security update guide

Microsoft’s Security Update Guide entry for CVE-2025-53718 describes a use‑after‑free (UAF) flaw in the Windows Ancillary Function Driver for WinSock (AFD.sys) that can be triggered by a locally authorized user to obtain elevated privileges on affected Windows hosts — a kernel‑level...

Microsoft has published an advisory for CVE-2025-53144, a vulnerability in Windows Message Queuing (MSMQ) described as an access of resource using incompatible type (a type confusion) that can allow an authorized attacker to execute code over a network; administrators should treat it as...

Microsoft’s advisory listing for CVE-2025-53142 describes a use‑after‑free flaw in the Microsoft Brokering File System that can allow an authenticated, local attacker to escalate privileges on an affected Windows host — a classic kernel‑level memory corruption that deserves immediate attention...

Title: CVE-2025-50171 — Remote Desktop "Missing authorization" (spoofing) vulnerability — what admins must know and do now TL;DR (quick action checklist) This CVE (CVE-2025-50171) is a Microsoft-reported vulnerability in Remote Desktop Server described as a “missing authorization” that allows...

Microsoft has assigned CVE-2025-50168 to a Windows kernel vulnerability in the Win32K ICOMP component described as "Access of resource using incompatible type ('type confusion')" that can allow an authorized local user to elevate privileges; Microsoft’s advisory is published in the Security...

A newly disclosed vulnerability in the Windows Distributed Transaction Coordinator (MSDTC) — tracked as CVE-2025-50166 — stems from an integer overflow or wraparound in the MSDTC code path and can allow an authorized attacker to disclose memory-resident information over a network connection...

A recently published Microsoft advisory warns that CVE-2025-49762 — a race-condition flaw in the Windows Ancillary Function Driver for WinSock (AFD.sys) — can allow a locally authorized attacker to elevate privileges by exploiting concurrent execution using a shared resource with improper...

Microsoft’s advisory language about an SQL injection–style elevation of privilege in SQL Server is serious — but the identifier you supplied, CVE-2025-49759, does not appear in the major public vulnerability trackers I reviewed; instead, Microsoft’s July 8, 2025 SQL Server fixes included a...

A Microsoft Security Update Guide entry for CVE-2025-33051 describes an information disclosure vulnerability affecting Microsoft Exchange Server, and the appearance of that CVE on the vendor’s advisory should put any on‑premises Exchange administrator on high alert. At the time of writing...

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder...

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...