Msrc Advisory
The latest Msrc Advisory coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know
Microsoft has patched a serious local privilege escalation vulnerability in the Windows Desktop Window Manager (DWM) Core Library, tracked as CVE-2025-53801, that could allow an attacker with a basic...
CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now
Microsoft has issued a security advisory for CVE-2025-54906, a critical memory-corruption vulnerability in Office that can lead to arbitrary code execution when a user opens or previews a specially...
Urgent Excel Security Fix: Use-After-Free Bug Opens Door to Code Execution — Mac LTSC Patches Delayed
Microsoft has issued a security advisory for CVE-2025-54903, a critical use-after-free vulnerability in Microsoft Excel that allows an attacker to execute code locally when a victim opens a...
Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now
Microsoft has released a security update to plug a critical elevation-of-privilege hole in the Windows NEGOEX authentication mechanism. Tracked as CVE-2025-54895, the flaw stems from an integer...
Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android
Microsoft’s Security Response Center has disclosed CVE-2025-49755, a user-interface spoofing flaw in Microsoft Edge (Chromium-based) for Android that could let attackers trick users into handing...
Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data
Microsoft has published an urgent security advisory for CVE-2025-53793, an improper authentication vulnerability in Azure Stack Hub that could allow unauthenticated attackers to access sensitive...
CVE-2025-50155: Critical Windows Push Notifications EoP Flaw Exposes Systems to Full Takeover
A serious elevation-of-privilege vulnerability in Windows Push Notifications has been cataloged as CVE-2025-50155 by Microsoft, giving authenticated local attackers a clear path to SYSTEM-level...
Microsoft Closes Excel Heap Overflow Remote Code Execution Hole (CVE-2025-53737) — Patch Now
Microsoft’s April 2025 security updates included a fix for a heap overflow vulnerability in Excel that attackers could exploit to run arbitrary code on a victim’s machine. Tracked as...
Urgent Patch for CVE-2025-53732: Microsoft Office Heap Overflow Enables Remote Code Execution via Malicious Documents
Microsoft has released a critical security update addressing CVE-2025-53732, a heap-based buffer overflow vulnerability in Microsoft Office that allows remote code execution (RCE) when a user opens a...
Microsoft Patches Dynamics 365 On-Prem Flaw CVE-2025-53728 That Exposes Sensitive Data
Microsoft has released a security update to fix an information disclosure vulnerability in Dynamics 365 on-premises versions, tracked as CVE-2025-53728. The flaw, classified as allowing an...
Critical Office Use-After-Free Bug (CVE-2025-53731) Lets Attackers Execute Code—Patch Now, Microsoft Warns
Microsoft’s Security Response Center has published a new advisory, CVE-2025-53731, confirming a critical use-after-free vulnerability in Microsoft Office that can let attackers execute arbitrary...
Actively Exploited AFD.sys Vulnerability Grants Attackers SYSTEM Access: Patch Now
Microsoft has patched a dangerous vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) that attackers are actively exploiting in the wild to gain complete control over...