Msrc
The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Quietly Patches Copilot Audit-Log Bypass, Keeps Customers in the Dark
Security researchers have uncovered a critical blind spot in Microsoft’s Purview audit logging for Copilot: certain prompts can retrieve sensitive file contents without leaving any trace in audit...
After Stealth Falcon Zero-Day, Disable These 5 Windows Features to Slash Attack Surface
A targeted espionage campaign exploiting a zero-day vulnerability in Windows' WebDAV component has reignited calls for users to disable unnecessary built-in services. The Stealth Falcon group,...
WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation
Microsoft released an out-of-band Windows Subsystem for Linux (WSL) update on August 6, 2025, patching a local elevation-of-privilege vulnerability that could let attackers break out of WSL2...
CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers
Microsoft's July 2025 Patch Tuesday delivers a fix for a high-severity missing authorization vulnerability in the Windows StateRepository API, tracked as CVE-2025-49723. The bug lets an already...
Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching
Microsoft has published a security advisory for CVE-2025-53783, a heap-based buffer overflow in Microsoft Teams that allows an unauthorized attacker to execute code remotely over a network. The...
CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now
Microsoft’s security team has published guidance for CVE-2025-53779, a newly disclosed vulnerability in Windows Kerberos that could let authenticated attackers on the network elevate their...
Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call
Microsoft’s Security Update Guide has quietly listed a new vulnerability tracked as CVE-2025-53766, describing a heap-based buffer overflow in the GDI+ graphics library that could allow remote code...
CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access
Microsoft’s Security Response Center has published an advisory for CVE-2025-53765, an information disclosure vulnerability in Azure Stack Hub that permits an attacker with local authorization to...
CVE-2025-47957: Decoding Microsoft’s Critical Word Use-After-Free Vulnerability
Microsoft’s security team recently pushed out a fix for a critical vulnerability in Microsoft Word that, if left unpatched, could give attackers a direct path to executing malicious code on a...
Microsoft Office Buffer Over-Read Bugs Strike Word and Excel: What Enterprises Must Patch Now
Microsoft has rolled out crucial patches for two high-severity buffer over-read vulnerabilities in Microsoft Word and Excel, both enabling local attackers to extract sensitive memory contents. The...
Microsoft Patches Critical Excel Use-After-Free Flaw (CVE-2025-53735) That Executes Code via Malicious Spreadsheets
Microsoft has confirmed a serious use-after-free vulnerability in Microsoft Excel, tracked as CVE-2025-53735, that can allow attackers to execute arbitrary code on a victim’s machine simply by...
CVE-2025-53733: Patch Microsoft Word RCE Now – Numeric Conversion Flaw Exploited
Microsoft has published advisory CVE-2025-53733, warning of a remote code execution vulnerability in Microsoft Word that stems from an incorrect conversion between numeric types during document...