Microsoft News Articles

The 4 Worst Vulnerabilities of 2025 – And How To Boost Patch Management in 2026

What were the worst vulnerabilities of last year, according to experts? 2025 saw its fair share of dangerous security vulnerabilities, often exploited before firms were able to apply patches....

1 week ago

ESET Research analyzed a critical flaw in Windows Imaging Component, which abuses JPG files

ESET researchers have examined CVE-2025-50165, a serious Windows vulnerability that theoretically grants remote code execution by opening a specially crafted JPG file. However, ESET Research believes that the exploitation scenario is harder than it appears to be.

3 weeks ago

Windows Imaging Component Vulnerability Enables Remote Code Execution in Complex Attack Scenarios

Tracked as CVE-2025-50165, the flaw affects WindowsCodecs.dll, the core library that processes standard image formats, including PNG, GIF, and JPG.

3 weeks ago

Windows Imaging Component Vulnerability Can Lead to RCE Attacks Under Complex Attack Scenarios

Researchers analyzed Windows flaw, that affects the WIC and could let attackers run code using specially crafted JPEG files.

3 weeks ago

Windows Imaging Component Vulnerability May Allow RCE Through Advanced Exploitation

A new analysis of a critical security flaw in Microsoft Windows, tracked as CVE-2025-50165, affects the Windows Imaging Component.

3 weeks ago

Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges

Microsoft has fixed a serious Windows BFS driver, that allow local attackers gain higher privileges, posing a risk to enterprise systems.

4 weeks ago

Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation

Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems.

4 weeks ago

Critical Windows Admin Center Flaw CVE-2025-64669 Exposes Servers to Attack

Discover a critical vulnerability in Windows Admin Center (CVE-2025-64669) that allows standard users to escalate privileges and take control of servers. Learn more and update now.

1 month ago

Microsoft Desktop Window Manager Vulnerability Allows Privilege Escalation

The vulnerability, tracked as CVE-2025-55681, resides in the dwmcore!CBrushRenderingGraphBuilderAddEffectBrush function and affects Windows systems through a complex attack chain.

1 month ago

Risky Bulletin: Most smart devices run outdated web browsers

Ukraine hacks major Russian defense contractor; ransomware hits Venezuela's oil company; hackers are trying to extort PornHub with stolen data.

1 month ago

Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges

A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier.

1 month ago

Windows Admin Center Vulnerability Allows Attackers to Escalate Privileges

The flaw, tracked as CVE-2025-64669, affects all versions up to WAC 2411 and poses a significant threat to enterprise infrastructure management systems worldwide.

1 month ago

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service.

Privilege Escalation Flaw Found in Windows Remote Access Connection Manager

The vulnerabilities stem from distinct technical weaknesses in the Remote Access Connection Manager component.

Windows Remote Access Connection Manager Flaws Allow Privilege Escalation

Microsoft disclosed two elevation-of-privilege vulnerabilities in Windows Remote Access Connection Manager this week, both rated Important.

CVE-2025-62221 and CVE-2025-54100: Windows Elevation of Privilege and RCE Zero-Day Vulnerabilities Patched | SOC Prime

Explore details for CVE-2025-62221 and CVE-2025-54100 zero-day vulnerabilities in Windows products, with an in-depth analysis on our SOC Prime blog.

Warning, Cybercriminals Exploiting Windows and WinRAR Flaws

Urgent alert: Cybercriminals are exploiting critical Windows and WinRAR vulnerabilities. Discover how to protect your data before it’s too late.

Alert! Hackers targeting Windows and WinRAR vulnerabilities

The US cyber agency has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Microsoft And CISA Issue Critical New Alert, Windows Attacks Confirmed

Do not wait; the attacks have already started, and Windows users are the target. Update now.

Windows Defender Firewall Service Vulnerability Lets Attackers Disclose Sensitive Data

Tracked as CVE-2025-62468, the vulnerability was publicly released on December 9, 2025, and has been assigned an "Important" severity rating by Microsoft.

Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data

Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Servic allow threat actors to access sensitive information.

Windows PowerShell 0-Day Vulnerability Allows Attackers to Execute Malicious Code

Tracked as CVE-2025-54100, the flaw was publicly disclosed on December 9, 2025, and is classified by Microsoft as an “Important” remote code execution

Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code

Microsoft has released a security update to fix a Windows PowerShell flaw that could let attackers run malicious code on a system

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog.