Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Flags UI Spoofing Vulnerability CVE-2025-49755 in Edge for Android
Microsoft’s Security Response Center has disclosed CVE-2025-49755, a user-interface spoofing flaw in Microsoft Edge (Chromium-based) for Android that could let attackers trick users into handing...
Critical Word Flaw CVE-2025-53784 Lets Attackers Hijack PCs via Malicious Docs — Patch Immediately
Microsoft’s latest security advisory warns of a memory-corruption flaw in Word—CVE-2025-53784—that hands attackers a local-code-execution foothold from nothing more than a booby-trapped...
Microsoft: CVE-2025-48807 Hyper V Exploit Demands Local Access, Yet Threatens Entire Host Infrastructures
Despite a CVE title suggesting a remote code execution flaw, Microsoft confirmed this week that CVE‑2025‑48807—a vulnerability in Hyper‑V’s Virtualization Service Provider (VSP)...
Microsoft's CVE-2025-53793 Advisory: Azure Stack Hub Authentication Flaw Exposes Sensitive Data
Microsoft has published an urgent security advisory for CVE-2025-53793, an improper authentication vulnerability in Azure Stack Hub that could allow unauthenticated attackers to access sensitive...
WSL 2.5.10 Fixes TOCTOU Bug: Microsoft Acts Fast on CVE-2025-53788 Privilege Escalation
Microsoft released an out-of-band Windows Subsystem for Linux (WSL) update on August 6, 2025, patching a local elevation-of-privilege vulnerability that could let attackers break out of WSL2...
CVE-2025-49723: Windows StateRepository Flaw Opens Door to Local Privilege Escalation, Advisories Confuse CVE Numbers
Microsoft's July 2025 Patch Tuesday delivers a fix for a high-severity missing authorization vulnerability in the Windows StateRepository API, tracked as CVE-2025-49723. The bug lets an already...
Microsoft Teams Flaw CVE-2025-53783: Unauthenticated RCE via Heap Overflow Sparks Urgent Patching
Microsoft has published a security advisory for CVE-2025-53783, a heap-based buffer overflow in Microsoft Teams that allows an unauthorized attacker to execute code remotely over a network. The...
CVE-2025-50155: Critical Windows Push Notifications EoP Flaw Exposes Systems to Full Takeover
A serious elevation-of-privilege vulnerability in Windows Push Notifications has been cataloged as CVE-2025-50155 by Microsoft, giving authenticated local attackers a clear path to SYSTEM-level...
CVE-2025-53779: New Kerberos Path Traversal Bug Opens Door to Privilege Escalation—Patch Now
Microsoft’s security team has published guidance for CVE-2025-53779, a newly disclosed vulnerability in Windows Kerberos that could let authenticated attackers on the network elevate their...
Windows Admins: CVE-2025-53778 Is a Patch-Now NTLM Privilege Escalation That Threatens Entire Domains
Microsoft has silently added CVE-2025-53778 to its Security Update Guide, flagging a improper authentication flaw in the Windows NTLM implementation that permits an authorized attacker to elevate...
Critical RRAS Vulnerability Leaks Windows Server Memory—Patch CVE-2025-50157 Immediately
Microsoft has issued an urgent security update for a memory disclosure flaw in Windows Routing and Remote Access Service (RRAS) that could let attackers remotely extract sensitive data from unpatched...
Windows Security App UI Spoofing Flaw CVE-2025-47956 Patched – But Local Attackers Can Still Fake Alerts
Microsoft’s June 2025 security updates address a spoofing vulnerability in the Windows Security App that lets a local user manipulate file names and paths to display forged security alerts. Tracked...