Microsoft Patch Tuesday addresses 63 defects, together with one actively exploited zero-day

Microsoft addressed 63 vulnerabilities affecting its underlying methods and core merchandise, together with one actively exploited zero-day, the corporate stated in its latest monthly security update. 

The zero-day vulnerability — CVE-2025-62215 — impacts the Windows Kernel and has a CVSS score of seven.0 resulting from a excessive assault complexity, based on Microsoft. Exploitation, which might permit an attacker to achieve system privileges, requires an attacker to win a race situation, the corporate stated. Microsoft didn’t present any additional particulars in regards to the scope of exploitation. 

The race situation is notable as a result of it signifies some race situations are extra dependable than others, Dustin Childs, head of risk consciousness at Trend Micro’s Zero Day Initiative, stated in a blog post. Race situations in vulnerabilities, which contain a number of simultaneous processes designed to set off errors, usually impede exploitation.

“Bugs like these are often paired with a code execution bug by malware to completely take over a system,” Childs added.

Mike Walters, president and co-founder at Action1, stated a practical exploit for CVE-2025-62215 exists, however no public proof-of-concept has been launched. “Exploitation is complex, but a functional exploit seen in the wild raises urgency, since skilled actors can reliably weaponize this in targeted campaigns,” he stated in an e mail.

An attacker with low-privilege native entry can set off the race situation by operating a specifically crafted utility, based on Ben McCarthy, lead cyber safety engineer at Immersive. “The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronized way, confusing the kernel’s memory management and causing it to free the same memory block twice,” he stated in an e mail.

The most extreme defect disclosed this month — CVE-2025-60724 — is a remote-code execution vulnerability affecting Microsoft Graphics Component with a CVSS score of 9.8, however Microsoft designated the flaw as much less prone to be exploited. 

Microsoft flagged 5 defects as extra prone to be exploited this month, together with three vulnerabilities — CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 — affecting Windows Ancillary Function Driver for WinSock with CVSS scores of seven.0. 

The kernel-mode driver is prime to Windows, making defects within the part inherently high-risk, based on McCarthy. 

“Due to it being so intertwined with network-related functionality of Windows, it has the potential to be a way in for many applications in the Windows ecosystem. There have been many vulnerabilities in the past that have been weaponized in this kernel-mode driver,” he added.

The full checklist of vulnerabilities addressed this month is obtainable in Microsoft’s Security Response Center.