Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-33073: Windows SMB Client Elevation of Privilege Vulnerability

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Microsoft Security Response Center
#vulnerability#windows#samba#auth#Windows SMB#Security Vulnerability
CVE-2025-47167: Microsoft Office Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-33070: Windows Netlogon Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2025-33071: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target.