⚠️Alertes de sécurité importantes (CVSS > 7.5)⚠️

🚨 CVE-2025-29964 Windows Media Remote Code Execution Vulnerability 🚨 CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability 🚨 CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability 🚨 CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability 🚨 CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability 🚨 CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability 🚨 CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability 🚨 CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability 🚨 CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability 🚨 CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability 🚨 CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability 🚨 CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability 🚨 CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability 🚨 CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability 🚨 CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability 🚨 CVE-2025-29840 Windows Media Remote Code Execution Vulnerability 🚨 CVE-2025-29962 Windows Media Remote Code Execution Vulnerability 🚨 CVE-2025-29963 Windows Media Remote Code Execution Vulnerability 🚨 CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability

Table des matières

• 🛡️ CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
• 🛡️ CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🛡️ CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🚨 CVE-2025-29964 Windows Media Remote Code Execution Vulnerability
• 🚨 CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability
• 🚨 CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
• 🚨 CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability
• 🛡️ CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability
• 🚨 CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability
• 🚨 CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability
• 🚨 CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability
• 🚨 CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability
• 🚨 CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability
• 🚨 CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability
• 🛡️ CVE-2025-30387 Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
• 🚨 CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
• 🛡️ CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-32703 Visual Studio Information Disclosure Vulnerability
• 🛡️ CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability
• 🛡️ CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
• 🛡️ ADV990001 Latest Servicing Stack Updates
• 🛡️ CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
• 🛡️ CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability
• 🛡️ CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
• 🛡️ CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🚨 CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🛡️ CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability
• 🛡️ CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🛡️ CVE-2025-29837 Windows Installer Information Disclosure Vulnerability
• 🛡️ CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
• 🚨 CVE-2025-29840 Windows Media Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability
• 🛡️ CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
• 🛡️ CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability
• 🛡️ CVE-2025-29956 Windows SMB Information Disclosure Vulnerability
• 🛡️ CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability
• 🛡️ CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🛡️ CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
• 🚨 CVE-2025-29962 Windows Media Remote Code Execution Vulnerability
• 🚨 CVE-2025-29963 Windows Media Remote Code Execution Vulnerability
• 🛡️ CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability
• 🛡️ CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability
• 🚨 CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability
• 🚨 CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability
• 🚨 CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability
• 🚨 CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability
• 🚨 CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability
• 🛡️ CVE-2025-32707 NTFS Elevation of Privilege Vulnerability
• 🛡️ CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
• 🚨 CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability
• 🛡️ CVE-2025-26673 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
• 🛡️ CVE-2025-29823 Microsoft Excel Remote Code Execution Vulnerability
• 🛡️ CVE-2017-0045 Windows DVD Maker XML External Entity Information Disclosure Vulnerability
• 🛡️ CVE-2025-26629 Microsoft Office Remote Code Execution Vulnerability
• 🛡️ CVE-2024-49128 Windows Remote Desktop Services Remote Code Execution Vulnerability

🛡️ CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Une vulnérabilité d’usurpation d’identité dans .NET, Visual Studio et Build Tools pour Visual Studio permet un contrôle externe du nom de fichier ou du chemin d’accès.

• 🛡️ CVE: CVE-2025-26646 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability

Une vulnérabilité d’élévation de privilège dans Microsoft Defender for Endpoint permet un contrôle externe du nom de fichier ou du chemin d’accès pour une attaque autorisée.

• 🛡️ CVE: CVE-2025-26684 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

L’utilisation d’une ressource non initialisée dans Windows Routing and Remote Access Service (RRAS) permet à un attaquant non autorisé de divulguer des informations.

• 🛡️ CVE: CVE-2025-29959 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29959)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

Une lecture hors limites dans Windows Routing and Remote Access Service (RRAS) permet à un attaquant non autorisé de divulguer des informations.

• 🛡️ CVE: CVE-2025-29960 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29960)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29964 Windows Media Remote Code Execution Vulnerability

Un dépassement de mémoire tampon basé sur le tas dans Windows Media permet à un attaquant non autorisé d’exécuter du code sur un réseau.

• 🚨 CVE: CVE-2025-29964 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29964)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability

Un dépassement de mémoire tampon basé sur le tas dans Windows Remote Desktop permet à un attaquant non autorisé d’exécuter du code.

• 🚨 CVE: CVE-2025-29966 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29966)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability

Un dépassement de mémoire tampon basé sur le tas dans Remote Desktop Gateway Service permet à un attaquant non autorisé d’exécuter du code.

• 🚨 CVE: CVE-2025-29967 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29967)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability

Une validation d’entrée incorrecte dans Active Directory Certificate Services (AD CS) permet à un attaquant autorisé de provoquer un déni de service.

• 🛡️ CVE: CVE-2025-29968 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29968)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability

Une condition de concurrence de type « time-of-check time-of-use » (toctou) dans Windows Fundamentals permet à un attaquant autorisé d’exécuter du code.

• 🚨 CVE: CVE-2025-29969 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29969)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability

Une vulnérabilité de type « use after free » dans Microsoft Brokering File System permet à un attaquant autorisé d’élever ses privilèges.

• 🛡️ CVE: CVE-2025-29970 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29970)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability

Une lecture hors limites dans Web Threat Defense (WTD.sys) permet à un attaquant non autorisé de provoquer un déni de service.

• 🛡️ CVE: CVE-2025-29971 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29971)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability

Un contrôle d’accès inapproprié dans Azure File Sync permet à un attaquant autorisé d’élever ses privilèges localement.

• 🛡️ CVE: CVE-2025-29973 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29973)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability

Une résolution de lien inappropriée avant l’accès au fichier (« link following ») dans Microsoft PC Manager permet à un attaquant autorisé d’élever ses privilèges localement.

• 🛡️ CVE: CVE-2025-29975 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29975)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🛡️ CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability

Une gestion inappropriée des privilèges dans Microsoft Office SharePoint permet à un attaquant autorisé d’élever ses privilèges.

• 🛡️ CVE: CVE-2025-29976 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29976)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability

Une vulnérabilité de type « use after free » dans Microsoft Office Excel permet à un attaquant non autorisé d’exécuter du code localement.

• 🚨 CVE: CVE-2025-29977 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29977)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability

Une vulnérabilité de type « use after free » dans Microsoft Office PowerPoint permet à un attaquant non autorisé d’exécuter du code localement.

• 🚨 CVE: CVE-2025-29978 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29978)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability

L’accès à une ressource utilisant un type incompatible (« type confusion ») dans Microsoft Office Excel permet à un attaquant non autorisé d’exécuter du code localement.

• 🚨 CVE: CVE-2025-30375 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30375)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability

Un dépassement de mémoire tampon basé sur le tas dans Microsoft Office Excel permet à un attaquant non autorisé d’exécuter du code.

• 🚨 CVE: CVE-2025-30376 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30376)
• 📅 Date de publication: Tue, 13 May 2025 07:00:00 Z

🚨 CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability

Une vulnérabilité de type « use after free » dans Microsoft Office permet à un attaquant non autorisé d’exécuter du code localement.

• 🚨 CVE: CVE-2025-30377 ([https://msrc.microsoft.com/