Msrc
The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Fixes High-Impact BitLocker Use-After-Free Vulnerability (CVE-2025-54911)
Microsoft has disclosed a high-severity use-after-free vulnerability in Windows BitLocker, tracked as CVE-2025-54911, that could allow a local attacker to elevate privileges from a standard user...
Critical Office Heap Overflow (CVE-2025-54910) Patched for Windows, Mac Fixes Still Pending
Microsoft has released security updates to patch a critical heap-based buffer overflow in Microsoft Office, tracked as CVE-2025-54910, that could allow attackers to execute arbitrary code after a...
Excel CVE-2025-54901: Patch Now for Critical Memory Disclosure, Mac Users Wait
Microsoft has released emergency security updates to patch a significant information-disclosure vulnerability in Microsoft Excel, tracked as CVE-2025-54901, that can expose sensitive process memory...
Patch Windows MultiPoint Services Immediately — CVE-2025-54116 Grants Attackers SYSTEM Access
Microsoft has patched a dangerous local privilege escalation vulnerability in Windows MultiPoint Services that could allow attackers with a foothold on a machine to gain full SYSTEM-level control....
Hyper-V Privilege Escalation Flaw Exposes Hosts: Microsoft Urges Immediate Patching for CVE-2025-54115
Microsoft has released security updates to fix a critical race condition vulnerability in Windows Hyper-V that could allow an attacker with local access to escalate privileges and take over the host...
Urgent Patch Alert: Windows VHD Bug CVE-2025-54112 Enables Full System Compromise
A single booby-trapped VHD file is all an attacker needs to jump from limited user to complete Windows server or workstation control. That’s the reality behind CVE-2025-54112, the latest...
Microsoft's Brokering File System Hit by Race Condition—Attackers Can Seize SYSTEM
Microsoft has confirmed a local elevation-of-privilege vulnerability in its Brokering File System that hands a low-privileged local user a pathway to full SYSTEM control. Tracked as CVE-2025-54105,...
Windows Firewall’s Memory Misfire: How CVE-2025-54094 Opens a Door to SYSTEM Privileges
A newly disclosed privilege escalation vulnerability in the Windows Defender Firewall Service allows attackers with a foothold on a system to seize complete control, elevating standard user...
Critical Hyper-V Privilege Escalation Flaw (CVE-2025-54098) Demands Immediate Patching
Microsoft has released a security update to fix a serious privilege escalation vulnerability in Windows Hyper-V, tracked as CVE-2025-54098, that could allow an attacker with local access to elevate...
CVE-2025-53810: Urgent Windows Type-Confusion Bug Grants Attackers SYSTEM Access
A type-confusion flaw in a core Windows service, tracked as CVE-2025-53810, allows any authenticated local user to escalate privileges to SYSTEM, Microsoft’s Security Response Center confirmed in a...
Critical Windows LSASS Bug Exposes Domain Controllers to Authentication DoS Attacks
Microsoft’s latest security advisory for CVE-2025-53809 details a network-exploitable denial-of-service flaw in the Windows Local Security Authority Subsystem Service, the bedrock of authentication...
Critical Windows Graphics Race Condition (CVE-2025-53807) Hands Out SYSTEM Access—Urgent Patch Guide
A race condition in the Windows Graphics Component can hand authenticated attackers full SYSTEM privileges, Microsoft disclosed this week. The vulnerability, cataloged as CVE-2025-53807, lurks in the...