Opinions, tips, and news orbiting Microsoft
Improper link resolution before file access (‘link following’) in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Continue reading CVE-2025-62452 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60709 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-62219 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally. Continue reading CVE-2025-60708 Storvsp.sys Driver Denial of Service Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-62217 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Multimedia Class Scheduler Service (MMCSS) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60707 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60719 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability