Opinions, tips, and news orbiting Microsoft
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network. Continue reading CVE-2025-49666 Windows Server Setup and Boot Event Collection Remote Code Execution Vulnerability
Access of resource using incompatible type (‘type confusion’) in Windows SSDP Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-48815 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-49698 Microsoft Word Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. Continue reading CVE-2025-48805 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49659 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-49683 Microsoft Virtual Hard Disk Remote Code Execution Vulnerability
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. Continue reading CVE-2025-49740 Windows SmartScreen Security Feature Bypass Vulnerability