CyberScoop reports that updates have been issued by Microsoft to resolve 111 security flaws across its different offerings as part of this month's Patch Tuesday.
Most severe of the addressed vulnerabilities is the maximum-severity Azure OpenAI issue, tracked as CVE-2025-53767. Immediate patching is also crucial for the critical remote code execution bugs in Windows GDI+ and Microsoft Graphics Component, tracked as CVE-2025-53766 and CVE-2025-50165, respectively, with the latter noted by Immersive Labs lead cybersecurity engineer Ben McCarthy to be a particularly attractive target for threat actors. While none of the fixed security defects have been exploited so far, Microsoft has designated the Windows Kerberos privilege escalation bug, tracked as CVE-2025-53779, as a zero-day due to the presence of exploit code. "While Microsoft rates this flaw as exploitation less likely with moderate severity, the combination of a path traversal issue in a core authentication component like Kerberos and its potential high impact is concerning," said Action1 co-founder and President Mike Walters. Microsoft has also continued to urge organizations to remediate the Microsoft Exchange Server flaw, tracked as CVE-2025-53786, which was the subject of a Cybersecurity and Infrastructure Security Agency alert last week.
Most severe of the addressed vulnerabilities is the maximum-severity Azure OpenAI issue, tracked as CVE-2025-53767. Immediate patching is also crucial for the critical remote code execution bugs in Windows GDI+ and Microsoft Graphics Component, tracked as CVE-2025-53766 and CVE-2025-50165, respectively, with the latter noted by Immersive Labs lead cybersecurity engineer Ben McCarthy to be a particularly attractive target for threat actors. While none of the fixed security defects have been exploited so far, Microsoft has designated the Windows Kerberos privilege escalation bug, tracked as CVE-2025-53779, as a zero-day due to the presence of exploit code. "While Microsoft rates this flaw as exploitation less likely with moderate severity, the combination of a path traversal issue in a core authentication component like Kerberos and its potential high impact is concerning," said Action1 co-founder and President Mike Walters. Microsoft has also continued to urge organizations to remediate the Microsoft Exchange Server flaw, tracked as CVE-2025-53786, which was the subject of a Cybersecurity and Infrastructure Security Agency alert last week.
