Microsoft mounted 100+ safety flaws in Home windows and Workplace this month

Safety updates for Home windows

A lot of the vulnerabilities—67 this time—are unfold throughout the assorted Home windows variations for which Microsoft nonetheless affords safety updates, particularly Home windows 10, Home windows 11, and Home windows Server.

Customers on Home windows 7 and Home windows 8.1 haven’t been getting safety updates for fairly a while, so will stay weak. If that’s you and your system necessities enable it, it is best to improve to Home windows 11 24H2 to proceed receiving safety updates.

Important Home windows vulnerabilities

Microsoft has recognized CVE-2025-53766, a distant code execution (RCE) vulnerability within the Graphics System Interface API for graphical purposes, in addition to CVE-2025-50165, one other RCE vulnerability however within the Home windows Graphics Part, as vital. A go to to a specifically ready web site is enough to inject and execute arbitrary code with out consumer interplay. With the latter vulnerability, an attacker merely must craft a picture to be embedded in an online web page.

Microsoft has categorized three vulnerabilities in Hyper-V as vital. CVE-2025-48807 is an RCE vulnerability which, if exploited, makes it doable to execute code on the host from the visitor system. CVE-2025-53781 is an information leak that permits confidential data to be accessed. CVE-2025-49707 is a spoofing vulnerability that permits a digital machine to pretend a distinct id when speaking with exterior methods.

Microsoft has mounted 12 vulnerabilities within the Routing and Distant Entry Service (RRAS), half of that are RCE vulnerabilities, the opposite half are knowledge leaks. All are categorized as excessive danger.

The one beforehand publicized vulnerability on this Patch Tuesday is CVE-2025-53779 in Kerberos for Home windows Server 2025. Beneath sure situations, a profitable attacker can achieve administrator rights for domains. Microsoft classifies it as medium danger solely.