Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2025-33056: Windows Local Security Authority (LSA) Denial of Service Vulnerability

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Microsoft Security Response Center
#vulnerability#windows#microsoft#dos#auth#Microsoft Local Security Authority Server (lsasrv)#Security Vulnerability
CVE-2025-47962: Windows SDK Elevation of Privilege Vulnerability

**Is there more information that is available on Windows SDK?** Yes. Please see: Windows SDK - Windows app development which explains the Windows SDK and advises how to install and maintain the product.

CVE-2025-47969: Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

CVE-2025-33071: Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target.

CVE-2025-47956: Windows Security App Spoofing Vulnerability

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.