Source

Microsoft Security Response Center

CVE-2025-21191: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

2 months ago

Open in Source

#vulnerability #windows #auth #Windows Local Security Authority (LSA)#Security Vulnerability

CVE-2025-21197: Windows NTFS Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized access to the file system, specifically file path information.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows NTFS #Security Vulnerability

CVE-2025-21174: Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #dos #auth #Windows Standards-Based Storage Management Service #Security Vulnerability

CVE-2025-24073: Microsoft DWM Core Library Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Windows DWM Core Library #Security Vulnerability

CVE-2025-24074: Microsoft DWM Core Library Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Windows DWM Core Library #Security Vulnerability

CVE-2025-29824: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #windows #auth #Windows Common Log File System Driver #Security Vulnerability

CVE-2025-29823: Microsoft Excel Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #web #microsoft #rce #Microsoft Office Excel #Security Vulnerability

CVE-2025-29822: Microsoft OneNote Security Feature Bypass Vulnerability

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

2 months ago

Microsoft Security Response Center

Open in Source

#vulnerability #microsoft #Microsoft Office OneNote #Security Vulnerability

CVE-2025-29820: Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.