information disclosure

Microsoft released a security update on November 11, 2025 to fix CVE-2025-62208, an information disclosure vulnerability in the Windows License Manager that can expose sensitive details via log files to an authenticated, low‑privilege local user — a fix administrators should apply immediately...

Microsoft has recorded CVE‑2025‑62209 — an information disclosure vulnerability in the Windows License Manager — and issued a security update on November 11, 2025 to address it; public trackers rate the flaw as CVSS v3.1 5.5 (Medium) with a local attack vector and a confidentiality‑only impact...

Microsoft has published an advisory for CVE-2025-59240, an information-disclosure vulnerability in Microsoft Excel that can expose sensitive local data when a user interacts with a specially crafted workbook; Microsoft has issued a security update and describes the flaw as a local...

Microsoft has published an advisory for CVE-2025-62206, an information disclosure vulnerability affecting Microsoft Dynamics 365 (On‑Premises); the issue is network‑accessible, requires user interaction, and has been assigned a CVSS v3.1 base score of 6.5 (Medium) with a confidentiality impact...

Microsoft’s Security Update Guide lists CVE-2025-60706 as an information disclosure vulnerability in Windows Hyper‑V, but the public record remains deliberately sparse: the vendor entry is terse, the advisory page requires JavaScript to render its full details, and independent technical analysis...

Microsoft’s Security Update Guide lists CVE‑2025‑59509 as an information‑disclosure vulnerability affecting Windows Speech Recognition, but the public record remains intentionally sparse: the vendor acknowledgement exists, yet low‑level technical details, exploit code, and independent write‑ups...

Microsoft and multiple security trackers confirmed a local information‑disclosure bug in the Windows ETL (Event Trace Log) Channel, tracked as CVE‑2025‑59197, that can cause sensitive data to be written into trace/log files and exposed to local, low‑privilege actors — Microsoft published fixes...

Microsoft has published a security advisory for CVE-2025-59203, a Windows State Repository API Server file information disclosure vulnerability that can cause sensitive data to be written into log files and read by an authorized local actor; Microsoft’s published CVSS v3.1 vector for the issue...

A newly recorded vulnerability, tracked as CVE‑2025‑2884, exposes an out‑of‑bounds read in the Trusted Computing Group (TCG) TPM 2.0 reference implementation — specifically within the CryptHmacSign helper — and the flaw can allow sensitive memory contents or secrets to be leaked from affected...

Microsoft has confirmed CVE-2025-59260 as a local information‑disclosure vulnerability in the Microsoft Failover Cluster virtual driver that can write sensitive cluster state into log files or otherwise expose privileged configuration data to low‑privileged local actors, and Microsoft has...

Microsoft has recorded CVE-2025-59209 as an information disclosure vulnerability in the Windows Push Notification Core that can permit a low-privilege, authorized local actor to obtain sensitive information from a host; the advisory classifies the flaw as local-only with a medium CVSS v3.1 score...

Microsoft has assigned CVE‑2025‑59184 to an information‑disclosure weakness in Windows High Availability Services (the subsystem that underpins Storage Spaces Direct and related cluster features), warning that a low‑privileged, local actor can disclose sensitive information from an affected...

Microsoft has published a security advisory for CVE-2025-59188, an information-disclosure vulnerability in Microsoft Failover Cluster that can allow a low‑privilege, local actor to read sensitive information written to cluster diagnostic/log files; a vendor fix is available and the vulnerability...

On October 14, 2025 Microsoft recorded CVE-2025-58720, an information‑disclosure vulnerability in Windows Cryptographic Services that stems from the “use of a cryptographic primitive with a risky implementation” and can allow an authorized local attacker to disclose sensitive information on...

Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...

Microsoft has published an advisory and a security update for CVE-2025-55679, a Windows Kernel information‑disclosure vulnerability that permits a local actor to obtain sensitive system memory under certain conditions — and administrators should treat it as a high-priority remediation for...

Microsoft has confirmed an information‑disclosure vulnerability affecting .NET, .NET Framework and Visual Studio — tracked as CVE‑2025‑55248 — and published cumulative security updates on October 14, 2025 to address it; public vulnerability trackers rate the flaw as medium (CVSS 3.1 = 4.8) and...

Microsoft’s advisory that assigns CVE‑2025‑59294 to a Windows Taskbar Live Preview information‑disclosure issue is a reminder that even seemingly cosmetic UI features can leak sensitive data when combined with physical access or weak endpoint physical security. Background / Overview The...

Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...

Microsoft has published an advisory identifying CVE-2025-47979, an information-disclosure vulnerability in Windows Failover Cluster that can cause sensitive data to be written into cluster log files and thereby exposed to a local, low‑privilege attacker; the issue is scored CVSS 3.1 = 5.5...