Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild.

Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three denial-of-service (DoS), two security feature bypass, and two spoofing bugs.

The patches are in addition to the 27 vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of October 2025’s Patch Tuesday update.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The zero-day vulnerability that has been listed as exploited in Tuesday’s update is CVE-2025-62215 (CVSS score: 7.0), a privilege escalation flaw in Windows Kernel. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the issue.

“Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Kernel allows an authorized attacker to elevate privileges locally,” the company said in an advisory.

That said, successful exploitation hinges on an attacker who has already gained a foothold on a system to win a race condition. Once this criterion is satisfied, it could permit the attacker to obtain SYSTEM privileges.

“An attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition,” Ben McCarthy, lead cybersecurity engineer at Immersive, said.

“The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronized way, confusing the kernel’s memory management and causing it to free the same memory block twice. This successful ‘double free’ corrupts the kernel heap, allowing the attacker to overwrite memory and hijack the system’s execution flow.”

It’s currently not known how this vulnerability is being exploited and by whom, but it’s assessed to be used as part of a post-exploitation activity to escalate their privileges after obtaining initial access through some other means, such as social engineering, phishing, or exploitation of another vulnerability, Satnam Narang, senior staff research engineer at Tenable, said.

“When chained with other bugs this kernel race is critical: an RCE or sandbox escape can supply the local code execution needed to turn a remote attack into a SYSTEM takeover, and an initial low‑privilege foothold can be escalated to dump credentials and move laterally,” Mike Walters, president and co-founder of Action1, said in a statement.

Also patched as part of the updates is a critical heap-based buffer overflow flaw in Microsoft’s Graphics Component (CVE-2025-60724, CVSS score: 9.8) that could result in remote code execution.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors over the past several weeks to rectify several vulnerabilities, including —

• Adobe
• Amazon Web Services
• AMD
• Apple
• ASUS
• Atlassian
• AutomationDirect
• Bitdefender
• Broadcom (including VMware)
• Cisco
• Citrix
• ConnectWise
• D-Link
• Dell
• Devolutions
• Drupal
• Elastic
• F5
• Fortinet
• GitLab
• Google Android
• Google Chrome
• Google Cloud
• Grafana
• Hitachi Energy
• HP
• HP Enterprise (including Aruba Networking and Juniper Networks)
• IBM
• Intel
• Ivanti
• Jenkins
• Lenovo
• Linux distributions AlmaLinux, Alpine Linux, Amazon Linux, Arch Linux, Debian, Gentoo, Oracle Linux, Mageia, Red Hat, Rocky Linux, SUSE, and Ubuntu
• MediaTek
• Mitsubishi Electric
• MongoDB
• Moxa
• Mozilla Firefox and Firefox ESR
• NVIDIA
• Oracle
• Palo Alto Networks
• QNAP
• Qualcomm
• Rockwell Automation
• Ruckus Wireless
• Samba
• Samsung
• SAP
• Schneider Electric
• Siemens
• SolarWinds
• SonicWall
• Splunk
• Spring Framework
• Supermicro
• Synology
• TP-Link
• WatchGuard, and
• Zoom

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.