Microsoft Security Response Center Blog Alerts

CVE-2025-26665 Windows upnphost.dll Elevation of Privilege Vulnerability

Posted on Tuesday April 08, 2025

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

 

CVE-2025-26664 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Posted on Tuesday April 08, 2025

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

 

CVE-2025-26663 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Posted on Tuesday April 08, 2025

Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.

 

CVE-2025-29796 Microsoft Edge for iOS Spoofing Vulnerability

Posted on Thursday April 03, 2025

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

 

Chromium: CVE-2025-3066 Use after free in Navigations

Posted on Thursday April 03, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

 

Chromium: CVE-2025-3073 Inappropriate implementation in Autofill

Posted on Thursday April 03, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

 

Page:   1...464748495051525354...172

Celebrating 35+ Years

Managed Computer Support Services

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016