Overview
- Microsoft reports fixing 63 vulnerabilities across Windows and related products, while some vendors count 68 when including Edge, with four to five rated critical depending on methodology.
- CVE-2025-62215 is a Windows Kernel elevation-of-privilege race condition confirmed exploited in the wild, requiring local low-privilege access and precise timing; a functional exploit has been observed but no public proof-of-concept is available.
- CVE-2025-60724 in GDI+ carries a CVSS 9.8 and can enable unauthenticated remote code execution via specially crafted metafiles, potentially on server-side document parsing without user interaction.
- Additional high-priority fixes include an Office use-after-free remote code execution (CVE-2025-62199), a DirectX kernel EoP that also involves a race condition (CVE-2025-60716), a Visual Studio AI command injection RCE (CVE-2025-62214), and several WinSock driver EoPs flagged as more likely to be exploited.
- Cisco Talos released Snort detections for exploitation attempts (rules 65496–65501, 65507–65510; Snort 3: 301343–301345, 301347, 301348), and Microsoft issued out-of-band update KB5071959 to fix Windows 10 Consumer ESU enrollment failures.