Microsoft Security Response Center Blog Alerts

CVE-2025-33053 Internet Shortcut Files Remote Code Execution Vulnerability

Corrected the CVE description and title. This is an informational change only.

CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability

Added an acknowledgement. This is an informational change only.

Chromium: CVE-2025-5958 Use after free in Media

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

Chromium: CVE-2025-5959 Type Confusion in V8

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.

CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability

Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2025-32717 Microsoft Word Remote Code Execution Vulnerability

Microsoft is announcing the availability of the security updates for Microsoft Office 365. Customers running Office 365 should log in ensure you have the latest update to be protected from this vulnerability. See the [Release Notes](https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates) for more information.