CyberSecurity
on August 28, 2025 at 7:00 am — ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to
on August 28, 2025 at 6:46 pm — Chromium: CVE-2025-9478 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
on August 28, 2025 at 6:46 pm — Chromium: CVE-2025-9478 Use after free in ANGLE Read More »
on August 26, 2025 at 7:00 am — CVE-2025-55231 Windows Storage-based Management Service Remote Code Execution Vulnerability
Corrected Download and Article links in the Security Updates table. This is an informational change only.
on August 21, 2025 at 3:59 pm — Chromium: CVE-2025-9132 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
on August 21, 2025 at 3:59 pm — Chromium: CVE-2025-9132 Out of bounds write in V8 Read More »
on August 21, 2025 at 7:00 am — CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
on August 21, 2025 at 7:00 am — CVE-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
on August 21, 2025 at 7:00 am — CVE-2025-55230 Windows MBT Transport Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
on August 21, 2025 at 7:00 am — CVE-2025-55229 Windows Certificate Spoofing Vulnerability
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
on August 18, 2025 at 7:00 am — CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability
Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.