Msrc Advisory
The latest Msrc Advisory coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Confirms New Privilege Escalation Flaw in Windows Management Services, Urges Immediate Patching
Microsoft has disclosed a new elevation-of-privilege vulnerability, CVE-2026-20865, in its Windows Management Services (WMS) component. The advisory, posted on the Microsoft Security Response Center...
CVE-2025-64675: Analyzing the Azure Cosmos DB Spoofing Vulnerability and Cloud Security Implications
Microsoft's Security Response Center has officially documented CVE-2025-64675 as a spoofing vulnerability affecting Azure Cosmos DB, though the public disclosure contains deliberately limited...
CVE-2025-59278: Critical Windows Local Privilege Escalation Vulnerability Patched
Microsoft has urgently addressed a critical local privilege escalation vulnerability designated CVE-2025-59278 that affects multiple Windows operating systems. This security flaw in the Windows...
TOCTOU Bug in Windows Graphics Gives Local Attackers SYSTEM Access
Microsoft has disclosed a critical security vulnerability in the Windows Graphics Component that could allow authenticated local attackers to escalate privileges on affected systems. CVE-2025-59261...
CVE-2025-55248: Critical .NET and Visual Studio Information Disclosure Vulnerability Patched
Microsoft has addressed a significant information disclosure vulnerability affecting .NET, .NET Framework, and Visual Studio in their October 2025 security updates. Tracked as CVE-2025-55248, this...
CVE-2025-59286: Microsoft Copilot Spoofing Vulnerability Explained
Microsoft has quietly disclosed a significant security vulnerability affecting its Copilot AI assistant, designated as CVE-2025-59286, which has been classified as a "Copilot — Spoofing" threat in...
Microsoft Flags Graphics Bug That Lets Attackers Grab System Control—Here’s Your Patching Plan
Microsoft’s latest security update addresses a race condition in the Windows graphics component that could allow an attacker with local access to escalate privileges to SYSTEM level. The...
Two Windows Bluetooth Flaws Could Give Attackers SYSTEM Access: Here’s What to Do
Microsoft has fixed two serious elevation-of-privilege vulnerabilities in the Windows Bluetooth Service that could be chained with other exploits to hand an attacker full control of an unpatched PC....
Microsoft Warns: New Windows Management Service UAF Bug Could Hand Attackers SYSTEM Control
Microsoft’s Security Response Center has published a critical security advisory for a use-after-free vulnerability in the Windows Management Service that could allow an authenticated local attacker...
CVE-2025-54091: Windows Hyper-V Integer Overflow Lets Attackers Gain SYSTEM on Hosts
A critical integer overflow vulnerability in Windows Hyper-V, tracked as CVE-2025-54091, allows authenticated local attackers to escalate privileges to SYSTEM level on the host machine, Microsoft has...
Windows Hyper-V Race Condition Flaw (CVE-2025-54092) Enables Attackers to Seize Host Control
Microsoft has disclosed a dangerous race condition vulnerability in Windows Hyper-V that could allow a local attacker to seize SYSTEM-level privileges on the host. Tracked as CVE-2025-54092, the flaw...
Microsoft Patches Type Confusion Flaw in Windows Defender Firewall That Risks System Compromise
Microsoft has released a security update to fix a critical elevation-of-privilege vulnerability in the Windows Defender Firewall Service that could allow an authenticated attacker to gain...