CVE-2025-33068: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-33068 [HIGH] CWE-400 GHSA-qvxq-cwr5-42fq: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVE-2025-33068 [HIGH] CWE-400 Windows Standards-Based Storage Management Service Denial of Service Vulnerability Windows Standards-Based Storage Management Service Denial of Service Vulnerability Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Windows Standards-Based Storage Management Service: Windows Standards-Based Storage Management Service Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060531 Reference: https://support.microsoft.com/help/5060531 Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5060526 Reference: https://support.microsoft.com/help/50605

CVE-2022-33068 [MEDIUM] CWE-190 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this. Mariner: Mariner mit

[HIGH] Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws ## Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws ## Lawrence Abrams 13 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 25 Remote Code Execution Vulnerabilities 17 Information Disclosure Vulnerabilities 6 Denial of Service Vulnerabilities 2 Spoofing Vulnerabilities This count does not include Mariner, Microsoft Edge, and Power Automate flaws fixed earlier this month. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5060842 and KB5060999 cumulative updates and the Windows 10 KB5060533 cumulative update . ## Two zero-days This month's Patch Tuesday fixes one actively exploited zero-day and one publicly disclosed vulnerability. Microsoft classifies a zero-day