CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-49676: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-49661: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-49658: Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability

CVE-2025-49672: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?**

An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.

Headline

CVE-2025-33054: Remote Desktop Spoofing Vulnerability

Microsoft Security Response Center: Latest News