Microsoft Releases Tuesday Patch-March 2026; Fixed 83 Flaws
Microsoft Tuesday Patch March 2026 fixes 83 Vulnerabilities Including 2 Actively Exploited Zero-Days
Continue ReadingMicrosoft Tuesday Patch
Microsoft Patch Tuesday Feb-2026, Critical Azure RCE & Windows EoP & 0-Days
Microsoft’s February 2026 Patch Tuesday
Continue Reading
Microsoft Fixes 113 Vulnerabilities & 1 Actively Exploited 0-Day in First Patch Released -Jan2026
Microsoft Patch Tuesday 2026 Jan
Continue Reading
Microsoft October Patch Fixes 175 Vulnerabilities, 6 Zero-Days & Critical Exploits
Summary: Microsoft’s October 2025 Patch Tuesday fixes 175 security vulnerabilities in the products Windows, Office, Azure, and .NET and others. It includes patches for 6 – zero-day vulnerabilities where three vulnerabilities have been exploited and three publicly known vulnerabilities.
Microsoft advises immediate deployment of updates and removal of affected drivers, while assessing legacy fax hardware for compatibility issues introduced by the driver removal in this month update.
The October 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-10-14 |
| No. of Patches | 175 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Major fixes address serious remote code execution issues in Office and WSUS, along with privilege escalation vulnerabilities in Windows and Azure. The update also removes the Agere Modem driver, which could affect older fax devices. Users & Administrator are urged to update the patch to immediately to stay protected.
Here are the CVE addresses for Microsoft & non-Microsoft:
- 175 Microsoft CVEs addressed
- 21 non-Microsoft CVEs addressed (Republished)
Breakdown of October 2025 Vulnerabilities
- 80 Elevation of Privilege (EoP)
- 31 Remote Code Execution (RCE)
- 28 Information Disclosure
- 11 Denial of Service (DoS)
- 11 Security Feature Bypass
- 12 Spoofing
- 2 Tampering
Source: Microsoft
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Agere Modem Driver Elevation of Privilege Vulnerability | CVE-2025-24990 | Windows 10, 11, Server 2016-2022 | High | 7.8 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2025-59230 | Windows 10, 11, Server 2016-2022 | High | 7.8 |
| Secure Boot Bypass Vulnerability in IGEL OS | CVE-2025-47827 | IGEL OS | Medium | 4.6 |
| Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | CVE-2025-59287 | Windows Server | Critical | 9.8 |
| Microsoft Office Remote Code Execution Vulnerability | CVE-2025-59234 | Microsoft Office | High | 7.8 |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2025-59236 | Microsoft Excel (2016-2021) | High | 8.4 |
Technical Summary
October 2025 Patch Tuesday includes security updates addresses remote code execution, privilege escalation and information disclosure vulnerabilities in core Windows components, Office applications and Azure cloud services.
3 zero-days are actively exploited, including CVE-2025-24990 in the Agere Modem driver, where attackers can abuse the third-party component to gain administrative privileges without needing the modem hardware active, leading to local system compromise.
Additionally, exposes improper access controls in Windows Remote Access Connection Manager, enabling authorized attackers to escalate to SYSTEM privileges with moderate effort.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24990 | Windows Agere Modem Driver | Third-party driver abused for admin privileges; removed in updates, may break fax modem hardware | Privilege Escalation |
| CVE-2025-59230 | Windows Remote Access Connection Manager | Improper access control allows local attackers to gain SYSTEM privileges | Privilege Escalation |
| CVE-2025-47827 | IGEL OS < v11 | Improper cryptographic signature verification enables Secure Boot bypass via crafted root filesystem | Security Feature Bypass |
| CVE-2025-59287 | Windows Server Update Service | Deserialization of untrusted data allows unauthenticated RCE over networks, prime for supply-chain attacks | Remote Code Execution |
| CVE-2025-59234 | Microsoft Office (2016-2021) | Use-after-free in Office allows RCE via malicious files, no authentication required | Remote Code Execution |
| CVE-2025-59236 | Microsoft Excel (2016-2021) | Use-after-free in Excel enables RCE via malicious files, potentially leading to system control | Remote Code Execution |
Source: Microsoft
In addition to several other publicly exploited Zero-Day & Critical severity issues were addressed
- CVE-2025-0033: AMD SEV-SNP Flaw – Race condition in AMD EPYC processors allows hypervisor to tamper with guest memory; needs privileged access. (Critical)
- CVE-2025-24052: Windows Agere Modem EoP – Flaw in modem driver enables local admin privilege escalation; driver removed, may affect fax hardware. (High)
- CVE-2025-2884: TCG TPM 2.0 Vulnerability – Out-of-bounds read in TPM cause info disclosure or DoS, impacting secure boot. (Medium)
- CVE‑2025‑49708: Microsoft Graphics Component EoP – Memory corruption enables network-based privilege escalation. (Critical)
- CVE-2025-59227: Microsoft Office RCE – Use-after-free affecting multiple Office versions. (Critical)
- CVE-2016-9535: LibTIFF Heap Buffer Overflow – RCE via malformed TIFF files in image processing. (Critical)
- CVE-2025-59291 & CVE-2025-59292: Azure Container Instances/Compute Gallery EoP – External file path control for local privilege escalation. (Critical)
Key Affected Products and Services
- Windows Core and Security Components
Updates for Windows Kernel, NTFS, BitLocker, NTLM, SMB, WinSock, PrintWorkflowUserSvc and Remote Desktop Services, with several vulnerabilities rated CVSS 7.8 or higher.
- Microsoft Office Suite
Patches for Excel, Word, PowerPoint, Visio, and SharePoint addressing RCE and information disclosure issues, particularly via malicious file execution.
- Azure and Cloud Services
Fixes for Azure Entra ID, Monitor Agent, Connected Machine Agent, PlayFab and Confidential Container Instances.
- Virtualization and Hyper-V
Vulnerabilities in Hyper-V and Virtual Secure Mode, including privilege escalation and DoS risks.
- Developer and Management Tools
Updates for PowerShell, Visual Studio and Configuration Manager addressing local privilege escalation.
- Communication & File Services
Patches for SMB, WSUS, and Connected Devices Platform with critical RCE and lateral movement risks.
- Browsers and Web Technologies
Microsoft Edge (Chromium-based) updates, including republished Chrome CVEs.
Remediation:
- Install the October 2025 security updates immediately to mitigate risks.
Here are some recommendations below
- Use EDR tools to monitor any indicators like Office crashes or logs.
- Disable unused services to prevent any remote access or other exploitation.
- Apply least privilege access in Office and Azure environments.
- Segment networks to reduce any lateral movement.
Conclusion:
Critical RCE flaws in Office and WSUS, along with privilege escalation bugs, pose significant risks for ransomware, data theft and lateral movement. Administrator, users & security teams should deploy patches immediately, enhance monitoring and apply mitigations to reduce exposure.
References:
Microsoft June 2025 Patch Tuesday – 67 Vulnerabilities Fixed Including 2 Zero-Days
Summary : Microsoft’s June 2025 Patch Tuesday addresses a total of 67 vulnerabilities across its product ecosystem. Critical flaws in WebDAV, SMB, SharePoint and Remote Desktop Services highlight the urgency of installing this month’s updates.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-06-10 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
These include multiple high-risk flaws and two zero-day vulnerabilities one actively exploited and one publicly disclosed affecting core components like Windows WebDAV and the SMB Client.
- 67 Microsoft CVEs addressed
- 3 non-Microsoft CVEs addressed
Breakdown of May 2025 Vulnerabilities
- 25 Remote Code Execution (RCE)
- 17 Information Disclosure
- 14 Elevation of Privilege (EoP)
- 6 Denial of Service (DoS)
- 3 Security Feature Bypass
- 2 Spoofing
- 2 Chromium (Edge) Vulnerabilities
- 1 Windows Secure Boot
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| WebDAV Remote Code Execution (Exploited in the wild) | CVE-2025-33053 | Windows | High | 8.8 |
| SMB Client Elevation of Privilege (Publicly disclosed) | CVE-2025-33073 | Windows | High | 8.8 |
Technical Summary
Two zero-day vulnerabilities in Microsoft’s ecosystem were addressed in June 2025. One of these, CVE-2025-33053, has been exploited in the wild and affects the deprecated but still present WebDAV component in Windows. The other, CVE-2025-33073, was publicly disclosed and affects the Windows SMB client, enabling attackers to elevate privileges.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-33053 | Windows 10,11 and Windows Server | WebDAV RCE triggered when a user clicks a malicious link. Exploited by APT group “Stealth Falcon.” Exploitation complexity is low. | Remote Code Execution |
| CVE-2025-33073 | Windows 10,11 and Windows Server | EoP flaw in SMB Client. Exploitation may occur by connecting to a malicious SMB server. Privilege elevation to SYSTEM is possible. | Elevation of Privilege |
Source: Microsoft and NVD
In addition to the zero-day vulnerabilities, several other critical and high-severity issues were addressed:
- CVE-2025-47162, CVE-2025-47164, CVE-2025-47167: Microsoft Office, Preview Pane-based RCE vulnerabilities, exploitation more likely (CVSS 8.4)
- CVE-2025-47172: Microsoft SharePoint Server, SQL injection-based RCE (CVSS 8.8)
- CVE-2025-29828: Windows Cryptographic Services, memory release issue (CVSS 8.1)
- CVE-2025-32710: Windows Remote Desktop Services, use-after-free vulnerability (CVSS 8.1)
- CVE-2025-29976: Microsoft SharePoint, Local privilege escalation (CVSS 7.8)
- CVE-2025-30393: Microsoft Excel, RCE via malicious Excel file (CVSS 7.8)
- CVE-2025-24063: Windows Kernel, Local privilege escalation, marked “Exploitation More Likely” (CVSS 7.8)
- CVE-2025-32702: Visual Studio, Command injection RCE via malicious project file (CVSS 7.8)
- CVE-2025-26685: Microsoft Defender for Identity, Spoofing via NTLM fallback, exploitable in adjacent networks (CVSS 6.5)
Remediation:
- Apply Patches Promptly: Install the June 2025 security updates immediately to mitigate risks.
General Recommendations:
- Prioritize Zero-Days: Focus on patching the two confirmed zero-day vulnerabilities, especially those allowing Elevation of Privilege and remote code execution.
- Disable Deprecated Services: If not required, disable WebDAV (WebClient service) and SMBv1 to reduce exposure.
- Enforce SMB Signing: Use Group Policy to mandate SMB signing, reducing the risk from CVE-2025-33073.
- Monitor for Exploitation Attempts: Watch for suspicious SMB or WebDAV traffic in logs and endpoint detection systems.
- Enable Auto Updates Where Feasible: For individual endpoints and less tightly controlled systems, enable automatic updates to maintain regular patch schedule.
Conclusion:
Microsoft’s June 2025 Patch Tuesday addresses two important zero-day vulnerabilities, including an actively exploited RCE in WebDAV tracked as CVE-2025-33053.
Organizations should prioritize these patches to mitigate risk from real-world threats. The CVE-2025-33053 vulnerability has also been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, emphasizing its urgency.
References:
Cyber Security News at a Glance; May 2025
For the month of May 2025 here are the Top News including Security Advisory & Blogs
Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit
A high-severity vulnerability (CVE-2025-2082) in Tesla Model 3’s Vehicle Controller Security (VCSEC) module allows attackers within wireless range to remotely execute arbitrary code by exploiting a flaw in the Tire Pressure Monitoring System (TPMS)
The FBI issued an alert warning of ongoing exploitation of 13 EOL Linksys/Cisco routers by cybercriminal groups operating the 5Socks and Anyproxy services.
Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days
Microsoft addressed 83 vulnerabilities across its product suite. Among them are 5 zero-day vulnerabilities have been confirmed as actively exploited in the wild. The updates span Windows components, Office, Visual Studio, and other core services.
