Opinions, tips, and news orbiting Microsoft
Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. Continue reading CVE-2025-49721 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network. Continue reading CVE-2025-49760 Windows Storage Spoofing Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. Continue reading CVE-2025-49742 Windows Graphics Component Remote Code Execution Vulnerability
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability
Improper link resolution before file access (‘link following’) in Windows Performance Recorder allows an authorized attacker to deny service locally. Continue reading CVE-2025-49680 Windows Performance Recorder (WPR) Denial of Service Vulnerability
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. Continue reading CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Access of resource using incompatible type (‘type confusion’) in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-49702 Microsoft Office Remote Code Execution Vulnerability