Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2025-49694: Microsoft Brokering File System Elevation of Privilege Vulnerability

Microsoft Security Response Center
#vulnerability#microsoft#Microsoft Brokering File System#Security Vulnerability
CVE-2025-49677: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-49690: Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Capability Consent Manager (camsvc service) allows an unauthorized attacker to elevate privileges locally.

CVE-2025-47994: Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

CVE-2025-33054: Remote Desktop Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** An attacker must trick the user into interacting with a spoofed WebAuthn prompt and entering their credentials.

CVE-2025-26636: Windows Kernel Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.