Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Patches Dynamics 365 On-Prem Flaw CVE-2025-53728 That Exposes Sensitive Data
Microsoft has released a security update to fix an information disclosure vulnerability in Dynamics 365 on-premises versions, tracked as CVE-2025-53728. The flaw, classified as allowing an...
Critical Office Use-After-Free Bug (CVE-2025-53731) Lets Attackers Execute Code—Patch Now, Microsoft Warns
Microsoft’s Security Response Center has published a new advisory, CVE-2025-53731, confirming a critical use-after-free vulnerability in Microsoft Office that can let attackers execute arbitrary...
Microsoft Warns of CVE-2025-53726: Windows Push Notification Flaw Grants SYSTEM Access to Local Attackers
Microsoft has published a high-priority security advisory for CVE-2025-53726, a type-confusion vulnerability in the Windows Push Notifications component that allows an authenticated local attacker to...
Windows Notification Use‑After‑Free Vulnerability (CVE‑2025‑49725) Grants Attackers SYSTEM Privileges
Microsoft has patched a critical use‑after‑free vulnerability in the Windows Notification subsystem that could allow an authenticated local attacker to escalate privileges to SYSTEM. Tracked as...
CVE-2025-53723: Hyper‑V Truncation Bug Hands Local Attackers SYSTEM Control
Microsoft has published an advisory for a new elevation‑of‑privilege vulnerability in Windows Hyper‑V that could allow an authorized attacker on an affected host to escalate privileges and take...
Microsoft Issues Urgent Fix for CVE-2025-53724: Windows Push Notifications Type Confusion Bug Enables SYSTEM Access
Microsoft’s latest security advisory warns of a serious elevation-of-privilege vulnerability in the Windows Push Notifications Apps component, tracked as CVE-2025-53724. The flaw, rooted in a type...
CVE-2025-53722: Attackers Can Exhaust Windows RDS and Force Server Downtime, Microsoft Warns
A recently disclosed flaw in Windows Remote Desktop Services (CVE-2025-53722) allows attackers to remotely crash servers by overwhelming system resources, Microsoft’s security advisory warns. The...
Patch Now: Windows CDPSvc Use-After-Free Bug (CVE-2025-48000) Grants Attackers SYSTEM Privileges
A use-after-free vulnerability in the Windows Connected Devices Platform Service (CDPSvc) lets any local authenticated attacker gain full SYSTEM control—and the fix landed in Microsoft’s July...
Uninitialized Resource Bug in Windows RRAS Could Expose Corporate VPN Secrets, Microsoft Urges Patch
Microsoft has disclosed a new information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-53719, that could allow an authenticated attacker to...
Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation
Microsoft has issued a high-priority security advisory for a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Tracked as CVE-2025-53718, the flaw allows a...
Critical Heap Overflow in Windows RRAS: Patch Now to Protect VPN Gateways from Remote Code Execution
Microsoft’s June–July 2025 security updates address a critical heap-based buffer overflow in the Windows Routing and Remote Access Service (RRAS) that could allow remote code execution against...
CVE-2025-33057: Microsoft Patches LSASS Null Pointer DoS That Can Crash Domain Controllers
Microsoft has released a security update for a vulnerability that allows an attacker with network access to crash the Local Security Authority Subsystem Service (LSASS) and trigger a...