Microsoft Security Response Center Blog Alerts

CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability

Posted on Tuesday June 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

 

CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability

Posted on Tuesday June 10, 2025

Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an authorized attacker to perform spoofing over a network.

 

CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Posted on Tuesday June 10, 2025

Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

 

CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability

Posted on Tuesday June 10, 2025

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

 

CVE-2025-3052 Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass

Posted on Tuesday June 10, 2025

Untrusted pointer dereference in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

 

CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability

Posted on Tuesday June 10, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

 

Page:   12345678...172

Celebrating 35+ Years

Managed Internet Connections

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016