Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Office Users on Alert as CVE-2025-49697 Exposes Systems to Code Execution Attacks
A critical remote code execution vulnerability in Microsoft Office, tracked as CVE-2025-49697, has put enterprise and consumer users on high alert, even as official technical details from Microsoft...
CVE-2025-49693: Microsoft Flags 'More Likely' Exploit for Windows EoP Flaw, Urges Immediate Patching
Microsoft has disclosed a critical elevation-of-privilege vulnerability, CVE-2025-49693, that gives authenticated local attackers a path to SYSTEM-level control by exploiting a double-free memory...
CVE-2025-49685: Critical Windows Search Bug Lets Attackers Seize Admin Control—Patch Immediately
Microsoft has disclosed a critical elevation-of-privilege vulnerability in the Windows Search Service that hands local attackers a direct path to administrative control. Tracked as CVE-2025-49685,...
Microsoft Ships Patches for Critical Office RCE Bug CVE-2025-49695, Including Office for Mac
A dangerous use-after-free vulnerability in Microsoft Office, tracked as CVE-2025-49695, has been patched after attackers could potentially execute malicious code just by tricking users into opening...
Microsoft Patches Improper Access Control Flaw in Windows Storage Driver That Exposes Sensitive Data
Microsoft has confirmed and patched a security vulnerability in the Windows Storage Port Driver that could allow attackers with local access to read sensitive information from a targeted system....
CVE-2025-49683: Critical VHDX Vulnerability Exposes Hyper-V and Cloud to RCE Attacks
A newly patched vulnerability in Microsoft's Virtual Hard Disk version 2 (VHDX) subsystem could allow attackers to execute arbitrary code with elevated privileges, posing severe risks to Hyper-V...
Patch Now: Windows Performance Recorder Vulnerability (CVE-2025-49680) Allows Local Denial-of-Service
Microsoft has released a security update to fix a denial-of-service vulnerability in Windows Performance Recorder (WPR) tracked as CVE-2025-49680. The flaw, caused by improper link resolution, could...
CVE-2025-49682: Microsoft Patches Windows Media Use-After-Free Flaw Allowing Local Privilege Escalation
Microsoft has patched an elevation-of-privilege vulnerability in Windows Media, tracked as CVE-2025-49682, that could let attackers with local access gain higher system permissions. The flaw,...
Critical Windows RRAS Vulnerability Opens Door to Information Disclosure
Critical Windows RRAS Vulnerability Opens Door to Information Disclosure A recently identified security flaw, tracked as CVE-2025-49681, affects the Windows Routing and Remote Access Service (RRAS),...
Critical Windows Shell Flaw CVE-2025-49679 Allows Local Privilege Escalation
A critical vulnerability in the Windows Shell, identified as CVE-2025-49679, has been disclosed, posing a significant security risk to users. This flaw, a numeric truncation error, can be exploited...
Critical Windows Kernel Streaming Flaw CVE-2025-49675 Enables Full System Takeover
A critical vulnerability has been identified in a core component of the Windows operating system, posing a significant security risk to users. The flaw, cataloged as CVE-2025-49675, affects the...
Critical NTFS Vulnerability (CVE-2025-49678) Exposes Windows Systems to Privilege Escalation
Critical NTFS Vulnerability (CVE-2025-49678) Exposes Windows Systems to Privilege Escalation A critical security flaw, identified as CVE-2025-49678, has been discovered in the Windows New Technology...