)
)
)
)
Summary
In an ad hoc August 2025 session, Automox security manager Ryan Braunstein and Mat Lee run through a Hyper-V pair and a set of SQL Server flaws. They walk through CVE-2025-53155, a Hyper-V buffer overflow triggered by a specially crafted VHDX file that elevates a local attacker to system, and CVE-2025-49707, an Azure confidential-VM flaw that lets an attacker spoof certificate-based authentication and impersonate other machines. The two could be chained for lateral movement. Braunstein and Lee then turn to four or five SQL Server CVEs, where SQL injection still crops up in modern software decades after it first appeared.
)
)
)