Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Visio Under Fire: Microsoft Releases Patch for Use-After-Free Vulnerability CVE-2025-53730
Microsoft has disclosed a new use-after-free vulnerability in Visio, tracked as CVE-2025-53730, that allows an attacker to execute arbitrary code locally when a user opens a maliciously crafted...
CVE-2025-33051: Exchange Server Leak Demands Urgent Patching and Credential Rotation
Microsoft’s June 2025 Patch Tuesday has surfaced CVE-2025-33051, an information disclosure vulnerability in Exchange Server that demands immediate attention from every organization running...
New XSS Vulnerability in Dynamics 365 On-Premises Allows Spoofing Attacks – Patch Now
Microsoft has assigned CVE-2025-49745 to a cross‑site scripting (XSS) vulnerability affecting on‑premises deployments of Dynamics 365, warning that improper input neutralization during web page...
Microsoft Fixes SQL Server Flaw That Allows Privilege Escalation via SQL Injection
Microsoft’s July 2025 Patch Tuesday release includes a fix for a high-severity SQL injection vulnerability in SQL Server that enables authenticated attackers to escalate privileges and seize...
Immediate Patch Needed: CVE-2025-49758 SQL Injection Allows SQL Server Privilege Escalation
Microsoft has released critical security updates for all supported versions of SQL Server to address CVE-2025-49758, a severe SQL injection vulnerability that could allow an authenticated attacker to...
Microsoft Fixes Hyper-V Sync Bug (CVE-2025-47999) That Allows Adjacent Attackers to Crash Virtual Hosts
Microsoft has released a security update for a denial-of-service vulnerability in Windows Hyper‑V, cataloged as CVE‑2025‑47999, that lets an attacker on an adjacent network crash virtualisation...
Microsoft Patches Azure File Sync EoP Vulnerability CVE-2025-29973—What IT Admins Must Do Now
Microsoft has confirmed an elevation-of-privilege vulnerability in its Azure File Sync service that could allow an authenticated local attacker to gain full control of affected Windows servers....
CISA August 2025 Advisory Exposes Critical Flaw in Rail Brake Protocol, Demands Broad ICS Patching
The U.S. rail industry faces a safety-critical vulnerability that cannot be fixed with a simple software update. A flaw in the remote linking protocol used by End-of-Train (EoT) and Head-of-Train...
Immediate Hotfixes Released for Schneider Electric PME Vulnerabilities, CISA Urges Swift Action
Schneider Electric has released hotfixes for a cluster of high-impact vulnerabilities in its EcoStruxure Power Monitoring Expert (PME) software, addressing flaws that could allow remote code...
Critical 8.4 CVSS Flaws in Ashlar-Vellum Cobalt/Xenon/Argon Allow Code Execution via Malicious CAD Files
A CISA advisory published this week warns that multiple Ashlar‑Vellum professional CAD and 3D modeling applications harbor memory‑corruption vulnerabilities carrying a CVSS v4 base score of 8.4....
Sante PACS Server Flaws Chain Path Traversal, Double-Free, XSS—Patch Urged as Advisories Clash
Security researchers have disclosed a quartet of vulnerabilities in Sante PACS Server, a medical imaging platform deployed across clinics and hospitals, that combine to create a near-critical risk of...
Patch Now: AVEVA PI Integrator Vulnerabilities Could Let Attackers Hijack OT Analytics
On August 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory warning of two high-severity vulnerabilities in AVEVA’s...