Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now
Microsoft’s security team has published guidance for CVE-2025-53779, a newly disclosed vulnerability in Windows Kerberos that could let authenticated attackers on the network elevate their...
Windows Admins: CVE-2025-53778 Is a Patch-Now NTLM Privilege Escalation That Threatens Entire Domains
Microsoft has silently added CVE-2025-53778 to its Security Update Guide, flagging a improper authentication flaw in the Windows NTLM implementation that permits an authorized attacker to elevate...
Critical RRAS Vulnerability Leaks Windows Server Memory—Patch CVE-2025-50157 Immediately
Microsoft has issued an urgent security update for a memory disclosure flaw in Windows Routing and Remote Access Service (RRAS) that could let attackers remotely extract sensitive data from unpatched...
Windows Security App UI Spoofing Flaw CVE-2025-47956 Patched – But Local Attackers Can Still Fake Alerts
Microsoft’s June 2025 security updates address a spoofing vulnerability in the Windows Security App that lets a local user manipulate file names and paths to display forged security alerts. Tracked...
CVE-2025-53740: Urgent Patch Needed as Office Use-After-Free RCE Threatens Enterprise Security
Microsoft has confirmed a critical use-after-free vulnerability in Microsoft Office, tracked as CVE-2025-53740, that could let attackers run arbitrary code when a user opens a maliciously crafted...
Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call
Microsoft’s Security Update Guide has quietly listed a new vulnerability tracked as CVE-2025-53766, describing a heap-based buffer overflow in the GDI+ graphics library that could allow remote code...
CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access
Microsoft’s Security Response Center has published an advisory for CVE-2025-53765, an information disclosure vulnerability in Azure Stack Hub that permits an attacker with local authorization to...
Microsoft Issues Advisory for Critical Excel RCE Flaw CVE-2025-53739, Urges Immediate Patching
A newly discovered vulnerability in Microsoft Excel, tracked as CVE-2025-53739, could allow attackers to execute arbitrary code on victims' machines simply by convincing them to open a specially...
CVE-2025-47957: Decoding Microsoft’s Critical Word Use-After-Free Vulnerability
Microsoft’s security team recently pushed out a fix for a critical vulnerability in Microsoft Word that, if left unpatched, could give attackers a direct path to executing malicious code on a...
CVE-2025-53734: Patch Visio Use-After-Free RCE Before Attackers Exploit Document Flaw
Microsoft has released a security update for a use-after-free vulnerability in Microsoft Visio that allows attackers to execute arbitrary code simply by having a victim open a maliciously crafted...
Microsoft Office Buffer Over-Read Bugs Strike Word and Excel: What Enterprises Must Patch Now
Microsoft has rolled out crucial patches for two high-severity buffer over-read vulnerabilities in Microsoft Word and Excel, both enabling local attackers to extract sensitive memory contents. The...
Microsoft Patches Critical Excel Use-After-Free Flaw (CVE-2025-53735) That Executes Code via Malicious Spreadsheets
Microsoft has confirmed a serious use-after-free vulnerability in Microsoft Excel, tracked as CVE-2025-53735, that can allow attackers to execute arbitrary code on a victim’s machine simply by...