Opinions, tips, and news orbiting Microsoft
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-59511 Windows WLAN Service Elevation of Privilege Vulnerability
Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-60713 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Continue reading CVE-2025-62216 Microsoft Office Remote Code Execution Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-62206 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-62218 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Improper limitation of a pathname to a restricted directory (‘path traversal’) in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-60722 Microsoft OneDrive for Android Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability