Microsoft Patch Tuesday follows SharePoint assaults, Exchange server warnings

Microsoft’s month-to-month batch of patches features a vulnerability affecting on-premises Microsoft Exchange servers that the corporate and federal authorities warned about in a collection of alerts final week. In its latest security update Tuesday, Microsoft maintained the flaw hasn’t been exploited within the wild and designated the exploitability of the defect — CVE-2025-53786 — as “more likely.”

Organizations haven’t utilized the beforehand issued patch for the high-severity vulnerability en masse, regardless of the intense alarm raised by officers. More than 28,000 accessible Microsoft Exchange servers remained unpatched as of Monday, in response to Shadowserver scans. 

The Cybersecurity and Infrastructure Security Agency’s deadline for all federal agencies to update eligible servers with a beforehand issued hotfix and disconnect outdated Exchange servers handed on Monday. 

Microsoft addressed 111 vulnerabilities affecting its numerous enterprise merchandise, cloud companies and foundational Windows techniques on this month’s safety replace. The set of disclosures consists of 4 extra defects affecting Microsoft Exchange Server.

The safety replace additionally comes on the heels of an assault spree concentrating on zero-day vulnerabilities in on-premises Microsoft SharePoint servers. More than 400 organizations have been actively compromised by these assaults, together with the Departments of Energy, Homeland Security and Health and Human Services. 

Those zero-days —  CVE-2025-53770 and CVE-2025-53771 — are variants of beforehand disclosed vulnerabilities — CVE-2025-49706 and CVE-2025-49704 — that Microsoft addressed in its safety replace final month.

Microsoft stated not one of the vulnerabilities on this month’s replace are actively exploited. Yet, researchers described CVE-2025-53779, an elevation of privilege vulnerability affecting Windows Kerberos, as a zero-day as a result of useful exploit code exists.

“While Microsoft rates this flaw as ‘exploitation less likely’ with ‘moderate’ severity, the combination of a path traversal issue in a core authentication component like Kerberos and its potential high impact is concerning,” Mike Walters, president and co-founder of Action1, stated in an electronic mail. “The need for high privileges may create a false sense of security, as accounts with these rights are common in decentralized IT environments. Once compromised, they can quickly lead to full domain takeover.”

The most important vulnerability — CVE-2025-53767 — is a maximum-severity defect affecting Azure OpenAI, a cloud-based platform that gives entry to OpenAI’s massive language fashions. Additionally, a pair of vital, remote-code execution vulnerabilities with CVSS scores of 9.8 — CVE-2025-53766 and CVE-2025-50165 — have an effect on Windows GDI+ and the Microsoft Graphics Component, respectively. 

The vulnerability in Microsoft Graphics Component may appeal to menace teams as a result of its excessive score and ubiquitous use throughout environments. “The attack vector is incredibly broad, as the vulnerability is triggered when the operating system processes a specially crafted JPEG image,” Ben McCarthy, lead cybersecurity engineer at Immersive Labs, stated in an electronic mail. 

“This means any application that renders images — from email clients generating previews and instant messaging apps displaying photos, to office documents with embedded pictures — can become an in for the attack,” McCarthy added.

The remaining vital vulnerabilities on this month’s safety replace embrace CVE-2025-53792, which impacts Azure Portal, and CVE-2025-50171, which impacts Remote Desktop Server.

Nearly 2 in 5 CVEs Microsoft patched this month are elevation of privilege vulnerabilities, reflecting an “upward trend in post-compromise vulnerabilities over code execution bugs,” Satnam Narang, senior workers analysis engineer at Tenable, stated in an electronic mail. 

Microsoft’s month-to-month safety repair consists of 17 vulnerabilities that have an effect on Microsoft Office and standalone Office merchandise. The full listing of vulnerabilities addressed this month is on the market in Microsoft’s Security Response Center.