On Tuesday, Microsoft took significant steps to bolster the security of its software by releasing patches for 63 newly identified vulnerabilities. Among these, one particular flaw has gained attention due to its active exploitation in the wild.
Of the total vulnerabilities addressed, four have been classified as Critical, while the remaining 59 are deemed Important. A closer look reveals that 29 of these vulnerabilities pertain to privilege escalation, 16 involve remote code execution, 11 relate to information disclosure, three are associated with denial-of-service (DoS), two allow for security feature bypass, and two are classified as spoofing bugs.
The zero-day vulnerability highlighted in this update is CVE-2025-62215, a privilege escalation flaw within the Windows Kernel, carrying a CVSS score of 7.0. This vulnerability was uncovered by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC).
According to Microsoft’s advisory, the flaw arises from “concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel,” which permits an authorized attacker to elevate their privileges locally. However, successful exploitation requires the attacker to have already established a foothold on the system to exploit the race condition effectively. Once achieved, this could allow the attacker to obtain SYSTEM privileges.
Ben McCarthy, lead cybersecurity engineer at Immersive, elaborated on the mechanics of the attack, stating, “An attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition.” The objective is to manipulate multiple threads interacting with a shared kernel resource in an unsynchronized manner, leading to a memory management confusion that could corrupt the kernel heap and allow the attacker to hijack the system’s execution flow.
While the specifics of how this vulnerability is being exploited remain unclear, it is believed to be part of a broader post-exploitation strategy to escalate privileges after initial access has been gained through methods such as social engineering or phishing. Satnam Narang, senior staff research engineer at Tenable, noted that when combined with other vulnerabilities, this kernel race condition could be critical, enabling a remote attack to escalate to a SYSTEM takeover.
In addition to the zero-day vulnerability, Microsoft also patched two heap-based buffer overflow flaws in its Graphics Component (CVE-2025-60724, CVSS score: 9.8) and the Windows Subsystem for Linux GUI (CVE-2025-62220, CVSS score: 8.8), both of which could lead to remote code execution. Another notable vulnerability is a high-severity privilege escalation flaw in Windows Kerberos (CVE-2025-60704, CVSS score: 7.5), which exploits a missing cryptographic step to gain administrator privileges, codenamed CheckSum by Silverfort.
Silverfort researchers Eliran Partush and Dor Segal described this vulnerability as a Kerberos constrained delegation flaw that enables an attacker to impersonate arbitrary users and potentially control an entire domain through an adversary-in-the-middle (AitM) attack. Microsoft cautioned that an attacker must inject themselves into the logical network path between the target and the resource requested by the victim to manipulate network communications.
Organizations utilizing Active Directory with Kerberos delegation enabled are particularly vulnerable, as successful exploitation could allow attackers to escalate privileges and move laterally within the network, impersonating any user and gaining unrestricted access.
Software Patches from Other Vendors
Microsoft’s updates are part of a broader trend, as several other vendors have also released security updates in recent weeks to address various vulnerabilities. Notable contributors to this wave of patches include:
- Adobe
- Amazon Web Services
- AMD
- Apple
- ASUS
- Atlassian
- AutomationDirect
- Bitdefender
- Broadcom (including VMware)
- Cisco
- Citrix
- ConnectWise
- D-Link
- Dell
- Devolutions
- Drupal
- Elastic
- F5
- Fortinet
- GitLab
- Google Android
- Google Chrome
- Google Cloud
- Grafana
- Hitachi Energy
- HP
- HP Enterprise (including Aruba Networking and Juniper Networks)
- IBM
- Intel
- Ivanti
- Jenkins
- Lenovo
- Linux distributions (AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu)
- MediaTek
- Mitsubishi Electric
- MongoDB
- Moxa
- Mozilla Firefox and Firefox ESR
- NVIDIA
- Oracle
- Palo Alto Networks
- QNAP
- Qualcomm
- Rockwell Automation
- Ruckus Wireless
- Samba
- Samsung
- SAP
- Schneider Electric
- Siemens
- SolarWinds
- SonicWall
- Splunk
- Spring Framework
- Supermicro
- Synology
- TP-Link
- WatchGuard
- Zoom
