CVE-2025-21229 Windows Digital Media Elevation of Privilege Vulnerability
Published January 14, 2025
Information published.
Microsoft Security Response Center Blog Alerts
CVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Published January 14, 2025
Information published.
CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Published January 14, 2025
Information published.
CVE-2025-21223 Windows Telephony Service Remote Code Execution Vulnerability
Published January 14, 2025
Information published.
CVE-2025-21385 Microsoft Purview Information Disclosure Vulnerability
Published January 9, 2025
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
CVE-2025-21380 Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Published January 9, 2025
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
Published December 23, 2024
Providing further clarification about how to configure the EnableCertPaddingCheck registry value to implement and revert the improvement to authenticode signature verification. Customers who had successfully followed previous guidance do not need to make further changes to their systems. Although Windows treats the EnableCertPaddingCheck value as a DWORD, its actual registry value type does not matter, as long as all these length and data requirements are met. See the **Suggested Actions** section for more information.
Chromium: CVE-2024-12692 Type Confusion in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12695 Out of bounds write in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
Chromium: CVE-2024-12693 Out of bounds memory access in V8
Published December 19, 2024
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information.
