Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.
Notable Vulnerabilities:
CVE-2025-33053: WebDAV remote code execution vulnerability. This vulnerability has already been exploited. Microsoft rates it as important. This affects the client part of WebDAV, not the server part. User interaction is required. If an attacker can control the file name and path, they can trick the victim into executing code over the network. This is another issue related to the still supported remnants of Internet Explorer, like the Scripting Engine and MSHTML. You must apply the IE Cumulative Update to patch, even if you no longer use IE.
CVE-2025-33073: A Windows SMB client elevation of Privilege Vulnerability. This vulnerability has already been disclosed but Microsoft has not yet observed it being exploited. An attacker exploiting this vulnerability will gain SYSTEM privileges. But Microsoft considers successful exploitation less likely. An attacker would need the victim to connect to a malicious SMB server.
CVE-2025-32710: An unauthenticated remote code execution vulnerability in the remote desktop service. But it requires the exploitation of a race condition. Microsoft believes it is less likely that an exploit will become available.
CVE-2025-29828: Microsoft states that this vulnerability is due to a “missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network”. This vulnerability worries me a bit if this could be used to exploit various TLS services. However, not enough is known to gauge the exploitability. Microsoft considers the attack as “highly complex” and exploitation as less likely.
Microsoft Office Remote Code Execution Vulnerability: Four of the critical vulnerabilities apply to Microsoft Office. These are rated critical as they may be exploited via the preview pane, without actually opening the malicious document.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2025-30399 | No | No | – | – | Important | 7.5 | 6.5 |
| Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass | |||||||
| CVE-2025-3052 | No | No | – | – | Important | 6.7 | 5.8 |
| DHCP Server Service Denial of Service Vulnerability | |||||||
| CVE-2025-32725 | No | No | – | – | Important | 7.5 | 6.5 |
| CVE-2025-33050 | No | No | – | – | Important | 7.5 | 6.5 |
| Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | |||||||
| CVE-2025-32724 | No | No | – | – | Important | 7.5 | 6.5 |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47968 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-47165 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-47174 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-47162 | No | No | – | – | Critical | 8.4 | 7.3 |
| CVE-2025-47953 | No | No | – | – | Critical | 8.4 | 7.3 |
| CVE-2025-47164 | No | No | – | – | Critical | 8.4 | 7.3 |
| CVE-2025-47167 | No | No | – | – | Critical | 8.4 | 7.3 |
| CVE-2025-47173 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2025-47171 | No | No | – | – | Important | 6.7 | 5.8 |
| CVE-2025-47176 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-47175 | No | No | – | – | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2025-47163 | No | No | – | – | Important | 8.8 | 7.7 |
| CVE-2025-47166 | No | No | – | – | Important | 8.8 | 7.7 |
| CVE-2025-47172 | No | No | – | – | Critical | 8.8 | 7.7 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2025-47957 | No | No | – | – | Important | 8.4 | 7.3 |
| CVE-2025-47168 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-47169 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-47170 | No | No | – | – | Important | 7.8 | 6.8 |
| Nuance Digital Engagement Platform Spoofing Vulnerability | |||||||
| CVE-2025-47977 | No | No | – | – | Important | 7.6 | 6.6 |
| Power Automate Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47966 | No | No | – | – | Critical | 9.8 | 8.5 |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2025-32715 | No | No | – | – | Important | 6.5 | 5.7 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2025-47959 | No | No | – | – | Important | 7.1 | 6.2 |
| Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability | |||||||
| CVE-2025-33053 | No | Yes | – | – | Important | 8.8 | 8.2 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32712 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows App Control for Business Security Feature Bypass Vulnerability | |||||||
| CVE-2025-33069 | No | No | – | – | Important | 5.1 | 4.5 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32713 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows DWM Core Library Information Disclosure Vulnerability | |||||||
| CVE-2025-33052 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32714 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-33075 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | |||||||
| CVE-2025-33071 | No | No | – | – | Critical | 8.1 | 7.1 |
| Windows Local Security Authority (LSA) Denial of Service Vulnerability | |||||||
| CVE-2025-33056 | No | No | – | – | Important | 7.5 | 6.5 |
| CVE-2025-33057 | No | No | – | – | Important | 6.5 | 5.7 |
| Windows Media Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32716 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Netlogon Elevation of Privilege Vulnerability | |||||||
| CVE-2025-33070 | No | No | – | – | Critical | 8.1 | 7.1 |
| Windows Recovery Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32721 | No | No | – | – | Important | 7.3 | 6.4 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47955 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||||
| CVE-2025-32710 | No | No | – | – | Critical | 8.1 | 7.1 |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||||
| CVE-2025-33064 | No | No | – | – | Important | 8.8 | 7.7 |
| CVE-2025-33066 | No | No | – | – | Important | 8.8 | 7.7 |
| Windows SDK Elevation of Privilege Vulnerability | |||||||
| CVE-2025-47962 | No | No | – | – | Important | 7.8 | 6.8 |
| Windows SMB Client Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32718 | No | No | – | – | Important | 7.8 | 6.8 |
| CVE-2025-33073 | Yes | No | – | – | Important | 8.8 | 7.9 |
| Windows Schannel Remote Code Execution Vulnerability | |||||||
| CVE-2025-29828 | No | No | – | – | Critical | 8.1 | 7.1 |
| Windows Security App Spoofing Vulnerability | |||||||
| CVE-2025-47956 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Shortcut Files Security Feature Bypass Vulnerability | |||||||
| CVE-2025-47160 | No | No | – | – | Important | 5.4 | 4.7 |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | |||||||
| CVE-2025-33068 | No | No | – | – | Important | 7.5 | 6.5 |
| Windows Storage Management Provider Information Disclosure Vulnerability | |||||||
| CVE-2025-32719 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-32720 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33058 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33059 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33060 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33061 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33062 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33063 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33065 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-24068 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-24069 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-24065 | No | No | – | – | Important | 5.5 | 4.8 |
| CVE-2025-33055 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Storage Port Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-32722 | No | No | – | – | Important | 5.5 | 4.8 |
| Windows Task Scheduler Elevation of Privilege Vulnerability | |||||||
| CVE-2025-33067 | No | No | – | – | Important | 8.4 | 7.3 |
| Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | |||||||
| CVE-2025-47969 | No | No | – | – | Important | 4.4 | 3.9 |
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
