Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-53740: Urgent Patch Needed as Office Use-After-Free RCE Threatens Enterprise Security
Microsoft has confirmed a critical use-after-free vulnerability in Microsoft Office, tracked as CVE-2025-53740, that could let attackers run arbitrary code when a user opens a maliciously crafted...
Unverified GDI+ RCE Vulnerability CVE-2025-53766 Prompts Urgent Patch Verification Call
Microsoft’s Security Update Guide has quietly listed a new vulnerability tracked as CVE-2025-53766, describing a heap-based buffer overflow in the GDI+ graphics library that could allow remote code...
CVE-2025-53765: Microsoft Warns of Azure Stack Hub Data Leak Through Authorized Local Access
Microsoft’s Security Response Center has published an advisory for CVE-2025-53765, an information disclosure vulnerability in Azure Stack Hub that permits an attacker with local authorization to...
Microsoft Issues Advisory for Critical Excel RCE Flaw CVE-2025-53739, Urges Immediate Patching
A newly discovered vulnerability in Microsoft Excel, tracked as CVE-2025-53739, could allow attackers to execute arbitrary code on victims' machines simply by convincing them to open a specially...
CVE-2025-47957: Decoding Microsoft’s Critical Word Use-After-Free Vulnerability
Microsoft’s security team recently pushed out a fix for a critical vulnerability in Microsoft Word that, if left unpatched, could give attackers a direct path to executing malicious code on a...
CVE-2025-53734: Patch Visio Use-After-Free RCE Before Attackers Exploit Document Flaw
Microsoft has released a security update for a use-after-free vulnerability in Microsoft Visio that allows attackers to execute arbitrary code simply by having a victim open a maliciously crafted...
Microsoft Office Buffer Over-Read Bugs Strike Word and Excel: What Enterprises Must Patch Now
Microsoft has rolled out crucial patches for two high-severity buffer over-read vulnerabilities in Microsoft Word and Excel, both enabling local attackers to extract sensitive memory contents. The...
Microsoft Patches Critical Excel Use-After-Free Flaw (CVE-2025-53735) That Executes Code via Malicious Spreadsheets
Microsoft has confirmed a serious use-after-free vulnerability in Microsoft Excel, tracked as CVE-2025-53735, that can allow attackers to execute arbitrary code on a victim’s machine simply by...
CVE-2025-53733: Patch Microsoft Word RCE Now – Numeric Conversion Flaw Exploited
Microsoft has published advisory CVE-2025-53733, warning of a remote code execution vulnerability in Microsoft Word that stems from an incorrect conversion between numeric types during document...
Microsoft Closes Excel Heap Overflow Remote Code Execution Hole (CVE-2025-53737) — Patch Now
Microsoft’s April 2025 security updates included a fix for a heap overflow vulnerability in Excel that attackers could exploit to run arbitrary code on a victim’s machine. Tracked as...
Patch Now: SQL Injection Flaw in Microsoft SQL Server Grants Attackers Full Network Privileges
Microsoft has confirmed a high-severity elevation-of-privilege vulnerability tracked as CVE-2025-47954 that affects Microsoft SQL Server, allowing an authenticated attacker to escalate privileges...
Urgent Patch for CVE-2025-53732: Microsoft Office Heap Overflow Enables Remote Code Execution via Malicious Documents
Microsoft has released a critical security update addressing CVE-2025-53732, a heap-based buffer overflow vulnerability in Microsoft Office that allows remote code execution (RCE) when a user opens a...