Live
Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now·MSFT +0.1%Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896·NVDA +3.0%Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now·GOOGL +1.2%Microsoft Patches Use-After-Free in Windows XAML DatePickerFlyout That Could Elevate Local Privileges·AMZN +2.9%How to Prioritize Patching with Microsoft’s Confidence Metric: Lessons from CVE-2025-54894·MSFT +0.1%Microsoft Urges Immediate Patching for Windows Kernel Privilege-Escalation Flaw CVE-2025-54110·NVDA +3.0%Critical Windows Server VPN Gateway Flaw Allows Unauthenticated Remote Code Execution — Patch RRAS Now·GOOGL +1.2%Critical Windows RRAS Flaw CVE-2025-54097 Exposes VPN Server Memory: Patch Immediately·AMZN +2.9%Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now·MSFT +0.1%Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896·NVDA +3.0%Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now·GOOGL +1.2%Microsoft Patches Use-After-Free in Windows XAML DatePickerFlyout That Could Elevate Local Privileges·AMZN +2.9%How to Prioritize Patching with Microsoft’s Confidence Metric: Lessons from CVE-2025-54894·MSFT +0.1%Microsoft Urges Immediate Patching for Windows Kernel Privilege-Escalation Flaw CVE-2025-54110·NVDA +3.0%Critical Windows Server VPN Gateway Flaw Allows Unauthenticated Remote Code Execution — Patch RRAS Now·GOOGL +1.2%Critical Windows RRAS Flaw CVE-2025-54097 Exposes VPN Server Memory: Patch Immediately·AMZN +2.9%

Articles from 2025

Browse all Windows news articles published in 2025

12 articles Page 902 of 2838
Articles from 2025
All archives
Amsi · Asp.net

Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now

Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...

SE Security Desk·43w ago
Asr · Cve-2025-54896

Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896

Microsoft has issued a critical security advisory for CVE-2025-54896, a use-after-free vulnerability in Microsoft Office Excel that could allow attackers to execute arbitrary code on Windows...

SE Security Desk·43w ago
Authentication · Cve-2025-54895

Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now

Microsoft has released a security update to plug a critical elevation-of-privilege hole in the Windows NEGOEX authentication mechanism. Tracked as CVE-2025-54895, the flaw stems from an integer...

SE Security Desk·43w ago
Cve-2025-54111 · Datepickerflyout

Microsoft Patches Use-After-Free in Windows XAML DatePickerFlyout That Could Elevate Local Privileges

Microsoft has assigned CVE-2025-54111 to a use‑after‑free vulnerability in the Windows UI XAML Phone DatePickerFlyout control, warning that an authenticated local attacker could exploit the flaw...

SE Security Desk·43w ago
Cve · Cve-2025-54894

How to Prioritize Patching with Microsoft’s Confidence Metric: Lessons from CVE-2025-54894

A single metric buried inside every Microsoft Security Response Center (MSRC) advisory could be the difference between a patching strategy that works and one that wastes precious time. Security teams...

SE Security Desk·43w ago
Applocker · Aslr

Microsoft Urges Immediate Patching for Windows Kernel Privilege-Escalation Flaw CVE-2025-54110

Microsoft has released a security update to patch a high-severity vulnerability in the Windows kernel, tracked as CVE-2025-54110, that allows a local attacker to escalate privileges to SYSTEM level....

SE Security Desk·43w ago
Buffer Overflow · Cve-2025-49657

Critical Windows Server VPN Gateway Flaw Allows Unauthenticated Remote Code Execution — Patch RRAS Now

Microsoft is urging organizations to immediately patch a series of critical heap-based buffer overflow vulnerabilities in Windows Routing and Remote Access Service (RRAS) that can be exploited...

SE Security Desk·43w ago
Cve-2025-54097 · Extended Security Updates

Critical Windows RRAS Flaw CVE-2025-54097 Exposes VPN Server Memory: Patch Immediately

Microsoft has issued a security update addressing CVE-2025-54097, a critical information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows remote attackers...

SE Security Desk·43w ago
Cdpsvc · Cve-2025-54102

Windows CDPSvc Elevation Flaw (CVE-2025-54102) Patched; Attackers Could Seize SYSTEM Control

A high-severity vulnerability in the Windows Connected Devices Platform Service (CDPSvc), cataloged as CVE-2025-54102, can be exploited by a low-privileged local attacker to gain NT AUTHORITY\SYSTEM...

SE Security Desk·43w ago
Cve-2025-54101 · Cybersecurity

Windows SMBv3 Vulnerability CVE-2025-54101 Could Let Attackers Remotely Execute Code

A newly disclosed vulnerability in the Windows SMBv3 client could allow attackers to take full control of unpatched systems with nothing more than a network connection. Microsoft’s advisory,...

SE Security Desk·43w ago
Afd.sys · Cve-2025-54099

CVE-2025-54099: Windows Winsock Driver Stack Overflow Threatens SYSTEM Access

A stack-based buffer overflow in the Windows Ancillary Function Driver for WinSock (afd.sys) can be exploited by local attackers to seize SYSTEM privileges, Microsoft disclosed in a security...

SE Security Desk·43w ago
Blue Team · Cve-2025-49734

Hyper-V PowerShell Direct Flaw Lets Attackers Impersonate Admins, Microsoft Urges Patching

Microsoft has disclosed a new elevation-of-privilege vulnerability (CVE-2025-49734) in Windows Hyper-V’s PowerShell Direct feature that lets a locally authenticated attacker with low privileges...

SE Security Desk·43w ago