ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
In the Security Updates table, added Windows Server 2022, version 23H2, Windows Server 2025, and Windows Server 2025 (Server Core installation) as these versions of Windows Server are also affected by this vulnerability. Customers running these versions should configure Windows DNS servers to have UDP buffer size of 1221, as detailed in the Workaround, to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
CVE-2024-29187 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29187
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29187
CVE-2025-55241 Azure Entra Elevation of Privilege Vulnerability
Azure Entra Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
Azure Entra Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55241
CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55238
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55238
CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54914
CVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55242
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55242
CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55244
CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53791
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53791
Chromium: CVE-2025-9864 Use after free in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9864
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9864
Chromium: CVE-2025-9865 Inappropriate implementation in Toolbar
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9865
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9865
Chromium: CVE-2025-9866 Inappropriate implementation in Extensions
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9866
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9866
Chromium: CVE-2025-9867 Inappropriate implementation in Downloads
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9867
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-9867
Chromium: CVE-2025-10200 Use after free in Serviceworker
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10200
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10200
Chromium: CVE-2025-10201 Inappropriate implementation in Mojo
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10201
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10201
CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55319
CVE-2025-54910 Microsoft Office Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54910
CVE-2025-54901 Microsoft Excel Information Disclosure Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54901
CVE-2025-54900 Microsoft Excel Remote Code Execution Vulnerability
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54900
CVE-2025-49728 Microsoft PC Manager Security Feature Bypass Vulnerability
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49728
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47967
CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154
Updated one or more CVSS scores for the affected products. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154