Severity
High
Analysis Summary
CVE-2025-47968 CVSS:7.8
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-47962 CVSS:7.8
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
CVE-2025-47957 CVSS:8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47956 CVSS:5.5
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
CVE-2025-47955 CVSS:7.8
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-47953 CVSS:8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47176 CVSS:7.8
Microsoft Office Outlook allows an authorized attacker to execute code locally.
CVE-2025-47175 CVSS:7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Impact
- Privilege Escalation
- Code Execution
Indicators of Compromise
CVE
CVE-2025-47968
CVE-2025-47962
CVE-2025-47957
CVE-2025-47956
CVE-2025-47955
CVE-2025-47953
CVE-2025-47176
CVE-2025-47175
Affected Vendors
- Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows Server 2012
- Microsoft Windows Server 2022
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
- Microsoft AutoUpdate for Mac
- Microsoft Windows Server 2025
- Microsoft Windows SDK
- Microsoft Office 2024
- Microsoft Windows Security App
- Microsoft Office PowerPoint
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.