11 vulnerabilities were rated critical, emphasizing the importance of timely remediation especially for enterprise environments.
5 non-Microsoft CVEs included
78 Microsoft CVEs addressed
Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required
SAP has released critical security updates for its May 2025 patch, including fixes for two actively exploited zero-day vulnerabilities in SAP NetWeaver Visual Composer.
SAP Visual Composer is not installed by default, however it is enabled because it was a core component used by business process specialists to develop business application components without coding.
CISA is officially changing the way it disseminates online security updates and guidance.
CISA says the enhanced information dissemination system will from now on use social media and email only to disperse cybersecurity alerts and advisories, saving its landing page for more critical warnings on May 12.
Updates on May 13
Just a day after announcing it was changing the way it sent out alerts, CISA has changed its mind and reverted back to its old system of putting everything on its website.
“We recognize this has caused some confusion in the cyber community,” the site now reads. “As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”
Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk
A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching.
Microsoft Updates Patch Tuesday for Feb 2025; Address 67 Vulnerabilities, Includes 2 Exploited Zero-Days
Summary
Microsoft’s February 2025 Patch Tuesday addresses multiple security vulnerabilities, including four zero-days, with two actively exploited in the wild. This update covers a total of 67 security flaws, with three classified as critical Remote Code Execution (RCE) vulnerabilities.
Microsoft issued a revision for an older zero-day that threatens the latest Windows desktop and server versions.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-02-11 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
The affected products include Windows, Microsoft Office, Microsoft Surface, and various network services. Organizations are strongly advised to apply these patches immediately to mitigate security risks and potential cyberattacks.
- 63 Microsoft CVEs addressed
- 4 non-Microsoft CVEs included
The highlighted vulnerabilities include 4 zero-day flaws, 2 of which are currently being actively exploited.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | CVE-2025-21418 | Windows | High | 7.8 |
| Windows Storage Elevation of Privilege Vulnerability | CVE-2025-21391 | Windows | High | 7.1 |
| Microsoft Surface Security Feature Bypass Vulnerability | CVE-2025-21194 | Windows | High | 7.1 |
| NTLM Hash Disclosure Spoofing Vulnerability | CVE-2025-21377 | Windows | Medium | 6.5 |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21418 | Windows server and Windows 10 & 11 | Windows ancillary function driver for winsock elevation of privilege vulnerability enables attackers to escalate privileges to SYSTEM level. Specific exploitation details are not disclosed. | Unauthorized access with SYSTEM privileges. |
| CVE-2025-21391 | Windows server and Windows 10 & 11 | Windows storage elevation of privilege vulnerability allows attackers to delete targeted files on a system, potentially leading to service unavailability. Does not expose confidential data. | Deletion of critical data, leading to service disruption. |
| CVE-2025-21194 | Microsoft Surface | Microsoft surface security feature bypass vulnerability allows attackers to bypass UEFI protections, compromising the secure kernel. Likely related to “PixieFail” vulnerabilities affecting the IPv6 network stack in Tianocore’s EDK II firmware. | Bypass of security features, potentially compromising system integrity. |
| CVE-2025-21377 | Windows server and Windows 10 & 11 | NTLM hash disclosure spoofing vulnerability exposes NTLM hashes when a user interacts with a malicious file. Simply selecting or right-clicking a file could trigger a remote connection, allowing an attacker to capture NTLM hashes for cracking or pass-the-hash attacks. | Potential for attackers to authenticate as the user, leading to unauthorized access. |
Source: Microsoft
In addition to the actively exploited vulnerabilities, several other critical flaws were also addressed:
- CVE-2025-21376: A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability that could allow attackers to execute arbitrary code remotely.
- CVE-2025-21379: A DHCP Client Service RCE vulnerability that may enable remote attackers to execute code with elevated privileges.
- CVE-2025-21381: An RCE vulnerability in Microsoft Excel that could be triggered through malicious spreadsheet files.
Remediation:
- Apply Updates: Immediately install the February 2025 Patch Tuesday updates to address these vulnerabilities.
