Patchday: Attackers attack Windows via five vulnerabilities

Attackers are currently targeting various versions of Windows and Windows Server and are exploiting five security vulnerabilities. These include Windows 11 and Windows Server 2022. In the worst-case scenario, malicious code can get onto computers and compromise systems. Two further vulnerabilities are known and attacks may be imminent.

The ghost of Internet Explorer still haunts

The five already exploited vulnerabilities(CVE-2025-30400, CVE-2025-30397, CVE-2025-32709, CVE-2025-32701, CVE-2025-32706) affect various Windows components. They are all classified with the threat level “high”.

In the attacks, remote attackers trick victims into clicking on a prepared link. Edge is then switched to Internet Explorer mode, in which it is vulnerable. Support for Internet Explorer expired in June 2022 and the web browser will no longer receive security updates. Attackers can also gain system rights via a vulnerability in the common log file system driver.

Further threats

Vulnerabilities in Microsoft Defender(CVE-2025-26685, “medium”) and Visual Studio(CVE-2025-32702, “high”) are publicly known. Microsoft estimates that attacks may be imminent. Here, too, attackers can deliver malicious code to systems, among other things.

Azure is vulnerable via two “critical” vulnerabilities(CVE-2025-29827, CVE-2025-29972), among others. Attackers can gain higher user rights here. The majority of the remaining vulnerabilities have a “high” threat level. Among other things, malicious code attacks on Excel are possible at these points.

Microsoft lists further information on all gaps closed on this patchday in its Security Update Guide.

(des)