[Git][security-tracker-team/security-tracker][master] auto-nfu: Update Microsoft rule + NFUs

Moritz Muehlenhoff (@jmm) Wed, 09 Jul 2025 05:31:52 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6d1d7a04 by Moritz Mühlenhoff at 2025-07-09T14:31:13+02:00
auto-nfu: Update Microsoft rule + NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -542,115 +542,115 @@ CVE-2025-49664 (Exposure of sensitive information to an 
unauthorized actor in Wi
 CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
        NOT-FOR-US: Microsoft
 CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function 
Driver for ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-49659 (Buffer over-read in Windows TDX.sys allows an authorized 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-49658 (Out-of-bounds read in Windows TDX.sys allows an authorized 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-49657 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48824 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48823 (Cryptographic issues in Windows Cryptographic Services allows 
an unaut ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48822 (Out-of-bounds read in Windows Hyper-V allows an unauthorized 
attacker  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48821 (Use after free in Windows Universal Plug and Play (UPnP) 
Device Host a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48820 (Improper link resolution before file access ('link following') 
in Wind ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48819 (Sensitive data storage in improperly locked memory in Windows 
Universa ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48818 (Time-of-check time-of-use (toctou) race condition in Windows 
BitLocker ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48817 (Relative path traversal in Remote Desktop Client allows an 
unauthorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48816 (Integer overflow or wraparound in HID class driver allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48815 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48814 (Missing authentication for critical function in Windows Remote 
Desktop ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48812 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48811 (Missing support for integrity check in Windows 
Virtualization-Based Se ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48810 (Processor optimization removal or modification of 
security-critical co ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48809 (Processor optimization removal or modification of 
security-critical co ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48808 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48806 (Use after free in Microsoft MPEG-2 Video Extension allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48805 (Heap-based buffer overflow in Microsoft MPEG-2 Video Extension 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48804 (Acceptance of extraneous untrusted data with trusted data in 
Windows B ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48803 (Missing support for integrity check in Windows 
Virtualization-Based Se ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48802 (Improper certificate validation in Windows SMB allows an 
authorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48800 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48799 (Improper link resolution before file access ('link following') 
in Wind ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48003 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48002 (Integer overflow or wraparound in Windows Hyper-V allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48001 (Time-of-check time-of-use (toctou) race condition in Windows 
BitLocker ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-48000 (Use after free in Windows Connected Devices Platform Service 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47999 (Missing synchronization in Windows Hyper-V allows an 
authorized attack ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47998 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47996 (Integer underflow (wrap or wraparound) in Windows MBT 
Transport driver ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47994 (Deserialization of untrusted data in Microsoft Office allows 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47993 (Improper access control in Microsoft PC Manager allows an 
authorized a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47991 (Use after free in Microsoft Input Method Editor (IME) allows 
an author ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47988 (Improper control of generation of code ('code injection') in 
Azure Mon ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47987 (Heap-based buffer overflow in Windows Cred SSProvider Protocol 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47986 (Use after free in Universal Print Management Service allows an 
authori ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47985 (Untrusted pointer dereference in Windows Event Tracing allows 
an autho ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47984 (Protection mechanism failure in Windows GDI allows an 
unauthorized att ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47982 (Improper input validation in Windows Storage VSP Driver allows 
an auth ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47981 (Heap-based buffer overflow in Windows SPNEGO Extended 
Negotiation allo ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47980 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47978 (Out-of-bounds read in Windows Kerberos allows an authorized 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47976 (Use after free in Windows SSDP Service allows an authorized 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47975 (Double free in Windows SSDP Service allows an authorized 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47973 (Buffer over-read in Virtual Hard Disk (VHDX) allows an 
unauthorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47972 (Concurrent execution using shared resource with improper 
synchronizati ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47971 (Buffer over-read in Virtual Hard Disk (VHDX) allows an 
unauthorized at ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47422 (Advanced Installer before 22.6 has an uncontrolled search path 
element ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47178 (Improper neutralization of special elements used in an sql 
command ('s ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47159 (Protection mechanism failure in Windows Virtualization-Based 
Security  ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-47135 (Dimension versions 4.1.2 and earlier are affected by an 
out-of-bounds  ...)
        NOT-FOR-US: Adobe
 CVE-2025-47109 (After Effects versions 25.2, 24.6.6 and earlier are affected 
by a NULL ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -368,9 +368,11 @@
     - anyOf:
       - product: Azure Automation
       - product: Azure DevOps
+      - product: Azure Monitor
       - product: Azure Storage Resource Provider (SRP)
       - product: Microsoft 365 Apps for Enterprise
       - product: Microsoft 365 Copilot
+      - product: Microsoft Configuration Manager
       - product: Microsoft Dataverse
       - product: Microsoft Edge (Chromium-based)
       - product: Microsoft Edge (Chromium-based) Updater



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d1d7a04fdcdafb1adfb605116efdd2a599de9bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d1d7a04fdcdafb1adfb605116efdd2a599de9bf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] auto-nfu: Update Microsoft rule + NFUs

Reply via email to