Opinions, tips, and news orbiting Microsoft
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-50153 Desktop Windows Manager Elevation of Privilege Vulnerability
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49762 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-50173 Windows Installer Elevation of Privilege Vulnerability
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-49761 Windows Kernel Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command (‘sql injection’) in SQL Server allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability
Access of resource using incompatible type (‘type confusion’) in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability