🔥 Trending:
Tech, Culture & Entertainment Redefined! Tech, Culture & Entertainment Redefined!
Apps & Updates

Windows Users Alert: Microsoft Fixes 63 Security Bugs, Including Active Threats

4 months Ago1 Mins read21
microsoft

Microsoft has rolled out its latest Patch Tuesday update, addressing 63 security vulnerabilities across its software ecosystem.

This includes three critical flaws, 57 important ones, and two actively exploited vulnerabilities that have already been used in cyberattacks.

Two Actively Exploited Vulnerabilities

The most concerning flaws in this update are:

  • CVE-2025-21391 (CVSS 7.1) – Windows Storage Elevation of Privilege Vulnerability
    • Allows attackers to delete targeted files, which could disrupt system services.
    • Could be combined with other exploits to escalate privileges and cover up attacks.
  • CVE-2025-21418 (CVSS 7.8) – Windows Ancillary Function Driver (AFD.sys) Privilege Escalation
    • Exploited to gain SYSTEM privileges, giving attackers complete control over affected machines.
    • Similar to a previous Lazarus Group attack using a vulnerability in the same Windows component.

These flaws are severe enough that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added them to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply patches by March 4, 2025.

Most Severe Vulnerability – CVE-2025-21198 (CVSS 9.0)

This remote code execution (RCE) vulnerability affects Microsoft’s High Performance Compute (HPC) Pack.

Attackers can exploit it by sending a specially crafted HTTPS request, potentially compromising entire clusters of connected systems.

Another RCE flaw (CVE-2025-21376, CVSS 8.1) in Windows LDAP could allow attackers to execute arbitrary code, posing a major risk to enterprise networks that rely on Active Directory.

Other Key Fixes and Third-Party Patches

  • NTLMv2 hash disclosure vulnerability (CVE-2025-21377, CVSS 6.5) – Attackers could authenticate as a targeted user.
  • Security patches from other vendors include Adobe, AMD, Apple, Cisco, Google, Intel, NVIDIA, Samsung, and more.

Final Thoughts

This Patch Tuesday update is one of the most important in recent months, addressing actively exploited Windows vulnerabilities that could be used for privilege escalation, remote code execution, and system compromise.

Windows users and IT administrators should prioritize these updates immediately to secure their systems.

Explore More:
  1. Microsoft Edge Users Warned: Update Now to Avoid Costly Scams
  2. Notepad and Paint Lose Free Features – Microsoft 365 Now Required
  3. Free Windows 11 Upgrade: 240 Million Users Are Left Behind – What Are Their Options?
Written by
Sazid Kabir

I've loved music and writing all my life. That's why I started this blog. In my spare time, I make music and run this blog for fellow music fans.

Recent Posts

Pusha T Kendrick Lamar Drake
Hip-Hop / RapMusic News

Def Jam Cuts Clipse After Kendrick Lamar Collab Raises Drake Concerns

7 hours Ago
Google Pixel 10 Leaks
Smartphones

Google to Release Pixel 10 Phones in Mid-August with Minor Upgrades

14 hours Ago
Yurong Luanna Jiang gave her speech on 29 May
Social Media

Chinese Student’s Harvard Commencement Speech Sparks Debate

14 hours Ago

Related Articles

Xiaomi HyperOS 2.3
Apps & Updates

Xiaomi Announces HyperOS 2.3 Update with Android 16 Base and Stronger Security

Xiaomi is preparing to release its major software update, HyperOS 2.3, built...

14 hours Ago
Apple Shortcuts
Apps & Updates

Apple Shortcuts App to Get AI-Powered Overhaul — But It Might Not Arrive Until 2026

Apple is preparing to bring AI-powered upgrades to its native Shortcuts app,...

22 hours Ago
macOS
Apps & Updates

macOS 26 to Be Named ‘macOS Tahoe’, Featuring First Major Redesign Since Big Sur

Apple is gearing up to unveil macOS 26, and according to a...

22 hours Ago
Android
Apps & Updates

Not All Android Updates Are Good — Here’s What Can Go Wrong

Android updates promise new features, better design, and tighter security — but...

2 days Ago