CVE-2025-50152
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-24990
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed i…
CVE-2025-24052
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed i…
CVE-2025-55234
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.
The SMB…
CVE-2025-55226
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-54918
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-54917
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54916
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2025-54915
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54913
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.
CVE-2025-54912
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
CVE-2025-54911
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
CVE-2025-54895
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
CVE-2025-54894
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2025-54116
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.
CVE-2025-54112
Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-54111
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.
CVE-2025-54110
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-54109
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.