Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CISA Orders Patching of 2007 Excel Bug, 2013 IE Flaw, and 2025 WinRAR Zero-Day
On August 12, the Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—two of them first disclosed during the...
Active SharePoint RCE Exploits Chain Deserialization Bug to Deploy Web Shells and Ransomware
Attackers are actively chaining a deserialization vulnerability in on-premises SharePoint Server with an authentication bypass to gain remote code execution without credentials—then stealing the...
Microsoft Patches CVE-2025-49736: Android Edge UI Spoofing Bug Allows Credential Theft
Microsoft has released a patch for a UI spoofing vulnerability in its Edge browser for Android, tracked as CVE-2025-49736. The flaw, which Microsoft classifies as allowing an unauthenticated attacker...
Azure VM Spoofing Flaw CVE-2025-49707: Microsoft Patches Local Access Control Bypass
Microsoft has confirmed and released fixes for CVE-2025-49707, a critical improper access control vulnerability in Azure Virtual Machines that enables an attacker with local access to impersonate...
Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android
Microsoft’s Security Response Center has disclosed CVE-2025-49755, a user-interface spoofing flaw in Microsoft Edge (Chromium-based) for Android that could let attackers trick users into handing...
Critical Word Flaw CVE-2025-53784 Lets Attackers Hijack PCs via Malicious Docs — Patch Immediately
Microsoft’s latest security advisory warns of a memory-corruption flaw in Word—CVE-2025-53784—that hands attackers a local-code-execution foothold from nothing more than a booby-trapped...
Microsoft: CVE-2025-48807 Hyper V Exploit Demands Local Access, Yet Threatens Entire Host Infrastructures
Despite a CVE title suggesting a remote code execution flaw, Microsoft confirmed this week that CVE‑2025‑48807—a vulnerability in Hyper‑V’s Virtualization Service Provider (VSP)...
Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data
Microsoft has published an urgent security advisory for CVE-2025-53793, an improper authentication vulnerability in Azure Stack Hub that could allow unauthenticated attackers to access sensitive...
WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation
Microsoft released an out-of-band Windows Subsystem for Linux (WSL) update on August 6, 2025, patching a local elevation-of-privilege vulnerability that could let attackers break out of WSL2...
CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers
Microsoft's July 2025 Patch Tuesday delivers a fix for a high-severity missing authorization vulnerability in the Windows StateRepository API, tracked as CVE-2025-49723. The bug lets an already...
Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching
Microsoft has published a security advisory for CVE-2025-53783, a heap-based buffer overflow in Microsoft Teams that allows an unauthorized attacker to execute code remotely over a network. The...
CVE-2025-50155: Critical Windows Push Notifications EoP Flaw Exposes Systems to Full Takeover
A serious elevation-of-privilege vulnerability in Windows Push Notifications has been cataloged as CVE-2025-50155 by Microsoft, giving authenticated local attackers a clear path to SYSTEM-level...