Msrc
The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.
Patch Now: SQL Injection Flaw in Microsoft SQL Server Grants Attackers Full Network Privileges
Microsoft has confirmed a high-severity elevation-of-privilege vulnerability tracked as CVE-2025-47954 that affects Microsoft SQL Server, allowing an authenticated attacker to escalate privileges...
Windows Notification Use‑After‑Free Vulnerability (CVE‑2025‑49725) Grants Attackers SYSTEM Privileges
Microsoft has patched a critical use‑after‑free vulnerability in the Windows Notification subsystem that could allow an authenticated local attacker to escalate privileges to SYSTEM. Tracked as...
CVE-2025-53723: Hyper‑V Truncation Bug Hands Local Attackers SYSTEM Control
Microsoft has published an advisory for a new elevation‑of‑privilege vulnerability in Windows Hyper‑V that could allow an authorized attacker on an affected host to escalate privileges and take...
Uninitialized Resource Bug in Windows RRAS Could Expose Corporate VPN Secrets, Microsoft Urges Patch
Microsoft has disclosed a new information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-53719, that could allow an authenticated attacker to...
Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation
Microsoft has issued a high-priority security advisory for a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Tracked as CVE-2025-53718, the flaw allows a...
Critical Heap Overflow in Windows RRAS: Patch Now to Protect VPN Gateways from Remote Code Execution
Microsoft’s June–July 2025 security updates address a critical heap-based buffer overflow in the Windows Routing and Remote Access Service (RRAS) that could allow remote code execution against...
CVE-2025-24050: Microsoft Patches High-Risk Hyper-V Heap Overflow That Enables Full Host Takeover
Microsoft’s March 2025 Patch Tuesday included a fix for CVE-2025-24050, a heap‑based buffer overflow in Windows Hyper‑V that allows an attacker with local access to escalate privileges all the...
Patch Immediately: Windows Kernel Use-After-Free CVE-2025-53151 Opens Door to SYSTEM Takeover
Microsoft has released a critical security update to address CVE-2025-53151, a use-after-free vulnerability in the Windows kernel that lets authenticated local attackers escalate their privileges to...
Microsoft Patches CVE-2025-53143: Critical MSMQ Type-Confusion RCE Demands Immediate Action
Microsoft has delivered a security update for CVE-2025-53143, a remote code execution vulnerability in the Windows Message Queuing (MSMQ) service. The flaw, rooted in a type confusion error, allows...
CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation
{ "title": "CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation", "content": "Microsoft has released a security patch for a high‑severity privilege...
Patch Now: CVE-2025-53140 Kernel Transaction Manager Use-After-Free Enables Local Privilege Escalation on Windows
Microsoft has released a security update for CVE-2025-53140, a use-after-free vulnerability in the Windows Kernel Transaction Manager (KTM) that allows an authorized local attacker to elevate...
Actively Exploited Windows AFD.sys Flaw Earns CISA KEV Status Amid Patching Confusion
Microsoft’s February 2025 Patch Tuesday delivered a fix for CVE-2025-21418, a heap-based buffer overflow in the Windows Ancillary Function Driver (afd.sys), but sysadmins are grappling with a...