Microsoft recently rolled out security updates fixing over 60 vulnerabilities in Windows and its software, including a zero-day issue that’s already being exploited. This update is especially crucial since it includes fixes for all Windows versions, including Windows 10. Notably, Microsoft has extended security support for Windows 10 for an extra year, allowing users to protect their systems longer.
Among the important products updated are Windows OS, Office, SharePoint, SQL Server, and Azure Monitor Agent. One vulnerability, identified as CVE-2025-62215, can cause memory corruption. Experts have rated it as “important” because exploiting it requires prior access to the target device.
Johannes Ullrich from the SANS Technology Institute noted that these types of vulnerabilities often form part of larger attacks. He believes that thanks to previous similar vulnerabilities, an attacker may find it relatively easy to exploit this one.
Ben McCarthy, a cybersecurity engineer, highlighted another critical flaw in a core Windows graphic component (GDI+), noted as CVE-2025-60274. This flaw affects a wide array of applications, including Microsoft Office. He emphasized that fixing this issue should be a top priority for organizations, given its high risk.
Additionally, a critical vulnerability in Office, identified as CVE-2025-62199, could allow remote code execution just by viewing a dangerous message, making it particularly concerning.
Even though Microsoft ended official support for Windows 10 last month, the extra year of free updates is a welcome relief. Some users reported issues enrolling in this program, which prompted a recent fix. Nick Carroll from Nightwing pointed out that users should ensure they have installed update KB5071959 to solve these problems.
Chris Goettl from Ivanti added that in addition to Microsoft’s updates, other updates from Adobe and Mozilla have been released, with Google Chrome updates expected soon as well.
For a detailed analysis of each fix, you can check the SANS Internet Storm Center, which categorizes updates by severity. Windows administrators should also keep an eye on askwoody.com for information on any potential update issues.
As always, remember to back up your data regularly. It’s a good habit to protect your information.
