Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2025-27490: Windows Bluetooth Service Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
#vulnerability#windows#buffer_overflow#auth#Windows Bluetooth Service#Security Vulnerability
CVE-2025-27492: Windows Secure Channel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

CVE-2025-27489: Azure Local Elevation of Privilege Vulnerability

Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally.

CVE-2025-27483: NTFS Elevation of Privilege Vulnerability

**Are the updates for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems currently available?** The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.

CVE-2025-27482: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-27481: Windows Telephony Service Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.