Vulnerability