Conclusion:
The February 2025 Patch Tuesday release addresses critical security vulnerabilities, including actively exploited zero-days. Timely application of these updates is essential to protect systems from potential threats. Organizations should review the affected products and implement the necessary patches and mitigations to maintain security integrity.
The attack vector is local, meaning the attacker needs local access — physically or remotely, using SSH method without user interaction and if successful in exploiting, can give the attacker system privileges.
References:
Critical Security Updates: Microsoft Jan 2025 Patch Tuesday Fixes 8 Zero-Days & 159 Vulnerabilities
Summary
Microsoft has released its January 2025 Patch Tuesday updates, delivering critical fixes. Key products impacted include Windows Telephony Service, Windows Digital Media, and MSMQ, among others.
Key take away:
- Microsoft addressed 159 vulnerabilities across multiple products, including eight zero-day flaws, with three actively exploited in the January 2025 Patch Tuesday updates.
- Key vulnerabilities include privilege escalation flaws in Hyper-V and remote code execution bugs in Microsoft Excel.
- This marks highest number of fixes in a single month since at least 2017.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-01-14 |
| No. of Vulnerabilities Patched | 159 |
| Actively Exploited | yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Critical updates were issued for Windows Hyper-V, Windows Themes, Microsoft Access, and Windows App Package Installer. The vulnerabilities include elevation of privilege, remote code execution, and spoofing attacks, impacting various systems. The patch targets a range of critical issues across Microsoft products, categorized as follows:
- 58 Remote Code Execution (RCE) Vulnerabilities
- 40 Elevation of Privilege (EoP) Vulnerabilities
- 22 Information Disclosure Vulnerabilities
- 20 Denial of Service (DoS) Vulnerabilities
- 14 Security Feature Bypass
- 5 Spoofing Vulnerabilities
The highlighted vulnerabilities include 8 zero-day flaws, 3 of which are currently being actively exploited.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Elevation of privilege vulnerability | CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows | High | 7.8 |
| Elevation of Privilege Vulnerability | CVE-2025-21275 | Windows | High | 7.8 |
| Remote Code Execution Vulnerability | CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 | Windows | High | 7.8 |
| Spoofing Vulnerability | CVE-2025-21308 | Windows | Medium | 6.5 |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 | Windows Hyper-V NT Kernel | No information has been released on how elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel Integration VSP, which allow attackers to gain SYSTEM privileges, were exploited in attacks, as they were disclosed anonymously. | Allow attackers to gain SYSTEM privileges |
| CVE-2025-21275 | Windows App Package Installer | Elevation of privilege vulnerability in the Windows App Package Installer, potentially leading to SYSTEM privileges. | Attackers could gain SYSTEM privileges |
| CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 | Microsoft Access | Remote code execution vulnerabilities in Microsoft Access, exploitable via specially crafted Access documents. | Remote Code Execution |
| CVE-2025-21308 | Windows Themes | Spoofing vulnerability in Windows Themes; viewing a specially crafted theme file in Windows Explorer can lead to NTLM credential theft. | NTLM credential theft |
Source: Microsoft
Additional Critical Patches Address High-Severity Vulnerabilities
- Eight of this month’s patches address Virtual Secure Mode components, requiring administrators to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues. (CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370).
- Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311).
- Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298).
Remediation:
- Apply Updates: Immediately install the January 2025 Patch Tuesday updates to address these vulnerabilities.
- Disable NTLM: For CVE-2025-21308, consider disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy to mitigate the risk.
- Exercise Caution with Untrusted Files: Avoid opening or interacting with files from untrusted sources, especially those with extensions associated with Microsoft Access.
Conclusion:
The January 2025 Patch Tuesday release addresses critical vulnerabilities that could allow attackers to gain elevated privileges, execute arbitrary code, or steal credentials. Prompt application of these updates is essential to maintain system security. Additionally, implementing recommended mitigations, such as disabling NTLM, can provide further protection against potential exploits.
References:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
Recent Comments