Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-59243 Excel Memory Safety RCE: Critical Patch Analysis
Microsoft has issued an urgent security advisory for CVE-2025-59243, a critical memory safety vulnerability in Microsoft Excel that enables remote code execution when users open maliciously crafted...
CVE-2025-59282: Critical IIS COM Race Condition Threatens Windows Servers
Microsoft's October 2025 security updates contain a critical fix for CVE-2025-59282, a high-severity race condition vulnerability in Internet Information Services (IIS) Inbox COM Objects that enables...
CVE-2025-54132: Cursor Mermaid Diagram Security Vulnerability Analysis
A critical security vulnerability designated as CVE-2025-54132 has been identified in Cursor's Mermaid-based diagram renderer, exposing users to potential data exfiltration attacks through...
CVE-2025-55335: Critical NTFS Privilege Escalation Vulnerability Patched
Microsoft has urgently addressed a critical security vulnerability in the Windows NTFS file system driver that could allow attackers to gain elevated privileges on affected systems. CVE-2025-55335,...
CVE-2025-47979: Critical Windows Failover Cluster Information Disclosure Vulnerability
Microsoft has disclosed a significant security vulnerability in Windows Failover Clustering that could expose sensitive cluster configuration data through accessible log files. CVE-2025-47979, rated...
CVE-2025-55336: Windows Cloud Files Driver Vulnerability Exposes Sensitive Data
Microsoft has disclosed a significant information disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that could allow authenticated local attackers to access...
CVE-2025-59235: Critical Excel Memory Vulnerability Requires Immediate Patching
Microsoft has issued a high-priority security advisory for CVE-2025-59235, a serious out-of-bounds read vulnerability in Excel that could expose sensitive process memory when users open maliciously...
CVE-2025-47979: Windows Failover Cluster Information Disclosure Vulnerability Patched
Microsoft has addressed a critical information disclosure vulnerability in Windows Failover Cluster that could expose sensitive data through cluster log files. The vulnerability, tracked as...
CVE-2025-59185: Critical Windows NTLM Spoofing Flaw Demands Immediate Patching
Microsoft has disclosed a significant security vulnerability, tracked as CVE-2025-59185, within the Windows Core Shell component, classified as a spoofing issue that could lead to NTLM credential...
Microsoft Patches Xbox Gaming Services Flaw Allowing Low-Privilege Users to Escalate Access
Microsoft has confirmed a significant security vulnerability in Xbox Gaming Services that could allow attackers to escalate privileges on Windows systems through improper link resolution. The flaw,...
CVE-2025-59255: Critical Windows DWM Privilege Escalation Vulnerability Analysis
Microsoft has confirmed a critical elevation-of-privilege vulnerability in the Desktop Window Manager (DWM) core library, tracked as CVE-2025-59255, that represents a significant security threat to...
CVE-2025-59259: Windows LSM DoS Vulnerability Threatens System Stability
Microsoft has disclosed a significant security vulnerability in Windows Local Session Manager (LSM) that could allow authenticated attackers to crash systems or cause persistent denial of service...