Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-29808: Windows Cryptographic Services Information Disclosure Vulnerability

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#auth#Windows Cryptographic Services#Security Vulnerability
CVE-2025-29809: Windows Kerberos Security Feature Bypass Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2025-29804: Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an unauthorized attacker to elevate privileges locally.

CVE-2025-29801: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2025-29800: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2025-29803: Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.

CVE-2025-27739: Windows Kernel Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-27737: Windows Security Zone Mapping Security Feature Bypass Vulnerability

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.