A critical security flaw, CVE-2025-21298, in Microsoft’s OLE technology enables remote code execution through a zero-click vulnerability in Outlook. Attackers can exploit this memory corruption issue by sending malicious RTF emails, triggering the flaw when previewed. Affecting multiple Windows versions, Microsoft has released patches, and users are urged to apply them and take additional precautions to mitigate risks.
Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws,
