Threat Detection
The latest Threat Detection coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Issues Urgent Fix for CVE-2025-53724: Windows Push Notifications Type Confusion Bug Enables SYSTEM Access
Microsoft’s latest security advisory warns of a serious elevation-of-privilege vulnerability in the Windows Push Notifications Apps component, tracked as CVE-2025-53724. The flaw, rooted in a type...
Critical Windows AFD.sys Kernel Flaw (CVE-2025-53718) Exposes Systems to Local Privilege Escalation
Microsoft has issued a high-priority security advisory for a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Tracked as CVE-2025-53718, the flaw allows a...
MSMQ Type Confusion Flaw CVE-2025-53144 Exposes Windows Servers to RCE
Microsoft has published an advisory for a critical vulnerability in Windows Message Queuing (MSMQ) that could be exploited by an authorized attacker to execute code over a network. Tracked as...
Microsoft Patches CVE-2025-53143: Critical MSMQ Type-Confusion RCE Demands Immediate Action
Microsoft has delivered a security update for CVE-2025-53143, a remote code execution vulnerability in the Windows Message Queuing (MSMQ) service. The flaw, rooted in a type confusion error, allows...
Patch Now: CVE-2025-53140 Kernel Transaction Manager Use-After-Free Enables Local Privilege Escalation on Windows
Microsoft has released a security update for CVE-2025-53140, a use-after-free vulnerability in the Windows Kernel Transaction Manager (KTM) that allows an authorized local attacker to elevate...
Actively Exploited Windows AFD.sys Flaw Earns CISA KEV Status Amid Patching Confusion
Microsoft’s February 2025 Patch Tuesday delivered a fix for CVE-2025-21418, a heap-based buffer overflow in the Windows Ancillary Function Driver (afd.sys), but sysadmins are grappling with a...
Urgent Microsoft Patch Closes Remote Code Execution Hole in Windows Media: CVE-2025-53131
Microsoft has shipped a critical security update to plug a heap-based buffer overflow in Windows Media components that could hand remote attackers the ability to execute arbitrary code on unpatched...
Windows File Explorer NTLM Leak: CVE-2025-50154 Exposes Credentials in Stealthy Attacks
A single unassuming ZIP archive can now become a weapon to steal Windows credentials, thanks to a newly patched flaw in Windows File Explorer. Microsoft's March 11, 2025 Patch Tuesday update fixed a...
Windows AFD.sys Hit Again: Race Condition CVE-2025-49762 Opens Door to SYSTEM Access
Microsoft has disclosed yet another high-severity vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys), this time a race condition tracked as CVE-2025-49762 that allows a...
Critical SQL Server Patches Land, but CVE Confusion Causes Headaches for Admins
Microsoft’s July 2025 Patch Tuesday brought a cluster of security updates for SQL Server that fix critical vulnerabilities, including a heap-based buffer overflow leading to remote code execution,...
Azure VMs Hit by CVE-2025-53781: Information Disclosure Risk Prompts Urgent Patching
Microsoft has published a security advisory for CVE-2025-53781, warning Azure Virtual Machines users of a critical information disclosure vulnerability that could allow attackers to siphon sensitive...
Visio Under Fire: Microsoft Releases Patch for Use-After-Free Vulnerability CVE-2025-53730
Microsoft has disclosed a new use-after-free vulnerability in Visio, tracked as CVE-2025-53730, that allows an attacker to execute arbitrary code locally when a user opens a maliciously crafted...