Summary
Microsoft has released monthly security updates that address a total of 159 new vulnerabilities, including 8 0-day vulnerabilities.
Note: A Proof of Concept (PoC) for the exploitation of CVE-2025-21298 is reportedly available online.
Note: CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 are reportedly being actively exploited online.
Note: Proof of Concept (PoC) for the exploitation of CVE-2025-21186, CVE-2025-21275, CVE-2025-21308, CVE-2025-21366, CVE-2025-21395 is reportedly available online.
Risk
Estimate of impact of vulnerability on the reference community: Critical (79.23)
Typology
- Remote Code Execution
- Security Feature Bypass
- Spoofing
- Elevation of Privilege
- Denial of Service
- Information Disclosure
Description and potential impacts
In detail, the vulnerabilities actively exploited online and/or for which a “proof of concept” is also available online, concern:
- Microsoft Access: identified through CVE-2025-21366, CVE-2025-21395 and CVE-2025-21186, of the “Arbitrary Code Execution” type and with a CVSS v3 score of 7.8. These vulnerabilities could be exploited through the distribution of appropriately crafted documents in order to execute arbitrary code on the target devices.
- Windows Hyper-V: identified through CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335, of the “Elevation of Privilege” type and with a CVSS v3 score of 7.8. These vulnerabilities reside in the Windows Hyper-V NT Kernel Integration Service (VSP) and could allow SYSTEM privileges to be obtained on affected devices through unauthorized access to deallocated memory portions – use-after-free.
- Windows App Package Installer: identified by CVE-2025-21275, of the “Elevation of Privilege” type and with a CVSS v3 score of 7.8. This vulnerability, if exploited, could allow SYSTEM privileges to be obtained on affected devices.
- Windows Themes: identified by CVE-2025-21308, of the “Spoofing” type and with a CVSS v3 score of 6.5. This vulnerability could allow a malicious user to distribute appropriately crafted documents via email and/or instant messaging, encouraging the victim to manipulate them.
- NB: systems with the NTLM protocol disabled are not vulnerable.
Affected products and versions:
- .NET, .NET Framework
- Active Directory Domain Services
- Active Directory Federation Services
- BranchCache
- IP Helper
- Hyper-V
- Line Printer Daemon Service (LPD)
- MapUrlToZone
- Microsoft Azure Gateway Manager
- Microsoft Brokering File System
- Microsoft Digest Authentication
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office Access
- Microsoft Office Excel
- Microsoft Office OneNote
- Microsoft Office Outlook
- Microsoft Office Outlook for Mac
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft Office Word
- Microsoft Teams
- Microsoft Windows Search Component
- Power Automate
- Reliable Multicast Transport Driver (RMCAST)
- Visual Studio
- Windows BitLocker
- Windows Boot Loader
- Windows Boot Manager
- Windows Client-Side Caching (CSC) Service
- Windows Cloud Files Mini Filter Driver
- Windows COM
- Windows Connected Devices Platform Service
- Windows Cryptographic Services
- Windows Digital Media
- Windows Direct Show
- Windows DWM Core Library
- Windows Event Tracing
- Windows Geolocation Service
- Windows Hello
- Windows Installer
- Windows Kerberos
- Windows Kernel Memory
- Windows Mark of the Web (MOTW)
- Windows Message Queuing
- Windows OLE
- Windows PrintWorkflowUserSvc
- Windows Recovery Environment Agent
- Windows Remote Desktop Services
- Windows Secure Boot
- Windows Smart Card
- Windows SmartScreen
- Windows SPNEGO Extended Negotiation
- Windows Telephony Service
- Windows Themes
- Windows UPnP Device Host
- Windows Virtual Trusted Platform Module
- Windows Virtualization-Based Security (VBS) Enclave
- Windows Web Threat Defense User Service
- Windows Win32K – GRFX
- Windows WLAN Auto Config Service
Mitigation Actions
In line with vendor statements, it is recommended to update impacted products through the appropriate Windows Update function.
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
