Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-21313: Windows Security Account Manager (SAM) Denial of Service Vulnerability

**How could an attacker exploit the vulnerability?** An authenticated attacker could make specially crafted API calls that lead to a Denial of Service.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#dos#auth#Windows Security Account Manager#Security Vulnerability
CVE-2025-21218: Windows Kerberos Denial of Service Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could use a specially crafted application to leverage a protocol vulnerability in Windows Kerberos to perform a denial of service attack against the target.

CVE-2025-21378: Windows CSC Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-21374: Windows CSC Service Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory.

CVE-2025-21340: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

**Are there any additional steps that I need to follow to be protected from this vulnerability?** The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.

CVE-2025-21360: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment.

CVE-2025-21372: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-21343: Windows Web Threat Defense User Service Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

CVE-2025-21312: Windows Smart Card Reader Information Disclosure Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

CVE-2025-21310: Windows Digital Media Elevation of Privilege Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.