MSRC Reports
@msrcreports
61 subscribers
2.97K links
Microsoft Security Response Center Reports
(Unofficial).

Reports usually come in bursts, because that's just how Microsoft releases them.
Download Telegram
About
Blog
Apps
Platform
Join
MSRC Reports
61 subscribers
MSRC Reports
CVE-2025-29819 Windows Admin Center in Azure Portal Information Disclosure Vulnerability

Updated acknowledgment. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819
41 views
MSRC Reports
Chromium: CVE-2025-8010 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8010
43 views
MSRC Reports
Chromium: CVE-2025-8011 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8011
52 views
MSRC Reports
Chromium: CVE-2025-8292 Use after free in Media Stream

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8292
46 views
MSRC Reports
CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

On April 18th 2025, Microsoft announced [Exchange Server Security Changes for Hybrid Deployments](https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833) and accompanying non-security [Hot Fix](https://techcommunity.microsoft.com/blog/exchange/released-april-2025-exchange-server-hotfix-updates/4402471). Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
32 views
MSRC Reports
CVE-2025-53787 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53787
27 views
MSRC Reports
CVE-2025-53774 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53774
27 views
MSRC Reports
CVE-2025-53767 Azure OpenAI Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767
24 views
MSRC Reports
CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53792
25 views
MSRC Reports
Chromium: CVE-2025-8577 Inappropriate implementation in Picture In Picture

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8577
25 views
MSRC Reports
Chromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in Chrome

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8579
29 views
MSRC Reports
Chromium: CVE-2025-8583 Inappropriate implementation in Permissions

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8583
29 views
MSRC Reports
Chromium: CVE-2025-8576 Use after free in Extensions

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8576
27 views
MSRC Reports
Chromium: CVE-2025-8578 Use after free in Cast

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8578
27 views
MSRC Reports
Chromium: CVE-2025-8580 Inappropriate implementation in Filesystems

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8580
28 views
MSRC Reports
Chromium: CVE-2025-8581 Inappropriate implementation in Extensions

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8581
36 views
MSRC Reports
Chromium: CVE-2025-8582 Insufficient validation of untrusted input in DOM

Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8582
35 views
MSRC Reports
CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
38 views
MSRC Reports
Chromium: CVE-2025-8879 Heap buffer overflow in libaom

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879
26 views
MSRC Reports
Chromium: CVE-2025-8880 Race in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880
28 views
MSRC Reports
Chromium: CVE-2025-8901 Out of bounds write in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901
33 views