CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731
CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761
CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760
CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759
CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741
Revised the packages to include Download Center ID for this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741
Chromium: CVE-2025-11756 Use after free in Safe Browsing
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11756
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11756
CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability
Added an FAQ to explain the disparity between the Important severity, the exploitability assessment of "less likely to be exploited", and the high CVSS3.1 score of 9.9 out of 10.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
Added an FAQ to explain the disparity between the Important severity, the exploitability assessment of "less likely to be exploited", and the high CVSS3.1 score of 9.9 out of 10.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40010
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40010
CVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40005
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40005
CVE-2025-40011 drm/gma500: Fix null dereference in hdmi teardown
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40011
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40011
CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40016
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40016
CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40013
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40013
CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295
Added an acknowledgement. This is an informational change only.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295
CVE-2025-59500 Azure Notification Service Elevation of Privilege Vulnerability
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59500
CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503
CVE-2025-59273 Azure Event Grid System Elevation of Privilege Vulnerability
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59273
CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287
CVE-2022-49635 drm/i915/selftests: fix subtraction overflow bug
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49635
CVE-2022-49610 KVM: VMX: Prevent RSB underflow before vmenter
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49610
CVE-2022-49562 KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49562
CVE-2022-49552 bpf: Fix combination of jit blinding and pointers to bpf subprogs.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49552