Msrc
The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.
Hyper-V PowerShell Direct Flaw Lets Attackers Impersonate Admins, Microsoft Urges Patching
Microsoft has disclosed a new elevation-of-privilege vulnerability (CVE-2025-49734) in Windows Hyper-V’s PowerShell Direct feature that lets a locally authenticated attacker with low privileges...
Microsoft Patches CVE-2025-53798: RRAS Memory Leak Exposes VPN Gateways to Data Theft
Microsoft has released a vendor update to patch CVE-2025-53798, an information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows an attacker to read...
Critical RRAS Flaw Exposes VPN Gateways to Remote Memory Leaks — Patch Immediately
A remote information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) received an out-of-band advisory from Microsoft this week, warning that attackers can siphon...
Critical RRAS Memory Leak CVE-2025-53797 Puts VPN Gateways at Risk – Patch Immediately
Microsoft has disclosed a high-severity information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that could allow unauthenticated attackers to read sensitive...
Behind CVE-2025-55241: Why the MSRC Advisory Is Sparking a Hunt for Windows Exploit Defenses
Microsoft's Security Response Center published advisory CVE-2025-55241, and within hours, security practitioners weren't just scanning for patches—they were demanding deep-dive guidance on...
CVE Confusion Hits Microsoft Dynamics 365 FastTrack: Urgent Patch Needed for Info-Disclosure Flaw
Microsoft's Dynamics 365 FastTrack Implementation Assets have been thrust into the security spotlight following an information disclosure vulnerability that lets attackers harvest private data over a...
CVE-2025-55242: Microsoft Flags Xbox Information Disclosure Exploit – Admins Must Patch Immediately
Microsoft has published a security advisory for CVE-2025-55242, an information disclosure vulnerability that could allow unauthorized actors to access sensitive data over a network. The bug, which...
Microsoft Confirms Two Azure Bot Service Elevation-of-Privilege Flaws, Urges Immediate Patching
Security teams responsible for Azure Bot Service deployments are grappling with a double-barreled set of improper authorization vulnerabilities that could let unauthenticated attackers hijack cloud...
Azure Networking EoP Flaw CVE-2025-54914: Immediate Hardening Steps for Hybrid Cloud Teams
Microsoft’s Security Response Center (MSRC) has published an advisory for CVE-2025-54914, an elevation-of-privilege vulnerability in Azure Networking that could allow attackers with minimal...
Microsoft Flags Critical Race Condition RCE in Windows Storage—Patch Immediately
Microsoft has issued a critical security advisory for CVE-2025-55231, a race‑condition vulnerability in the Windows storage management stack that could allow remote code execution. The flaw,...
Patch Now: Microsoft's netbt.sys Kernel Flaw (CVE-2025-55230/47996) Grants Attackers Full Control
A local elevation-of-privilege flaw in the Windows MBT Transport driver—the kernel component behind NetBIOS over TCP/IP—can hand attackers full SYSTEM rights, and while Microsoft’s July 2025...
Microsoft Quietly Patches Copilot Flaw That Let Insiders Access Files Without Audit Traces
A security researcher discovered that a simple prompt technique could make Microsoft 365 Copilot summarize sensitive corporate files without leaving the required Purview audit records. Microsoft...