Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Rushes Patch for BFS Kernel Bug CVE-2025-53142 That Hands Attackers SYSTEM Access
Microsoft has issued a security advisory for CVE-2025-53142, a use-after-free vulnerability in the Windows Brokering File System (BFS) that allows an authenticated local attacker to escalate...
CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation
{ "title": "CVE-2025-53141: Microsoft Fixes AFD.sys Null Pointer Bug Enabling Local SYSTEM Escalation", "content": "Microsoft has released a security patch for a high‑severity privilege...
Patch Now: CVE-2025-53140 Kernel Transaction Manager Use-After-Free Enables Local Privilege Escalation on Windows
Microsoft has released a security update for CVE-2025-53140, a use-after-free vulnerability in the Windows Kernel Transaction Manager (KTM) that allows an authorized local attacker to elevate...
CVE-2025-53138: Windows Server RRAS Vulnerability Leaks Sensitive Memory
Microsoft's latest security advisory warns of CVE-2025-53138, a newly disclosed information disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS). The flaw, rooted in the...
CVE-2025-53137: Microsoft’s AFD.sys Patch Stops Local Attackers from Hijacking SYSTEM
A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), tracked as CVE-2025-53137, hands any local attacker with a toehold on a machine a direct path to SYSTEM...
Actively Exploited Windows AFD.sys Flaw Earns CISA KEV Status Amid Patching Confusion
Microsoft’s February 2025 Patch Tuesday delivered a fix for CVE-2025-21418, a heap-based buffer overflow in the Windows Ancillary Function Driver (afd.sys), but sysadmins are grappling with a...
Microsoft Patches Critical DirectX Kernel Race Condition Exploit (CVE-2025-53135) Threatening Windows Systems
Microsoft has released a security update for a local privilege escalation vulnerability in the Windows DirectX Graphics Kernel, tracked as CVE-2025-53135. The flaw, residing in the dxgkrnl driver,...
CVE-2025-26636: Windows Kernel Info Leak Exploits Processor Optimizations to Steal Secrets
Microsoft's April 2025 Patch Tuesday quietly shipped a fix for CVE-2025-26636, a Windows NT kernel information disclosure that lets local attackers extract sensitive memory simply by triggering code...
Patch Now: Critical Windows PrintWorkflowUserSvc Flaws Allow Attackers to Gain SYSTEM Privileges
Microsoft's December 2024 Patch Tuesday included a fix for CVE-2024-49095, a high-severity elevation of privilege vulnerability in the Windows PrintWorkflowUserSvc service that could give attackers...
New Win32k GRFX Race Condition Lets Attackers Hijack Windows Systems — Patch Now
A race-condition vulnerability in the Windows Win32k GRFX kernel component, assigned CVE-2025-53132, enables local attackers to escalate privileges to SYSTEM and take full control of an unpatched...
Urgent Microsoft Patch Closes Remote Code Execution Hole in Windows Media: CVE-2025-53131
Microsoft has shipped a critical security update to plug a heap-based buffer overflow in Windows Media components that could hand remote attackers the ability to execute arbitrary code on unpatched...
CVE-2025-50177: Critical Use-After-Free Bug in Microsoft Message Queuing Could Allow Remote Code Execution
{ "title": "CVE-2025-50177: Critical Use-After-Free Bug in Microsoft Message Queuing Could Allow Remote Code Execution", "content": "Microsoft has dropped a bombshell on Windows administrators: a...