In its latest Patch Tuesday update, Microsoft has addressed a total of 63 vulnerabilities, with a significant focus on high-severity flaws. Over two-thirds of these patches are aimed at rectifying issues that could pose serious risks to various Microsoft systems, including the Windows Telephony Service and Microsoft Dynamics 365 Sales.
Critical Vulnerabilities and Their Implications
Among the vulnerabilities patched, two are classified as zero-days, meaning they are actively being exploited in the wild. The first, tracked as CVE-2025-21391, is a privilege escalation flaw within the Windows Storage system. This vulnerability, which has a CVSS score of 7.1, allows attackers to delete targeted files, potentially crippling the affected services. While Microsoft has indicated that this flaw does not compromise confidential data, the ability to delete files could render essential services inoperable.
Mike Walters, president and co-founder of Action1, highlighted the risks for large organizations that rely heavily on Windows systems. He noted that the widespread use of Windows Storage features increases the vulnerability landscape, suggesting that millions of organizations could be affected depending on their Windows version adoption and existing security measures.
The second zero-day vulnerability, CVE-2025-21418, affects the Windows Ancillary Function Driver for WinSock and carries a higher CVSS score of 7.8. This heap-based overflow vulnerability enables attackers to gain system privileges with relative ease, making it a priority for organizations to patch. Adam Barnett, lead software engineer at Rapid7, emphasized the long-standing use of this driver for foundational networking, underscoring the urgency of addressing this vulnerability.
Additional Vulnerabilities and Exploitation Risks
Microsoft has flagged nine vulnerabilities in this update as “more likely” to be exploited, most of which also carry high-severity ratings. Notable among these is CVE-2025-21400, a remote-code execution flaw in Microsoft SharePoint Server, alongside two privilege escalation vulnerabilities in Windows CoreMessaging, CVE-2025-21184 and CVE-2025-21358.
Security analyst Jackson Rolf from Censys provided context, noting that these vulnerabilities typically require low or no privileges to exploit, with some even having public exploit code available. Six of the vulnerabilities addressed are remote-code execution flaws affecting the Windows Telephony Service, characterized by low attack complexity and no privilege requirements.
The sole critical-severity vulnerability, CVE-2025-21198, pertains to a remote-code execution flaw impacting the Linux agent in Microsoft High Performance Compute clusters. This flaw necessitates that an attacker has access to the network connected to the targeted cluster, highlighting the need for robust network security measures.
For a comprehensive overview of the vulnerabilities addressed in this month’s update, Microsoft has made the full list available through its Security Response Center.
