Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-21236: Windows Telephony Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#Windows Telephony Service#Security Vulnerability
CVE-2025-21235: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information.

CVE-2025-21214: Windows BitLocker Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key.

CVE-2025-21210: Windows BitLocker Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext.

CVE-2024-50338: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager

**Why is this GitHub CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

CVE-2025-21380: Azure Marketplace SaaS Resources Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-21385: Microsoft Purview Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-12695: Chromium: CVE-2024-12695 Out of bounds write in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205

CVE-2024-12694: Chromium: CVE-2024-12694 Use after free in Compositing

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205

CVE-2024-12693: Chromium: CVE-2024-12693 Out of bounds memory access in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205