Live
Patch Now: SQL Injection Flaw in Microsoft SQL Server Grants Attackers Full Network Privileges·MSFT +0.1%Windows Notification Use‑After‑Free Vulnerability (CVE‑2025‑49725) Grants Attackers SYSTEM Privileges·NVDA +3.0%CVE-2025-53723: Hyper‑V Truncation Bug Hands Local Attackers SYSTEM Control·GOOGL +1.2%Uninitialized Resource Bug in Windows RRAS Could Expose Corporate VPN Secrets, Microsoft Urges Patch·AMZN +2.9%Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation·MSFT +0.1%Critical Heap Overflow in Windows RRAS: Patch Now to Protect VPN Gateways from Remote Code Execution·NVDA +3.0%CVE-2025-24050: Microsoft Patches High-Risk Hyper-V Heap Overflow That Enables Full Host Takeover·GOOGL +1.2%Patch Immediately: Windows Kernel Use-After-Free CVE-2025-53151 Opens Door to SYSTEM Takeover·AMZN +2.9%Patch Now: SQL Injection Flaw in Microsoft SQL Server Grants Attackers Full Network Privileges·MSFT +0.1%Windows Notification Use‑After‑Free Vulnerability (CVE‑2025‑49725) Grants Attackers SYSTEM Privileges·NVDA +3.0%CVE-2025-53723: Hyper‑V Truncation Bug Hands Local Attackers SYSTEM Control·GOOGL +1.2%Uninitialized Resource Bug in Windows RRAS Could Expose Corporate VPN Secrets, Microsoft Urges Patch·AMZN +2.9%Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation·MSFT +0.1%Critical Heap Overflow in Windows RRAS: Patch Now to Protect VPN Gateways from Remote Code Execution·NVDA +3.0%CVE-2025-24050: Microsoft Patches High-Risk Hyper-V Heap Overflow That Enables Full Host Takeover·GOOGL +1.2%Patch Immediately: Windows Kernel Use-After-Free CVE-2025-53151 Opens Door to SYSTEM Takeover·AMZN +2.9%

Msrc

The latest Msrc coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 1:57 PM
Latest Most Read Breaking
Sort
Cve-2025-47954 · Database Security

Patch Now: SQL Injection Flaw in Microsoft SQL Server Grants Attackers Full Network Privileges

Microsoft has confirmed a high-severity elevation-of-privilege vulnerability tracked as CVE-2025-47954 that affects Microsoft SQL Server, allowing an authenticated attacker to escalate privileges...

Advertisement
Afd.sys · Applocker

Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation

Microsoft has issued a high-priority security advisory for a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Tracked as CVE-2025-53718, the flaw allows a...

SE Security Desk·48w ago
Cve-2025-33064 · Cve-2025-49657

Critical Heap Overflow in Windows RRAS: Patch Now to Protect VPN Gateways from Remote Code Execution

Microsoft’s June–July 2025 security updates address a critical heap-based buffer overflow in the Windows Routing and Remote Access Service (RRAS) that could allow remote code execution against...

SE Security Desk·48w ago
Cve-2025-24050 · Cve-2025-53155

CVE-2025-24050: Microsoft Patches High-Risk Hyper-V Heap Overflow That Enables Full Host Takeover

Microsoft’s March 2025 Patch Tuesday included a fix for CVE-2025-24050, a heap‑based buffer overflow in Windows Hyper‑V that allows an attacker with local access to escalate privileges all the...

SE Security Desk·48w ago
Cve-2025-53151 · Edr

Patch Immediately: Windows Kernel Use-After-Free CVE-2025-53151 Opens Door to SYSTEM Takeover

Microsoft has released a critical security update to address CVE-2025-53151, a use-after-free vulnerability in the Windows kernel that lets authenticated local attackers escalate their privileges to...

SE Security Desk·48w ago
Cert-eu · Check Point Research

Microsoft Patches CVE-2025-53143: Critical MSMQ Type-Confusion RCE Demands Immediate Action

Microsoft has delivered a security update for CVE-2025-53143, a remote code execution vulnerability in the Windows Message Queuing (MSMQ) service. The flaw, rooted in a type confusion error, allows...

SE Security Desk·48w ago
Afd.sys · Cve-2025-53141

CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation

{ "title": "CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation", "content": "Microsoft has released a security patch for a high‑severity privilege...

SE Security Desk·48w ago
Cve-2025-53140 · Edr Telemetry

Patch Now: CVE-2025-53140 Kernel Transaction Manager Use-After-Free Enables Local Privilege Escalation on Windows

Microsoft has released a security update for CVE-2025-53140, a use-after-free vulnerability in the Windows Kernel Transaction Manager (KTM) that allows an authorized local attacker to elevate...

SE Security Desk·48w ago
Afd.sys · Cisa

Actively Exploited Windows AFD.sys Flaw Earns CISA KEV Status Amid Patching Confusion

Microsoft’s February 2025 Patch Tuesday delivered a fix for CVE-2025-21418, a heap-based buffer overflow in the Windows Ancillary Function Driver (afd.sys), but sysadmins are grappling with a...

SE Security Desk·48w ago