CyberSecurity
on May 15, 2025 at 5:20 pm — Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
on May 15, 2025 at 5:20 pm — Chromium: CVE-2025-4664 Insufficient policy enforcement in Loader
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information. Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild.
on May 13, 2025 at 7:00 am — CVE-2025-29964 Windows Media Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
on May 13, 2025 at 7:00 am — CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
on May 13, 2025 at 7:00 am — CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
on May 13, 2025 at 7:00 am — CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability
To comprehensively address CVE-2025-26629, Microsoft has released May 2025 security updates for all affected versions of Microsoft Office. Customers running any of these versions should ensure that they have the latest build installed. For more information and to verify the build version, see https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
on May 13, 2025 at 7:00 am — CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
on May 13, 2025 at 7:00 am — CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.