Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-21298: Windows OLE Remote Code Execution Vulnerability

**Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources** To help protect against this vulnerability, we recommend users read email messages in plain text format. For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to Read email messages in plain text. **Impact of workaround:** Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced: * The changes are applied to the preview pane and to open messages. * Pictures become attachments so that they are not lost. * Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

Microsoft Security Response Center
#vulnerability#windows#microsoft#rce#Windows OLE#Security Vulnerability
CVE-2025-21297: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-21296: BranchCache Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-21285: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability??** An attacker can send specially crafted packets which could impact availability of the service resulting in Denial of Service (DoS).

CVE-2025-21284: Windows Virtual Trusted Platform Module Denial of Service Vulnerability

**Are there any additional steps that I need to follow to be protected from this vulnerability?** The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy.

CVE-2025-21282: Windows Telephony Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2025-21304: Microsoft DWM Core Library Elevation of Privilege Vulnerability

**What privileges could an attacker gain with a successful exploitation?** An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network.

CVE-2025-21303: Windows Telephony Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2025-21302: Windows Telephony Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

CVE-2025-21293: Active Directory Domain Services Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.