CVE-2025-24984: Windows NTFS Information Disclosure Vulnerability

CVE-2025-24983: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2025-24084: Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability

CVE-2025-24076: Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

CVE-2025-24075: Microsoft Excel Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?**

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.

Headline

CVE-2025-24076: Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News