Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-49692: Azure Connected Machine Agent Vulnerability Demands Immediate Patching
Microsoft has released a security update to address a critical elevation-of-privilege vulnerability (CVE-2025-49692) in the Azure Connected Machine agent, the software component that enables Azure...
SQL Server Vulnerability CVE-2025-47997: Patch Now to Block Memory Disclosure Attacks
Microsoft has released patches for a critical information-disclosure vulnerability in SQL Server that could allow an authenticated attacker to read sensitive memory contents over the network. Tracked...
Microsoft AutoUpdate Vulnerability Lets Attackers Escalate to Root on macOS via Symlink Tricks
Microsoft has disclosed a fresh local elevation-of-privilege vulnerability in its Microsoft AutoUpdate (MAU) agent that allows an attacker with an existing foothold on a macOS machine to escalate to...
Azure Arc’s Critical Local Privilege Flaw Fixed, But CVE Muddle May Leave Systems Exposed
Microsoft has patched a high-severity local elevation-of-privilege vulnerability in Azure Arc, but confusion over the associated CVE identifier could cause dangerous patching delays, security...
CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners
Microsoft has published a security advisory for CVE-2025-55243, a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable attackers to...
Patch Now: Xbox Gaming Services CVE-2024-28916 Lets Low-Privilege Attackers Escalate to SYSTEM
A critical elevation-of-privilege vulnerability in Microsoft’s Xbox Gaming Services component, tracked as CVE-2024-28916, has been patched, but not before a public proof-of-concept demonstrated how...
CVE-2025-55236: Windows Graphics Kernel Race Condition Allows Attackers to Escalate to SYSTEM — Patch Now
Microsoft has published advisory CVE-2025-55236, a time-of-check/time-of-use (TOCTOU) race condition in the Windows Graphics Kernel that hands local, authenticated attackers a path to elevate...
Patch Now: Windows Graphics Kernel Race Condition (CVE-2025-55226) Puts Multi-User Systems at Kernel Compromise Risk
Microsoft has pushed out a security update to patch CVE-2025-55226, a high-severity race condition vulnerability in the Windows Graphics Kernel that enables an authenticated local attacker to execute...
Unverified Deserialization Flaw in Microsoft HPC Pack Could Enable Remote Code Execution
Microsoft’s High Performance Compute (HPC) Pack is under scrutiny after a report surfaced describing a critical deserialization vulnerability that could allow attackers to execute arbitrary code...
Urgent: Windows Win32K GRFX Race Condition Exploitable for Kernel Code Execution – Patch Now
Microsoft has disclosed a dangerous race condition vulnerability in the Windows graphics subsystem’s Win32K component, tracked as CVE-2025-55228, that allows an authenticated local attacker to gain...
Patch Now: Windows RRAS Flaw CVE-2025-55225 Spills System Memory to Remote Attackers
Microsoft has confirmed a serious information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that could let attackers remotely read sensitive memory contents from...
The CVE That Isn't There: DirectX Kernel Race Condition Panic and the Patches You Actually Need
Microsoft's August 2025 security updates landed with a thud for Windows administrators, but not all of them came with a neat advisory. In forums across the web, sysadmins are chasing a ghost:...