Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-21199: Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an administrator to install the VM agent on the target device where an attacker has planted specially crafted malicious files.

Microsoft Security Response Center
Open in Source
#vulnerability#Azure Agent Installer#Security Vulnerability
CVE-2025-24051: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

CVE-2025-24050: Windows Hyper-V Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.

CVE-2025-24055: Windows USB Video Class System Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2025-24054: NTLM Hash Disclosure Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.

CVE-2025-24059: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-24056: Windows Telephony Service Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-24067: Kernel Streaming Service Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-24048: Windows Hyper-V Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.