Microsoft Security Response Center Blog Alerts

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2025-13223 exists in the wild.

Updated the build numbers. This is an informational update only.

Updated the build numbers. This is an informational update only.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.

Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

Improper link resolution before file access (‘link following’) in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.