Microsoft Security Response Center Blog Alerts

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=…

Published December 11, 2025

Information published.

Published December 11, 2025

Information published.

Published December 10, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Published December 10, 2025

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Published December 10, 2025

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Published December 10, 2025

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Published December 10, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Published December 10, 2025

Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.

Published December 10, 2025

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Published December 10, 2025

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.