CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2025-49676: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2025-49661: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-49658: Windows Transport Driver Interface (TDI) Translation Driver Information Disclosure Vulnerability

CVE-2025-49672: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Headline

CVE-2025-47972: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News