Microsoft Security Response Center Blog Alerts

CVE-2025-24060 Microsoft DWM Core Library Elevation of Privilege Vulnerability

Published April 8, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Published April 8, 2025

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network.

Published April 8, 2025

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

Published April 8, 2025

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Published April 8, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Published April 8, 2025

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Published April 8, 2025

Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.

Published April 8, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Published April 8, 2025

Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.

Published April 8, 2025

Improper input validation in Windows Security Zone Mapping allows an unauthorized attacker to bypass a security feature locally.