Microsoft has released security updates to address 126 vulnerabilities across its software products. Of these, 11 are rated as critical, 112 as important, and two as low severity. The vulnerabilities include 49 classified as privilege escalations, 34 as remote code execution, and others related to information disclosure and denial of service. A significant flaw, CVE-2025-29824, poses risks due to its exploitation in the wild, particularly among ransomware operators, but no patches have yet been issued for Windows 10 systems.
Furthermore, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its known Exploited Vulnerability catalog, mandating federal agencies to apply fixes by April 29, 2025. Other notable vulnerabilities addressed include issues in Windows Remote Desktop Services, Windows Kerberos, and various Microsoft Office vulnerabilities, some of which still lack patches for Windows 10. Microsoft has stated that updates will be released as soon as they are available. Other software vendors have also issued security updates in recent weeks.
Source link
