Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Secure Channel #Security Vulnerability

CVE-2025-27486: Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #dos #auth #Windows Standards-Based Storage Management Service #Security Vulnerability

CVE-2025-27489: Azure Local Elevation of Privilege Vulnerability

Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #auth #Azure Local #Security Vulnerability

CVE-2025-27487: Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #rce #buffer_overflow #auth #Remote Desktop Client #Security Vulnerability

CVE-2025-27483: NTFS Elevation of Privilege Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #Windows NTFS #Security Vulnerability