Microsoft addressed 63 vulnerabilities affecting its underlying systems and core products, including one actively exploited zero-day, the company said in its latest monthly security update.
The zero-day vulnerability — CVE-2025-62215 — affects the Windows Kernel and has a CVSS rating of 7.0 due to a high attack complexity, according to Microsoft. Exploitation, which could allow an attacker to gain system privileges, requires an attacker to win a race condition, the company said. Microsoft did not provide any further details about the scope of exploitation.
The race condition is notable because it indicates some race conditions are more reliable than others, Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said in a blog post. Race conditions in vulnerabilities, which involve multiple simultaneous processes designed to trigger errors, often impede exploitation.
“Bugs like these are often paired with a code execution bug by malware to completely take over a system,” Childs added.
Mike Walters, president and co-founder at Action1, said a functional exploit for CVE-2025-62215 exists, but no public proof-of-concept has been released. “Exploitation is complex, but a functional exploit seen in the wild raises urgency, since skilled actors can reliably weaponize this in targeted campaigns,” he said in an email.
An attacker with low-privilege local access can trigger the race condition by running a specially crafted application, according to Ben McCarthy, lead cyber security engineer at Immersive. “The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronized way, confusing the kernel’s memory management and causing it to free the same memory block twice,” he said in an email.
The most severe defect disclosed this month — CVE-2025-60724 — is a remote-code execution vulnerability affecting Microsoft Graphics Component with a CVSS rating of 9.8, but Microsoft designated the flaw as less likely to be exploited.
Microsoft flagged five defects as more likely to be exploited this month, including three vulnerabilities — CVE-2025-60719, CVE-2025-62213 and CVE-2025-62217 — affecting Windows Ancillary Function Driver for WinSock with CVSS ratings of 7.0.
The kernel-mode driver is fundamental to Windows, making defects in the component inherently high-risk, according to McCarthy.
“Due to it being so intertwined with network-related functionality of Windows, it has the potential to be a way in for many applications in the Windows ecosystem. There have been many vulnerabilities in the past that have been weaponized in this kernel-mode driver,” he added.
The full list of vulnerabilities addressed this month is available in Microsoft’s Security Response Center.