Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-54899 Exposes Excel to Code Execution Attacks: Patch Deployed for Critical Memory-Safety Bug
Microsoft has released a security update to patch CVE-2025-54899, a memory-safety vulnerability in Excel that can allow attackers to execute arbitrary code on a victim's machine when a malicious...
Microsoft Patches Excel Vulnerability CVE-2025-54898: Out-of-Bounds Read Could Allow Code Execution
Microsoft has issued a security update for CVE-2025-54898, an out-of-bounds read vulnerability in Microsoft Excel that could be exploited by attackers to achieve local code execution when a user...
Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now
Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...
Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896
Microsoft has issued a critical security advisory for CVE-2025-54896, a use-after-free vulnerability in Microsoft Office Excel that could allow attackers to execute arbitrary code on Windows...
Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now
Microsoft has released a security update to plug a critical elevation-of-privilege hole in the Windows NEGOEX authentication mechanism. Tracked as CVE-2025-54895, the flaw stems from an integer...
Microsoft Patches Use-After-Free in Windows XAML DatePickerFlyout That Could Elevate Local Privileges
Microsoft has assigned CVE-2025-54111 to a use‑after‑free vulnerability in the Windows UI XAML Phone DatePickerFlyout control, warning that an authenticated local attacker could exploit the flaw...
How to Prioritize Patching with Microsoft’s Confidence Metric: Lessons from CVE-2025-54894
A single metric buried inside every Microsoft Security Response Center (MSRC) advisory could be the difference between a patching strategy that works and one that wastes precious time. Security teams...
Microsoft Urges Immediate Patching for Windows Kernel Privilege-Escalation Flaw CVE-2025-54110
Microsoft has released a security update to patch a high-severity vulnerability in the Windows kernel, tracked as CVE-2025-54110, that allows a local attacker to escalate privileges to SYSTEM level....
Critical Windows Server VPN Gateway Flaw Allows Unauthenticated Remote Code Execution — Patch RRAS Now
Microsoft is urging organizations to immediately patch a series of critical heap-based buffer overflow vulnerabilities in Windows Routing and Remote Access Service (RRAS) that can be exploited...
Windows CDPSvc Elevation Flaw (CVE-2025-54102) Patched; Attackers Could Seize SYSTEM Control
A high-severity vulnerability in the Windows Connected Devices Platform Service (CDPSvc), cataloged as CVE-2025-54102, can be exploited by a low-privileged local attacker to gain NT AUTHORITY\SYSTEM...
Critical Windows RRAS Flaw CVE-2025-54097 Exposes VPN Server Memory: Patch Immediately
Microsoft has issued a security update addressing CVE-2025-54097, a critical information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that allows remote attackers...
Windows SMBv3 Vulnerability CVE-2025-54101 Could Let Attackers Remotely Execute Code
A newly disclosed vulnerability in the Windows SMBv3 client could allow attackers to take full control of unpatched systems with nothing more than a network connection. Microsoft’s advisory,...