Microsoft Security Response Center Blog Alerts

CVE-2025-60716 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Published November 15, 2025

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

Published November 15, 2025

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally.

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

Published November 15, 2025

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

Published November 15, 2025

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.

CVE-2025-59506 DirectX Graphics Kernel Elevation of Privilege Vulnerability

Published November 15, 2025

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows DirectX allows an authorized attacker to elevate privileges locally.

Chromium: CVE-2025-13042 Inappropriate implementation in V8

Published November 15, 2025

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability

Published November 15, 2025

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Speech allows an authorized attacker to elevate privileges locally.