Microsoft CVEs - Gilliam Security

Chromium: CVE-2025-5959 Type Confusion in V8
Published on: 2025-06-13 07:00:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-5958 Use after free in Media
Published on: 2025-06-13 07:00:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability
Published on: 2025-06-13 07:00:00
Link: View Details
Added an acknowledgement. This is an informational change only.

CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability
Published on: 2025-06-11 07:00:00
Link: View Details
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-06-11 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.

CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability
Published on: 2025-06-11 07:00:00
Link: View Details
Acknowledgement added. This is an informational change only.

CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-29828 Windows Schannel Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

CVE-2025-30399 .NET and Visual Studio Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

CVE-2025-32710 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-32712 Win32k Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-32713 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-32714 Windows Installer Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-32715 Remote Desktop Protocol Client Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

CVE-2025-32716 Windows Media Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

CVE-2025-32718 Windows SMB Client Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

CVE-2025-32719 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32720 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32721 Windows Recovery Driver Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-32722 Windows Storage Port Driver Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

CVE-2025-32724 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

CVE-2025-33058 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33059 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33060 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33061 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33062 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33063 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33064 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2025-33065 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33066 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-33067 Windows Task Scheduler Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

CVE-2025-33075 Windows Installer Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47953 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47955 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-47956 Windows Security App Spoofing Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.

CVE-2025-33071 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

CVE-2025-47962 Windows SDK Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

CVE-2025-47969 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

ADV990001 Latest Servicing Stack Updates
Published on: 2025-06-10 07:00:00
Link: View Details
Advisory updated to announce new versions of Servicing Stack Updates are available. Please see the FAQ for details.

CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-24068 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-24069 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-24065 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-32725 DHCP Server Service Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

CVE-2025-33050 DHCP Server Service Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

CVE-2025-33052 Windows DWM Core Library Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

CVE-2025-33053 Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.

CVE-2025-33055 Windows Storage Management Provider Information Disclosure Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-33056 Windows Local Security Authority (LSA) Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

CVE-2025-33057 Windows Local Security Authority (LSA) Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

CVE-2025-33068 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-33069 Windows App Control for Business Security Feature Bypass Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-33070 Windows Netlogon Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-33073 Windows SMB Client Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

CVE-2025-47163 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47168 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47169 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47170 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47171 Microsoft Outlook Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.

CVE-2025-3052 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass
Published on: 2025-06-10 07:00:00
Link: View Details
Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an authorized attacker to perform spoofing over a network.

CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47953 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47168 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-47169 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-47170 Microsoft Word Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-47171 Microsoft Outlook Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability
Published on: 2025-06-10 07:00:00
Link: View Details
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVE-2025-47966 Power Automate Elevation of Privilege Vulnerability
Published on: 2025-06-05 07:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-21204 Windows Process Activation Elevation of Privilege Vulnerability
Published on: 2025-06-04 07:00:00
Link: View Details
Added an FAQ to explain the remediation steps customers need to take to be protected from CVE-2025-21204. This includes a link to a script to aid in completing the remediation steps. This is an informational change only.

Chromium: CVE-2025-5068 Use after free in Blink
Published on: 2025-06-03 20:50:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5419 Out of bounds read and write in V8
Published on: 2025-06-03 20:50:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild.

CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Published on: 2025-06-03 07:00:00
Link: View Details
Updated acknowledgment. This is an informational change only.

CVE-2025-21174 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Published on: 2025-05-30 07:00:00
Link: View Details
In the Security Updates table, corrected the Download and Article links for Windows Server 2012 R2 and Windows Server 2012 R2 (Server Core installation). This is an informational change only.

Chromium: CVE-2025-5066 Inappropriate implementation in Messages
Published on: 2025-05-29 19:06:23
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5067 Inappropriate implementation in Tab Strip
Published on: 2025-05-29 18:55:16
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5283 Use after free in libvpx
Published on: 2025-05-29 18:55:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5281 Inappropriate implementation in BFCache
Published on: 2025-05-29 18:55:12
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5065 Inappropriate implementation in FileSystemAccess API
Published on: 2025-05-29 18:55:09
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5064 Inappropriate implementation in Background Fetch API
Published on: 2025-05-29 18:55:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5280 Out of bounds write in V8
Published on: 2025-05-29 18:55:05
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

Chromium: CVE-2025-5063 Use after free in Compositing
Published on: 2025-05-29 18:55:01
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Published on: 2025-05-22 07:00:00
Link: View Details
To comprehensively address CVE-2025-26646, Microsoft has released security updates on May 22, 2025 for Visual Studio 2022 version 17.10. In addition, updates .NET 8.0.313 and .NET 8.0.410 have been released for .NET SDKs 8.0.3xx and 8.0.4xx, respectively. For more information about the .NET updates see [KB5059200](https://support.microsoft.com/en-us/topic/-net-8-0-update-may-22-2025-kb5059200-8ace2b08-2644-454e-a43f-157c60835e49). Microsoft recommends customers install these update to be fully protected from the vulnerability.

CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Published on: 2025-05-22 07:00:00
Link: View Details
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

CVE-2024-21302 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Published on: 2025-05-21 07:00:00
Link: View Details
Updated the build numbers. This is an informational update only.

CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2025-05-15 07:00:00
Link: View Details
In the Security Updates table, added all supported editions of Windows Server 2008 and Windows Server 2008 R2 as they are affected by this vulnerability. Customers running these versions of Windows Server please note that to be protected from this vulnerability you need to install the out-of-band updates as follows: * Windows Server 2008 R2: KB5061195 (Security-only update) * Windows Server 2008 R2: KB5061196 (Monthly Rollup) * Windows Server 2008: KB5061197 (Security-only update) * Windows Server 2008: KB5061198 (Monthly Rollup) Please see the Security Updates table and FAQs section for more information.

CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
Published on: 2025-05-15 07:00:00
Link: View Details
Information published.

Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
Published on: 2025-05-15 17:20:53
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
Published on: 2025-05-15 17:20:49
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.