CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29954
Chromium: CVE-2025-8879 Heap buffer overflow in libaom
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8879
Chromium: CVE-2025-8880 Race in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8880
Chromium: CVE-2025-8901 Out of bounds write in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8901
Chromium: CVE-2025-8881 Inappropriate implementation in File Picker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8881
Chromium: CVE-2025-8882 Use after free in Aura
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8882
CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
Acknowledgement added. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740
CVE-2025-49716 Windows Netlogon Denial of Service Vulnerability
Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716
Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49716
CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718
CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
Updated product information in the Software Update table. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717
CVE-2025-55231 Windows Storage-based Management Service Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231
CVE-2025-55229 Windows Certificate Spoofing Vulnerability
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229
CVE-2025-55230 Windows MBT Transport Driver Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230
CVE-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795
CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763
Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763
Chromium: CVE-2025-9132 Out of bounds write in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132
Chromium: CVE-2025-9478 Use after free in ANGLE
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9478
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9478
ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29187
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29187
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
Azure Entra Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
Azure Entra Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55238
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55238