Live
Microsoft Quietly Patches Copilot Audit-Log Bypass, Keeps Customers in the Dark·MSFT +0.1%After Stealth Falcon Zero-Day, Disable These 5 Windows Features to Slash Attack Surface·NVDA +3.0%WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation·GOOGL +1.2%CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers·AMZN +2.9%Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching·MSFT +0.1%CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now·NVDA +3.0%Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call·GOOGL +1.2%CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access·AMZN +2.9%Microsoft Quietly Patches Copilot Audit-Log Bypass, Keeps Customers in the Dark·MSFT +0.1%After Stealth Falcon Zero-Day, Disable These 5 Windows Features to Slash Attack Surface·NVDA +3.0%WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation·GOOGL +1.2%CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers·AMZN +2.9%Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching·MSFT +0.1%CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now·NVDA +3.0%Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call·GOOGL +1.2%CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access·AMZN +2.9%

Msrc

The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 6:07 AM
Latest Most Read Breaking
Sort
Ai Governance · Audit Logs

Microsoft Quietly Patches Copilot Audit-Log Bypass, Keeps Customers in the Dark

Security researchers have uncovered a critical blind spot in Microsoft’s Purview audit logging for Copilot: certain prompts can retrieve sensitive file contents without leaving any trace in audit...

Advertisement
Cve-2025-53783 · Cybersecurity

Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching

Microsoft has published a security advisory for CVE-2025-53783, a heap-based buffer overflow in Microsoft Teams that allows an unauthorized attacker to execute code remotely over a network. The...

SE Security Desk·48w ago
Active Directory · Authentication

CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now

Microsoft’s security team has published guidance for CVE-2025-53779, a newly disclosed vulnerability in Windows Kerberos that could let authenticated attackers on the network elevate their...

SE Security Desk·48w ago
Cve-2025-53766 · Defense In Depth

Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call

Microsoft’s Security Update Guide has quietly listed a new vulnerability tracked as CVE-2025-53766, describing a heap-based buffer overflow in the GDI+ graphics library that could allow remote code...

SE Security Desk·48w ago
Azure Local · Azure Stack Hub

CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access

Microsoft’s Security Response Center has published an advisory for CVE-2025-53765, an information disclosure vulnerability in Azure Stack Hub that permits an attacker with local authorization to...

SE Security Desk·48w ago
Cve-2025-47957 · Cybersecurity

CVE-2025-47957: Decoding Microsoft’s Critical Word Use-After-Free Vulnerability

Microsoft’s security team recently pushed out a fix for a critical vulnerability in Microsoft Word that, if left unpatched, could give attackers a direct path to executing malicious code on a...

SE Security Desk·48w ago
Asr · Buffer Over-read

Microsoft Office Buffer Over-Read Bugs Strike Word and Excel: What Enterprises Must Patch Now

Microsoft has rolled out crucial patches for two high-severity buffer over-read vulnerabilities in Microsoft Word and Excel, both enabling local attackers to extract sensitive memory contents. The...

SE Security Desk·48w ago
Asr · Cve-2025-53735

Microsoft Patches Critical Excel Use-After-Free Flaw (CVE-2025-53735) That Executes Code via Malicious Spreadsheets

Microsoft has confirmed a serious use-after-free vulnerability in Microsoft Excel, tracked as CVE-2025-53735, that can allow attackers to execute arbitrary code on a victim’s machine simply by...

SE Security Desk·48w ago
Application Guard · Asr

CVE-2025-53733: Patch Microsoft Word RCE Now – Numeric Conversion Flaw Exploited

Microsoft has published advisory CVE-2025-53733, warning of a remote code execution vulnerability in Microsoft Word that stems from an incorrect conversion between numeric types during document...

SE Security Desk·48w ago