Microsoft confirmed a new local elevation-of-privilege vulnerability in the Xbox component chain—tracked as CVE-2025-53768—described as a use‑after‑free in the IStorageService implementation that can allow an authorized local user to escalate privileges on an affected host; administrators must...
CVE-2025-49728 — Microsoft PC Manager: Cleartext storage of sensitive information (Security‑feature bypass, local)
Summary (TL;DR)
Microsoft has assigned CVE‑2025‑49728 to a vulnerability in Microsoft PC Manager where sensitive information is stored in cleartext, enabling a local, unauthorized...
Microsoft has published an advisory for CVE-2025-50170, a local elevation-of-privilege (EoP) vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that—when reached by a local, authorized attacker—can be abused to obtain higher privileges on affected machines. The flaw stems...