Protecting Privacy Build Trust
Corrected Article and Download entries in the Affected Products table. This is an informational change only.
on July 11, 2025 at 7:00 am — CVE-2025-47956 Windows Security App Spoofing Vulnerability Read More »
Updated CVE to correct information regarding the security update for SQL 2016 Azure Connect Feature Pack. This version was not affected by the regression. The original update information has been restored for SQL 2016 Azure Connect Feature Pack. Nevertheless, Microsoft recommends updating to the most recent version of all SQL server products.
Microsoft has released July 8, 2025 security updates for all supported versions of Windows that provide new mitigations to protect against this vulnerability; however, these mitigations are not enabled by default. After you have installed the updates, follow the steps outlined in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes
Improper link resolution before file access (‘link following’) in Service Fabric allows an authorized attacker to elevate privileges locally.
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
