Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-27488: Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
#vulnerability#windows#microsoft#hard_coded_credentials#auth#Windows Hardware Lab Kit#Security Vulnerability
CVE-2025-32701: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2025-30394: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26684: Microsoft Defender Elevation of Privilege Vulnerability

**How can I verify that the update is installed?** Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present warning (ID 121036) indicating an issue and providing additional online guidance or callout to reach out to Microsoft support if issue persists.

CVE-2025-29960: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.