heise PlusAbo
Anzeige

Microsoft Patchday: Attacks on Windows Kernel Observed

Microsoft developers have closed security vulnerabilities in Azure, Office, and Windows, among others. Attacks are already occurring.

listen Print view
Windows logo with a crack, through which matrix code is visible

(Image: heise online)

2 min. read
Security
By
Contents

Currently, attackers are targeting various Windows and Windows Server versions and attacking systems. Security patches are available for download via Windows Update.

Patch Now!

The currently exploited vulnerability (CVE-2025-62215, risk "high") affects the Windows kernel. In a warning message lists the affected versions, such as Windows 10/11 and Windows Server 2025. The extent to which the attacks are occurring is currently unknown. Admins should secure their systems as quickly as possible.

If attacks are successful, attackers can gain system privileges. In such a position, it can be assumed that computers are considered completely compromised. Microsoft does not currently elaborate on how such attacks occur.

Microsoft classifies four vulnerabilities (CVE-2025-60716 "high", CVE-2025-62199 "high", CVE-2025-30398 "high", CVE-2025-62214 "high") as critical. They affect DirectX, Office, PowerScribe 360, and Visual Studio. If attackers successfully exploit the vulnerabilities, they can execute malicious code, among other things.

To easily identify updates, Microsoft has adjusted the format: the date now appears first, followed by the type of update, the KB number, and the Windows build number.

Through a "critical" vulnerability (CVE-2025-60724) in the GDI+ graphics component, malicious code can also slip onto Windows systems. Furthermore, there are important security updates for other Windows components such as Remote Desktop Services and Smart Card Reader.

The Windows Administrator Protection feature is currently included in Windows as a preview, but a vulnerability (CVE-2025-60718 "high") has already been discovered. Attackers can gain higher privileges through this.

Microsoft lists all vulnerabilities closed on this patchday in its Security Update Guide.

Videos by heise

End of Support for Certain Windows Builds

As indicated in a post, support for Windows 11 version 23H2 (Home and Pro) has ended, and these editions will no longer receive security updates. Admins must upgrade to a still-supported version.

Furthermore, Microsoft has released KB5068781 the first security update for Windows 10 with Extended Support. Additionally, there is a Windows 10 update that is intended to resolve issues with setting up extended support.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten