CVE-2025-49718 Microsoft SQL Server Information Disclosure Vulnerability

Updated product information in the Software Update table. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49718

CVE-2025-49717 Microsoft SQL Server Remote Code Execution Vulnerability

Updated product information in the Software Update table. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717

CVE-2025-55231 Windows Storage-based Management Service Remote Code Execution Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231

CVE-2025-55229 Windows Certificate Spoofing Vulnerability

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229

CVE-2025-55230 Windows MBT Transport Driver Elevation of Privilege Vulnerability

Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55230

CVE-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795

CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53763

Chromium: CVE-2025-9132 Out of bounds write in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9132

Chromium: CVE-2025-9478 Use after free in ANGLE

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9478

ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver

In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/ADV200013

CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

Added an acknowledgement. This is an informational change only.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29187

CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability

Azure Entra Elevation of Privilege Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241

CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55238

CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914

CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55242

CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability

Information published.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244

CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53791

Chromium: CVE-2025-9864 Use after free in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9864

Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9865

Chromium: CVE-2025-9866 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9866

Chromium: CVE-2025-9867 Inappropriate implementation in Downloads

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9867