Edr
The latest Edr coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-49692: Azure Connected Machine Agent Vulnerability Demands Immediate Patching
Microsoft has released a security update to address a critical elevation-of-privilege vulnerability (CVE-2025-49692) in the Azure Connected Machine agent, the software component that enables Azure...
Patch Now: Xbox Gaming Services CVE-2024-28916 Lets Low-Privilege Attackers Escalate to SYSTEM
A critical elevation-of-privilege vulnerability in Microsoft’s Xbox Gaming Services component, tracked as CVE-2024-28916, has been patched, but not before a public proof-of-concept demonstrated how...
Patch Now: CVE-2025-54919 Win32K Bug Opens Door to Instant SYSTEM-Level Compromise
Microsoft has released a security update for a high‑impact race condition vulnerability in the Windows Win32K graphics subsystem that could allow an authenticated local attacker to gain...
Stack-Based Buffer Overflow in Windows NTFS Driver: Unverified CVE-2025-54916 Drives Mitigation Urgency
A report of a high-severity Windows NTFS vulnerability—described as a stack-based buffer overflow allowing local code execution—has surfaced with the identifier CVE-2025-54916, though the CVE...
Race Condition in Windows MapControl Could Give Attackers Admin Rights – Patch Today
Microsoft has released a security update to address a critical race condition vulnerability in the Windows MapControl UI component that could allow local attackers to gain elevated privileges....
Microsoft's Hidden PowerPoint Flaw: Why CVE-2025-54908 Evades Verification but Demands Action
A newly surfaced Microsoft advisory for CVE-2025-54908 warns of a use-after-free vulnerability in PowerPoint that could allow an unauthorized attacker to execute code locally. However, when security...
Microsoft Flags Critical Visio Heap Overflow – Urgent Patch for CVE-2025-54907 Underway
Microsoft has confirmed a dangerous heap-based buffer overflow in Microsoft Office Visio that lets attackers execute malicious code simply by convincing a user to open a rigged diagram file. The...
Microsoft Patches Excel Code Execution Flaw CVE-2025-54904, but Mac LTSC Still Exposed
Administrators scrambling to lock down Microsoft Excel against a newly disclosed code execution vulnerability have hit a snag: the security updates for Office LTSC for Mac 2021 and 2024 are not yet...
CVE-2025-54905: Critical Microsoft Office Vulnerability Patched—Users Urged to Update Now
Microsoft has released a security patch for CVE-2025-54905, a dangerous untrusted pointer dereference vulnerability in Microsoft Office that could let attackers seize control of an unpatched system...
CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing
Microsoft has released a security update for a critical out-of-bounds read vulnerability in Excel that could allow remote code execution—but the patch is not yet available for Mac users. Tracked as...
CVE-2025-54899 Exposes Excel to Code Execution Attacks: Patch Deployed for Critical Memory-Safety Bug
Microsoft has released a security update to patch CVE-2025-54899, a memory-safety vulnerability in Excel that can allow attackers to execute arbitrary code on a victim's machine when a malicious...
Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now
Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...