privilege escalation

Microsoft’s October security roll-up closed a dangerous local privilege‑escalation hole in the Remote Access Connection Manager (RasMan) — tracked as CVE‑2025‑59230 — after Microsoft and its threat teams observed in‑the‑wild exploitation; the flaw is an improper access control condition that...

Microsoft confirmed a Windows kernel elevation‑of‑privilege vulnerability tracked as CVE‑2025‑59194, describing it as a use of uninitialized resource in kernel code that an authorized local attacker can exploit to gain elevated privileges; Microsoft published the advisory and security update...

Microsoft has confirmed and patched CVE-2025-58734 — an Inbox COM Objects (Global Memory) vulnerability that can be leveraged for local remote code execution and elevation of privilege in specific hosting contexts, and administrators must treat it as a high-priority fix for exposed and...

A heap-based buffer overflow in the Windows Connected Devices Platform Service (Cdpsvc) — tracked as CVE-2025-59191 — was published on October 14, 2025 and classified by vendors as an elevation-of-privilege (EoP) vulnerability that allows an authorized local attacker with low privileges to gain...

Microsoft has published an advisory for CVE-2025-59189, a high‑severity local elevation‑of‑privilege (EoP) bug in the Microsoft Brokering File System (BFS) that Microsoft and multiple independent trackers classify as a use‑after‑free memory corruption enabling a local attacker to escalate to...

Microsoft’s October security rollup includes a newly cataloged Windows Kernel elevation‑of‑privilege tracked as CVE‑2025‑59187, a confirmed local flaw that Microsoft classifies as improper input validation and that carries a CVSS v3.1 base score of 7.8 (High) — administrators should treat this...

Microsoft has assigned CVE-2025-58736 to a class of vulnerabilities in Inbox COM Objects (Global Memory) that were patched in the October 2025 security updates; the issue is part of a broader family of COM/COM+ defects (race conditions, use‑after‑free and related memory‑safety faults) that can...

Microsoft assigned CVE-2025-58726 to an improper access control flaw in the Windows SMB Server that can allow an authorized attacker to elevate privileges over a network, and the entry is indexed with a CVSS v3.1 base score of 7.5 (High)—an advisory administrators must treat as a priority for...

Microsoft’s security channels added CVE-2025-58714 to the record this week: an elevation‑of‑privilege weakness in the Windows Ancillary Function Driver for WinSock (the afd.sys stack) that — if left unpatched on an affected host — lets a locally authorized attacker raise their process context to...

Microsoft has assigned CVE-2025-58714 to an elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock that allows an authorized local user to gain higher privileges, and Microsoft issued fixes on October 14, 2025 — administrators should treat this as a high-priority patch...

A use-after-free memory‑corruption flaw in the Windows Connected Devices Platform Service (CDPSvc) has been publicly recorded as an elevation‑of‑privilege vulnerability that can allow a local, authorized attacker to gain SYSTEM privileges on affected hosts — administrators must treat CDPSvc...

Microsoft has recorded CVE-2025-58725 as an elevation-of-privilege vulnerability in the Windows COM+ Event System (Inbox COM) / COM-based handler family that can allow a locally authorized attacker to escalate privileges on affected Windows hosts; administrators should treat this as a...

A high‑impact elevation‑of‑privilege flaw has been disclosed in the Azure Connected Machine (Azure Arc) agent that can let an authenticated local user — or an attacker with low‑privileged local execution — escalate to SYSTEM/root on Arc‑enabled servers, and potentially abuse machine identities...

A newly recorded Windows kernel vulnerability, tracked as CVE-2025-55696, is a time‑of‑check/time‑of‑use (TOCTOU) race in the NtQueryInformationToken implementation (ntifs.h) that can allow a local attacker to elevate privileges to SYSTEM when exploited; Microsoft has published the entry in its...

Microsoft’s October security updates close a path to system instability in the DirectX graphics stack: CVE-2025-55698 is a null pointer dereference in the DirectX Graphics Kernel that can be triggered remotely by an authenticated, low-privileged attacker to cause a denial of service (DoS) and...

CVE-2025-55697 is a newly catalogued heap‑based buffer overflow in an Azure local component that allows an authorized local user to elevate privileges on an affected host; Microsoft assigned a high severity rating (CVSS 3.1 base score 7.8) and published vendor guidance that administrators should...

Microsoft’s advisory for CVE-2025-50152 documents an out‑of‑bounds read in the Windows kernel that may allow an authorized local attacker to elevate privileges to SYSTEM; independent vulnerability trackers list the flaw with a CVSS v3.1 base score of 7.8 (High) and, until vendor KB mappings are...

A use-after-free flaw in the Windows Bluetooth Service has been cataloged as CVE-2025-58728 and classified as a local elevation-of-privilege vulnerability that Microsoft patched as part of the October 2025 update cycle; the weakness can allow an authenticated, local user process to corrupt...

Microsoft has confirmed a high‑impact elevation‑of‑privilege vulnerability in the PrintWorkflowUserSvc component of Windows, tracked as CVE‑2025‑55684, that allows a local, low‑privileged user to potentially escalate to SYSTEM under certain conditions — Microsoft classifies the bug as a...

Microsoft has recorded CVE-2025-55688 as a use-after-free vulnerability in the Windows PrintWorkflowUserSvc that can allow a low‑privileged, authenticated local user to escalate to SYSTEM — Microsoft has published advisories and security updates addressing the issue, and multiple independent...