CVE-2025-26680: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26680 [HIGH] CWE-400 GHSA-m46h-3mqp-xh9w: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-26680 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 Reference: https://support.microsoft.com/help/5055519 Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 Reference: https://support.microsoft.com/help/50

CVE-2024-26680 [MEDIUM] CWE-416 net: atlantic: Fix DMA mapping for PTP hwts ring net: atlantic: Fix DMA mapping for PTP hwts ring FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner Linux: Linux Customer Action Required: Yes

[HIGH] Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws ## Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws ## Lawrence Abrams 49 Elevation of Privilege Vulnerabilities 9 Security Feature Bypass Vulnerabilities 31 Remote Code Execution Vulnerabilities 17 Information Disclosure Vulnerabilities 14 Denial of Service Vulnerabilities 3 Spoofing Vulnerabilities The above numbers do not include Mariner flaws and 13 Microsoft Edge vulnerabilities fixed earlier this month. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5055523 & KB5055528 cumulative updates and the Windows 10 KB5055518 update . ## One actively exploited zero-days This month's Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclos