In its recent monthly security update, Microsoft tackled 63 vulnerabilities affecting core products and systems, including a zero-day vulnerability, CVE-2025-62215, with a CVSS rating of 7.0. This vulnerability involves a race condition which can enable attackers to gain system privileges, posing significant risks. Experts note that while exploitation is complex, the existence of a functional exploit in the wild raises concerns about potential targeted campaigns.
Another prominent vulnerability disclosed this month is CVE-2025-60724, rated 9.8 for remote code execution, although Microsoft considers it less likely to be exploited. Additionally, five defects were flagged as more exploitable, including vulnerabilities affecting the Windows Ancillary Function Driver for WinSock, which has historically presented many weaponization opportunities due to its integral role in the Windows ecosystem. This highlights the need for diligent security practices among users and organizations using Microsoft systems.
👉 Pročitaj original: CyberScoop
