Microsoft fixes 124 flaws, including one under active exploitation
a year ago
- #Microsoft
- #Patch Tuesday
- #Cybersecurity
- Microsoft released 124 security fixes in its latest Patch Tuesday update.
- One vulnerability (CVE-2025-29824) is under active exploitation, affecting Windows Common Log File System.
- The exploited flaw has a CVSS score of 7.8 and was used by the Storm-2460 group to deploy ransomware.
- 11 vulnerabilities were marked as 'Critical,' with others affecting Office and Excel.
- Experts warn that lower-severity flaws can be chained for system takeovers.
- The Patch Tuesday update may trigger additional exploit attempts ('Exploit Wednesday').
- Affected sectors include IT, real estate (U.S.), finance (Venezuela), software (Spain), and retail (Saudi Arabia).
- Security researchers emphasize the risks of combining exploits with social engineering attacks.