"Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to privilege escalation, followed by remote code execution (22), information disclosure (14), and denial-of-service (3)."
""For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws," Satnam Narang, senior staff research engineer at Tenable, said. "Nearly 50% (47.5%) of all bugs this month are privilege escalation vulnerabilities." The patches are in addition to 12 vulnerabilities addressed in Microsoft's Chromium-based Edge browser since the release of August 2025's Patch Tuesday update, including a security bypass bug (CVE-2025-53791, CVSS score: 4.7) that has been patched in version 140.0.3485.54 of the browser."
Microsoft released fixes for 80 vulnerabilities, eight rated Critical and 72 Important. None of the flaws were reported exploited as zero-days. Vulnerability types include 38 privilege escalation, 22 remote code execution, 14 information disclosure, and 3 denial-of-service. Nearly half of the bugs are privilege escalation issues, per Tenable. Twelve additional fixes addressed vulnerabilities in Chromium-based Edge, including CVE-2025-53791. The publicly known issue is CVE-2025-55234, a Windows SMB privilege escalation with CVSS 8.8 that can enable relay attacks depending on configuration. The update adds support for auditing SMB client compatibility for Server signing and SMB Server EPA to help detect incompatibilities before hardening.
#microsoft-patch-tuesday #privilege-escalation #smb-vulnerability-cve-2025-55234 #edge-chromium-vulnerabilities
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]