Microsoft Security Response Center Blog Alerts

CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

CVE-2025-29963 Windows Media Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an authorized attacker to execute code over a network.

CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-29962 Windows Media Remote Code Execution Vulnerability