Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Siemens SIVaaS Bug Exposes Windows-Hosted Automation VMs to Remote Tampering Without Logins
A critical vulnerability in Siemens’ SIMATIC Virtualization as a Service (SIVaaS) has been assigned CVE-2025-40804, carrying a CVSS v3.1 base score of 9.1 and a CVSS v4 score of 9.3. The flaw—an...
Patch Gap: Siemens SINAMICS S200 Drives Left Vulnerable as CISA Issues Warning on CVE-2025-40594
Siemens has disclosed a privilege‑escalation vulnerability in its widely‑deployed SINAMICS drive family that allows an attacker with local network access to trigger factory resets and alter...
Schneider Electric Patches Critical File-Access Flaw in Modicon M340, But OT Risk Lingers
Industrial operators managing Schneider Electric’s Modicon M340 programmable automation controllers (PACs) face an immediate security challenge after the disclosure of a vulnerability that allows...
Microsoft Deploys SMB Relay Attack Auditing in CVE-2025-55234, Urges Phased Hardening Before Enforcement
Microsoft has released CVE-2025-55234 not as a traditional patch for a new vulnerability, but as a strategic operational toolkit designed to help administrators audit and harden their SMB...
Microsoft Ships Fixed Newtonsoft.Json in SQL Server CU to Address High-Severity DoS Flaw CVE-2024-21907
Microsoft has confirmed that a high-severity vulnerability in Newtonsoft.Json, the ubiquitous JSON library for .NET, is being addressed through cumulative updates for SQL Server and other products....
BitLocker Kernel Flaw CVE-2025-54912 Lets Attackers Escalate to SYSTEM, Microsoft Urges Patching
Microsoft has confirmed a critical use-after-free vulnerability in the Windows BitLocker stack, tracked as CVE-2025-54912, that could allow an authorized local attacker to gain SYSTEM privileges on...
Microsoft Fixes SQL Server Privilege Escalation Bug: The Real CVE Is 2025-53727, Not 55227
{ "title": "Microsoft Fixes SQL Server Privilege Escalation Bug: The Real CVE Is 2025-53727, Not 55227", "content": "Microsoft has released patches for a critical SQL Server...
CVE-2025-55224: Windows Win32K Race Condition Allows Hyper-V Escape and SYSTEM Access
A recently patched vulnerability in the Windows Win32K graphics subsystem allows an authenticated attacker—or a low-privileged process inside a Hyper-V virtual machine—to exploit a race condition...
Microsoft Patches Critical Type-Confusion Bug in Windows Defender Firewall Service (CVE-2025-54915)
Microsoft has released a patch for CVE-2025-54915, a local privilege escalation vulnerability in the Windows Defender Firewall Service that exploits a type-confusion error. The flaw, described by...
CVE-2025-54917 Exposes Windows Zone-Mapping Flaw That Lets Attackers Evade Security Controls
Microsoft has published an advisory for CVE-2025-54917, a security feature bypass in the Windows MapUrlToZone function that can allow an attacker to trick the operating system into misclassifying a...
Microsoft Fixes High-Impact BitLocker Use-After-Free Vulnerability (CVE-2025-54911)
Microsoft has disclosed a high-severity use-after-free vulnerability in Windows BitLocker, tracked as CVE-2025-54911, that could allow a local attacker to elevate privileges from a standard user...
Critical Office Heap Overflow (CVE-2025-54910) Patched for Windows, Mac Fixes Still Pending
Microsoft has released security updates to patch a critical heap-based buffer overflow in Microsoft Office, tracked as CVE-2025-54910, that could allow attackers to execute arbitrary code after a...