Protecting Privacy Build Trust
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
Improper link resolution before file access (‘link following’) in .NET allows an authorized attacker to elevate privileges locally.
Microsoft is aware of [AMD-SB-3020 | CVE-2025-0033](http://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3020.html) disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
on October 9, 2025 at 4:08 pm — Chromium: CVE-2025-11458 Heap buffer overflow in Sync Read More »
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
on October 9, 2025 at 4:08 pm — Chromium: CVE-2025-11460 Use after free in Storage Read More »
[Unity](https://unity.com) announced a security vulnerability (CVE-2025-59489) that is affecting games or applications built with the Unity Gaming Engine Editor (version 2017.1 or later). You may be using a Microsoft app or playing a Microsoft game that should be uninstalled until an update is available. We are working to update games and applications that are potentially
