Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-26652: Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#dos#auth#Windows Standards-Based Storage Management Service#Security Vulnerability
CVE-2025-26651: Windows Local Session Manager (LSM) Denial of Service Vulnerability

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVE-2025-26647: Windows Kerberos Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.

CVE-2025-26649: Windows Secure Channel Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

CVE-2025-26648: Windows Kernel Elevation of Privilege Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2025-26644: Windows Hello Spoofing Vulnerability

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

CVE-2025-26637: BitLocker Security Feature Bypass Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.