CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability
Published May 13, 2025
Improper link resolution before file access (‘link following’) in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Microsoft Security Response Center Blog Alerts
CVE-2025-29962 Windows Media Remote Code Execution Vulnerability
Published May 13, 2025
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Published May 13, 2025
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
Published May 13, 2025
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published May 13, 2025
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Published May 13, 2025
Improper limitation of a pathname to a restricted directory (‘path traversal’) in Azure allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Published May 13, 2025
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Published May 13, 2025
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
