Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-53806: Microsoft Patches RRAS Memory Disclosure Flaw in Windows VPN Servers
Microsoft has disclosed CVE-2025-53806, a new information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows attackers to read sensitive memory contents from...
CVE-2025-53804: Windows Kernel Vulnerability Exposes Sensitive Data—Patch Now and Harden Defenses
Microsoft has confirmed a new information disclosure vulnerability in the Windows kernel, tracked as CVE-2025-53804, that allows a local attacker to extract sensitive data from protected kernel...
Patch Alert: Microsoft Flags High-Risk Graphics Privilege Escalation (CVE-2025-53800)
Microsoft’s latest security advisory addresses an elevation-of-privilege vulnerability in the Windows Graphics Component tracked as CVE-2025-53800. Published through the Security Update Guide, the...
Microsoft Emergency Patch for RRAS Memory Leak (CVE-2025-53796) — Update Windows VPN Gateways Now
Microsoft has released a critical security update for Windows Routing and Remote Access Service (RRAS) to plug an information disclosure hole that allows attackers to siphon memory contents over the...
Critical Local Privilege Escalation Bug in Windows DWM Fixed: Here’s What You Need to Know
Microsoft has patched a serious local privilege escalation vulnerability in the Windows Desktop Window Manager (DWM) Core Library, tracked as CVE-2025-53801, that could allow an attacker with a basic...
Microsoft Patches Windows Kernel Memory Leak (CVE-2025-53803) That Facilitates Privilege Escalation
Microsoft has released a security update to close a Windows kernel memory disclosure vulnerability that hands attackers a powerful reconnaissance tool for crafting more reliable exploits. Tracked as...
Microsoft Patches Windows Imaging Component Flaw That Could Leak Sensitive Data Through Crafted Images
A critical information disclosure vulnerability in the Windows Imaging Component (WIC) was among the top fixes delivered in Microsoft’s July 2025 Patch Tuesday updates. Tracked as CVE-2025-47980,...
CVE-2025-49692: Azure Connected Machine Agent Vulnerability Demands Immediate Patching
Microsoft has released a security update to address a critical elevation-of-privilege vulnerability (CVE-2025-49692) in the Azure Connected Machine agent, the software component that enables Azure...
SQL Server Vulnerability CVE-2025-47997: Patch Now to Block Memory Disclosure Attacks
Microsoft has released patches for a critical information-disclosure vulnerability in SQL Server that could allow an authenticated attacker to read sensitive memory contents over the network. Tracked...
Microsoft AutoUpdate Vulnerability Lets Attackers Escalate to Root on macOS via Symlink Tricks
Microsoft has disclosed a fresh local elevation-of-privilege vulnerability in its Microsoft AutoUpdate (MAU) agent that allows an attacker with an existing foothold on a macOS machine to escalate to...
Azure Arc’s Critical Local Privilege Flaw Fixed, But CVE Muddle May Leave Systems Exposed
Microsoft has patched a high-severity local elevation-of-privilege vulnerability in Azure Arc, but confusion over the associated CVE identifier could cause dangerous patching delays, security...
CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners
Microsoft has published a security advisory for CVE-2025-55243, a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable attackers to...