CVE-2025-24994 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Published March 11, 2025
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Microsoft Security Response Center Blog Alerts
CVE-2025-24059 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Published March 11, 2025
Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-24995 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2024-9157 Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerability
Published March 11, 2025
Information published.
CVE-2025-24993 Windows NTFS Remote Code Execution Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2025-24056 Windows Telephony Service Remote Code Execution Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
CVE-2025-21180 Windows exFAT File System Remote Code Execution Vulnerability
Published March 11, 2025
Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability
Published March 11, 2025
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Chromium: CVE-2025-1918 Out of bounds read in PDFium
Published March 7, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream
Published March 7, 2025
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.
