Opinions, tips, and news orbiting Microsoft
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. Continue reading CVE-2025-53769 Windows Security App Spoofing Vulnerability
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-53766 GDI+ Remote Code Execution Vulnerability
Access of resource using incompatible type (‘type confusion’) in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Continue reading CVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability