ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-21331.

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required...

January 15, 2025

git-lfs-3.6.1-1.fc41

FEDORA-2025-1de066b8af Packages in this update: git-lfs-3.6.1-1.fc41 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

git-lfs-3.6.1-1.fc40

FEDORA-2025-50deb0acd5 Packages in this update: git-lfs-3.6.1-1.fc40 Update description: Update to latest version Fix CVE-2024-53263 Read More

January 15, 2025

USN-7206-1: rsync vulnerabilities

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use...

January 14, 2025

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is...

January 14, 2025

Microsoft Patches Eight Zero-Days to Start the Year

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

New AI Rule Aims to Prevent Misuse of US Technology

Browser-Based Cyber-Threats Surge as Email Malware Declines

Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data

The First Password on the Internet

UK Considers Ban on Ransomware Payments by Public Bodies

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability

git-lfs-3.6.1-1.fc41

git-lfs-3.6.1-1.fc40

USN-7206-1: rsync vulnerabilities

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution