Microsoft Security Response Center Update Guide
- CVE-2025-24053 Microsoft Dataverse Elevation of Privilege Vulnerabilityon March 13, 2025 at 7:00 am
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
- Chromium: CVE-2025-2137 Out of bounds read in V8on March 12, 2025 at 3:32 pm
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
- Chromium: CVE-2025-2136 Use after free in Inspectoron March 12, 2025 at 3:32 pm
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
- Chromium: CVE-2025-2135 Type Confusion in V8on March 12, 2025 at 3:32 pm
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
- Chromium: CVE-2025-1920 Type Confusion in V8on March 12, 2025 at 3:32 pm
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
- Chromium: CVE-2025-24201 Out of bounds write in GPU on Macon March 12, 2025 at 7:00 am
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild.
- CVE-2025-24048 Windows Hyper-V Elevation of Privilege Vulnerabilityon March 11, 2025 at 7:00 am
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-24051 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-21247 MapUrlToZone Security Feature Bypass Vulnerabilityon March 11, 2025 at 7:00 am
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-24045 Windows Remote Desktop Services Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
- CVE-2024-9157 Synaptics: CVE-2024-9157 Synaptics Service Binaries DLL Loading Vulnerabilityon March 11, 2025 at 7:00 am
Information published.
- CVE-2025-25003 Visual Studio Elevation of Privilege Vulnerabilityon March 11, 2025 at 7:00 am
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
- CVE-2025-24078 Microsoft Word Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24064 Windows Domain Name Service Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
- CVE-2025-24070 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerabilityon March 11, 2025 at 7:00 am
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-24077 Microsoft Word Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-24057 Microsoft Office Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24043 WinDbg Remote Code Execution Vulnerabilityon March 11, 2025 at 7:00 am
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
- CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerabilityon March 11, 2025 at 7:00 am
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- CVE-2025-24055 Windows USB Video Class System Driver Information Disclosure Vulnerabilityon March 11, 2025 at 7:00 am
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.