Microsoft Discloses ‘Extraordinary’ Number Of Actively Exploited Vulnerabilities: Researcher

The tech giant’s monthly release of security fixes addresses vulnerabilities including six flaws that are believed to be under active attack, according to Trend Micro’s Dustin Childs.

Microsoft’s monthly release of security fixes addresses vulnerabilities including six flaws that are believed to be under active attack.

A total of 67 CVEs (Common Vulnerabilities and Exposures) received patches as part of the release, popularly known as “Patch Tuesday.”

[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]

“This is nearly identical to the release last month in volume, but the number of actively exploited bugs is extraordinary,” wrote Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative, in a blog post.

“One of these bugs is listed as publicly known, and six(!) others are listed as under active attack at the time of release,” Childs wrote.

CRN has reached out to Microsoft for comment.

The six vulnerabilities that have seen active exploitation impact various components of Windows. The U.S. Cybersecurity and Infrastructure Security Agency added the flaws to its catalog of exploited vulnerabilities Tuesday:

• Windows Win32k Use-After-Free Vulnerability (CVE-2025-24983)
• Windows NTFS Information Disclosure Vulnerability (CVE-2025-24984)
• Windows Fast FAT File System Driver Integer Overflow Vulnerability (CVE-2025-24985)
• Windows NTFS Out-Of-Bounds Read Vulnerability (CVE-2025-24991)
• Windows NTFS Heap-Based Buffer Overflow Vulnerability (CVE-2025-24993)
• Windows Management Console (MMC) Improper Neutralization Vulnerability (CVE-2025-26633)

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote in an advisory Tuesday.

The vulnerabilities that have been listed as exploited are considered “important” in severity, with severity scores ranging from 4.6 to 7.8 out of 10.0, according to Childs.

The Microsoft Management Console vulnerability — discovered by a Trend Micro researcher — has been exploited by a threat actor known as EncryptHub, he wrote.

“With more than 600 organizations impacted by these threat actors, test and deploy this fix quickly to ensure your org isn’t added to the list,” Childs wrote.

Six other vulnerabilities fixed in the patch release, meanwhile, are listed by Microsoft as critical-severity flaws, according to Childs.

The newly disclosed critical vulnerabilities affect Office, Remote Desktop Client, Windows Domain Name Service, Remote Desktop Services and Windows Subsystem for Linux.