threat detection

Microsoft’s advisory for CVE-2025-59243 names a memory-safety defect in Microsoft Excel that can lead to code execution when a specially crafted spreadsheet is opened, and organizations should treat the entry as a high-priority Office remediation event while applying layered mitigations and...

CVE-2025-49728 — Microsoft PC Manager: Cleartext storage of sensitive information (Security‑feature bypass, local) Summary (TL;DR) Microsoft has assigned CVE‑2025‑49728 to a vulnerability in Microsoft PC Manager where sensitive information is stored in cleartext, enabling a local, unauthorized...

Microsoft has pushed a significant upgrade to Microsoft Sentinel’s User and Entity Behavior Analytics (UEBA), embedding AI-driven behavioral detection, broader cross‑cloud data ingestion, and dynamic baselining that together aim to surface subtle account compromise and insider risk while...

Siemens has confirmed a vulnerability in its APOGEE PXC and TALON TC building automation devices that allows an unauthenticated remote actor to retrieve sensitive files — including the device’s encrypted database — over BACnet, a widely used building automation protocol, a weakness now tracked...

Microsoft’s September 9, 2025 Patchday brought a dense, operationally important set of fixes for Microsoft Office alongside a much larger ecosystem update—roughly eighty CVEs across Windows, Office, Azure and related components—forcing administrators to treat this month’s release as more than...

Microsoft has published advisory guidance tied to CVE‑2025‑55234 that focuses less on a new exploitable bug and more on enabling administrators to find and measure exposure to SMB relay‑style elevation‑of‑privilege attacks before they flip stronger hardening controls. The short form: the SMB...

Microsoft’s Security Response Center has cataloged CVE-2025-54915 as an elevation-of-privilege vulnerability in the Windows Defender Firewall Service described as “Access of resource using incompatible type (‘type confusion’),” and the vendor advises that an authorized local attacker could...

Microsoft’s Security Response Guide lists CVE-2025-54112 as a vulnerability in the Microsoft Virtual Hard Disk (VHD/VHDX) handling code that can be abused by an authorized local attacker to achieve elevation of privilege on Windows hosts, a condition vendors and incident responders classify as...

A newly disclosed race‑condition vulnerability in the Windows Capability Access Management Service (camsvc) can be abused by a local attacker to escalate privileges to SYSTEM on unpatched hosts, and organizations should treat the advisory as a high‑priority patching event for affected Windows...

Title: CVE‑2025‑54093 — Windows TCP/IP Driver TOCTOU Race Condition (Local Elevation of Privilege) Summary What it is: A time‑of‑check/time‑of‑use (TOCTOU) race condition in the Windows TCP/IP driver that Microsoft lists as CVE‑2025‑54093. Microsoft’s advisory describes the flaw as a TOCTOU...

Microsoft’s Security Update Guide records CVE-2025-54104 as an elevation of privilege vulnerability in the Windows Defender Firewall Service caused by an “access of resource using incompatible type (‘type confusion’)” — in short, a type‑confusion bug in a privileged service that an authorized...

Microsoft’s Security Update Guide lists CVE-2025-54098 as an Improper access control vulnerability in Windows Hyper‑V that allows an authorized attacker to elevate privileges locally, a condition that requires immediate attention from anyone running Hyper‑V hosts, management servers, or...

Microsoft’s security advisory for CVE-2025-53809 warns that improper input validation in the Windows Local Security Authority Subsystem Service (LSASS) can be abused by an authorized attacker to cause a denial of service (DoS) over a network, putting authentication services and domain...

CVE-2025-49692 Azure Connected Machine Agent Elevation of Privilege Vulnerability Overview What happened: Microsoft has posted an advisory for CVE‑2025‑49692 describing an improper access control vulnerability in the Azure Connected Machine (Windows Virtual Machine) Agent that can allow an...

Microsoft has published an advisory identifying CVE-2025-55317, a local elevation-of-privilege flaw in Microsoft AutoUpdate (MAU) caused by improper link resolution before file access — commonly described as a link-following or symlink/junction weakness — that can allow an authorized local...

Microsoft’s security portal lists CVE-2025-55228 as a Windows Graphics Component issue in the Win32K — GRFX code path that can be abused by an authenticated local actor through a concurrency/race condition; the flaw is described as allowing execution of attacker-supplied code in kernel context...

Microsoft’s security advisory for CVE-2025-54919 describes a race‑condition flaw in the Windows Win32K graphics subsystem (GRFX) that can be abused by an authenticated local user to execute code in a privileged context; defenders should treat affected hosts as high priority for immediate...

A newly disclosed Microsoft Excel vulnerability tracked as CVE-2025-54902 is an out‑of‑bounds read flaw in Excel’s file‑parsing logic that Microsoft warns could allow an attacker to achieve code execution on a targeted machine when a user opens a specially crafted spreadsheet, and organizations...

Microsoft’s Security Update Guide entry for CVE-2025-49734 describes an improper restriction of a communication channel in Windows PowerShell—a flaw in the PowerShell Direct pathway that can let an authorized local attacker elevate privileges on an affected host if the required conditions are...

Microsoft’s security team has published an advisory for an information‑disclosure bug in the Windows Routing and Remote Access Service (RRAS) — tracked as CVE‑2025‑53797 — describing an out‑of‑bounds / uninitialized‑resource read that can allow an attacker to obtain memory contents across the...