[Git][security-tracker-team/security-tracker][master] auto-nfu: Update Microsoft rule + NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 9 13:31:44 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d1d7a04 by Moritz Mühlenhoff at 2025-07-09T14:31:13+02:00
auto-nfu: Update Microsoft rule + NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -542,115 +542,115 @@ CVE-2025-49664 (Exposure of sensitive information to an unauthorized actor in Wi
 CVE-2025-49663 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-49661 (Untrusted pointer dereference in Windows Ancillary Function Driver for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49660 (Use after free in Windows Event Tracing allows an authorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49659 (Buffer over-read in Windows TDX.sys allows an authorized attacker to e ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49658 (Out-of-bounds read in Windows TDX.sys allows an authorized attacker to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-49657 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48824 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48823 (Cryptographic issues in Windows Cryptographic Services allows an unaut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48822 (Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48821 (Use after free in Windows Universal Plug and Play (UPnP) Device Host a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48820 (Improper link resolution before file access ('link following') in Wind ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48819 (Sensitive data storage in improperly locked memory in Windows Universa ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48818 (Time-of-check time-of-use (toctou) race condition in Windows BitLocker ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48817 (Relative path traversal in Remote Desktop Client allows an unauthorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48816 (Integer overflow or wraparound in HID class driver allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48815 (Access of resource using incompatible type ('type confusion') in Windo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48814 (Missing authentication for critical function in Windows Remote Desktop ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48812 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48811 (Missing support for integrity check in Windows Virtualization-Based Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48810 (Processor optimization removal or modification of security-critical co ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48809 (Processor optimization removal or modification of security-critical co ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48808 (Exposure of sensitive information to an unauthorized actor in Windows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48806 (Use after free in Microsoft MPEG-2 Video Extension allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48805 (Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48804 (Acceptance of extraneous untrusted data with trusted data in Windows B ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48803 (Missing support for integrity check in Windows Virtualization-Based Se ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48802 (Improper certificate validation in Windows SMB allows an authorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48800 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48799 (Improper link resolution before file access ('link following') in Wind ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48003 (Protection mechanism failure in Windows BitLocker allows an unauthoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48002 (Integer overflow or wraparound in Windows Hyper-V allows an authorized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48001 (Time-of-check time-of-use (toctou) race condition in Windows BitLocker ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-48000 (Use after free in Windows Connected Devices Platform Service allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47999 (Missing synchronization in Windows Hyper-V allows an authorized attack ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47998 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47996 (Integer underflow (wrap or wraparound) in Windows MBT Transport driver ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47994 (Deserialization of untrusted data in Microsoft Office allows an unauth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47993 (Improper access control in Microsoft PC Manager allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47991 (Use after free in Microsoft Input Method Editor (IME) allows an author ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47988 (Improper control of generation of code ('code injection') in Azure Mon ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47987 (Heap-based buffer overflow in Windows Cred SSProvider Protocol allows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47986 (Use after free in Universal Print Management Service allows an authori ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47985 (Untrusted pointer dereference in Windows Event Tracing allows an autho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47984 (Protection mechanism failure in Windows GDI allows an unauthorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47982 (Improper input validation in Windows Storage VSP Driver allows an auth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47981 (Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47980 (Exposure of sensitive information to an unauthorized actor in Windows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47978 (Out-of-bounds read in Windows Kerberos allows an authorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47976 (Use after free in Windows SSDP Service allows an authorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47975 (Double free in Windows SSDP Service allows an authorized attacker to e ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47973 (Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47972 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47971 (Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47422 (Advanced Installer before 22.6 has an uncontrolled search path element ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47178 (Improper neutralization of special elements used in an sql command ('s ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47159 (Protection mechanism failure in Windows Virtualization-Based Security  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-47135 (Dimension versions 4.1.2 and earlier are affected by an out-of-bounds  ...)
 	NOT-FOR-US: Adobe
 CVE-2025-47109 (After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -368,9 +368,11 @@
     - anyOf:
       - product: Azure Automation
       - product: Azure DevOps
+      - product: Azure Monitor
       - product: Azure Storage Resource Provider (SRP)
       - product: Microsoft 365 Apps for Enterprise
       - product: Microsoft 365 Copilot
+      - product: Microsoft Configuration Manager
       - product: Microsoft Dataverse
       - product: Microsoft Edge (Chromium-based)
       - product: Microsoft Edge (Chromium-based) Updater



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d1d7a04fdcdafb1adfb605116efdd2a599de9bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d1d7a04fdcdafb1adfb605116efdd2a599de9bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250709/5822b8a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list