Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Patch Now: Windows RRAS Heap Overflow CVE-2025-49657 Opens Door to Unauthenticated RCE
Microsoft’s July 2025 Patch Tuesday delivered a critical update for a heap-based buffer overflow in the Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-49657. A remote,...
Critical Race Condition in Windows Graphics Lets Attackers Escalate to SYSTEM – What to Do
Microsoft has disclosed a critical elevation-of-privilege vulnerability in the Windows Graphics Component, tracked as CVE-2025-49743, that could allow attackers to gain SYSTEM-level access on a...
CVE-2025-25005: The Windows Vulnerability Shrouded in Uncertainty and What Admins Must Do Now
The discovery of a new Windows vulnerability always triggers a scramble for details, but CVE-2025-25005 has presented an unusual challenge: the Microsoft Security Response Center (MSRC) advisory...
Azure VMs Hit by CVE-2025-53781: Information Disclosure Risk Prompts Urgent Patching
Microsoft has published a security advisory for CVE-2025-53781, warning Azure Virtual Machines users of a critical information disclosure vulnerability that could allow attackers to siphon sensitive...
Microsoft’s AI Coding Assistant Under Fire as GitHub Copilot Command Injection Chain Exposes Developers to Remote Code Execution
A zero-click AI command injection flaw in Microsoft 365 Copilot, tracked as CVE-2025-32711 and nicknamed EchoLeak, laid bare a dangerous new attack surface in June 2025. The vulnerability carried a...
Microsoft Patches Critical RCE Flaw in IIS Web Deploy – CVE-2025-53772 Threatens Exposed Servers
Microsoft has issued a high-priority security advisory for a deserialization vulnerability in its Web Deploy tool that could give authenticated attackers the ability to execute arbitrary code on...
Microsoft Discloses Critical PowerPoint Use-After-Free Flaw, CVE-2025-53761, Enabling Local Code Execution
Microsoft has issued a security advisory for a new use-after-free vulnerability in PowerPoint, tracked as CVE-2025-53761, that allows an unauthorized attacker to execute code locally. The flaw, which...
Critical SQL Server Vulnerability Enables Admin Escalation Over the Network
Microsoft has released a security advisory for CVE-2025-24999, a network-exploitable elevation-of-privilege flaw in Microsoft SQL Server that could allow an attacker with limited database access to...
Microsoft Warns of Excel RCE Flaw CVE-2025-53759, Workarounds Provided
A newly disclosed vulnerability in Microsoft Excel, tracked as CVE-2025-53759, allows attackers to execute arbitrary code on a victim’s machine by tricking them into opening a specially crafted...
SharePoint 'ToolShell' Zero-Day Exploited: Critical RCE Patched Amid Active Attacks
Microsoft has released an emergency security update to patch a critical remote code execution (RCE) vulnerability in SharePoint Server that has been actively exploited in the wild. Tracked as...
CVE-2025-53741: Microsoft Issues Emergency Excel Patch to Stop Remote Code Execution via Heap Overflow
Microsoft has disclosed a critical heap-based buffer overflow vulnerability in Excel, tracked as CVE-2025-53741, that can give attackers the ability to remotely execute code on a vulnerable machine...