Microsoft just issued 57 fixes in its third Patch Tuesday update of 2025, and that number jumps to nearly 70 when you factor in third-party vulnerabilities. Among these are six zero-day vulnerabilities and six critical flaws that need immediate attention.
The zero-days include a security feature bypass in the Microsoft Management Console, two remote code execution (RCE) issues in the Windows Fast FAT File System Driver and Windows NTFS, two information disclosure vulnerabilities also in NTFS, and a privilege escalation flaw in the Windows Win32 Kernel Subsystem. Microsoft has identified all as being actively exploited, though details remain under wraps. The severity of these vulnerabilities ranges, with CVSS scores falling between 4.6 and 7.8. There’s also an RCE issue in Windows Access that’s publicly known but isn’t actively exploited at the moment.
As for the critical vulnerabilities, with CVSS scores from 7.8 to 8.8, they all relate to RCE flaws. Two hit Windows Remote Desktop Services, while the others affect Microsoft Office, Windows Domain Name Service, Remote Desktop Client, and Windows Subsystem for Linux Kernel. Tyler Reguly, from Fortra, pointed out that all six vulnerabilities are fixed with the monthly cumulative update, meaning you only need to roll out one update. Fortunately, you won’t need any extra configuration steps for most of these patches. The exceptions are two vulnerabilities that require updates specifically for Office, particularly for those using Office 2016.
Reguly emphasized that while this simplifies patching, the vulnerabilities are significant. “Microsoft Patches Six 0-Day Vulnerabilities,” he noted, will likely raise questions from admins regarding their patching state.
Diving a bit deeper, Kev Breen from Immersive highlighted the NTFS and FAT RCE flaws as high-priority items. These vulnerabilities are part of a chain linked to two NTFS information disclosure issues. If an attacker gets a user to open or mount a Virtual Hard Disk (VHD) file, they could leverage this flaw. VHD files, while often associated with virtual machines, have been misused to deliver malware. Breen cautioned that simply double-clicking a VHD could execute malicious code. He recommended organizations scrutinize their security measures for any incoming VHD files.
On another front, Action1’s CEO Alex Vovk discussed the implications of the Windows Win32 Kernel EoP flaw. This flaw offers a pathway from low privileges straight to SYSTEM access, making it an appealing target for attackers who gain initial access through phishing, malware, or insider threats. Although it’s categorized as high complexity, determined attackers, including state-sponsored groups, have been successful in exploiting such vulnerabilities. Vovk noted that kernel-level privilege escalation vulnerabilities provide key entry points into networks, opening doors for deeper infiltration and prolonged access. Organizations that rely heavily on Windows, including government and critical infrastructure entities, face significant risks.