Microsoft Patches Actively Exploited Windows Kernel Zero-Day

Microsoft’s latest Patch Tuesday updates address more than 60 vulnerabilities, including a Windows kernel zero-day that has been exploited in unspecified attacks.

The zero-day is tracked as CVE-2025-62215 and it has been described as an important-severity privilege escalation flaw that allows an attacker to gain System privileges on the targeted Windows device.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” Microsoft explained in its advisory.

According to Microsoft, its Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) found CVE-2025-62215. The tech giant has not disclosed any information on the attacks exploiting the vulnerability.

Microsoft has assigned ‘critical severity’ ratings to four vulnerabilities affecting Windows, Office, Visual Studio, and Nuance PowerScribe 360.

Important-severity security holes have been patched this month in Windows, Visual Studio, Azure Monitor Agent, Configuration Manager, Dynamics 365, Office, OneDrive, SharePoint, and Edge.

Overall, more than 30 of the vulnerabilities fixed this month can be exploited for privilege escalation, and 22 allow remote code execution. Other weaknesses can lead to spoofing, DoS, security bypass, and information disclosure.

Additional information on the latest patches is available on Microsoft’s MSRC website.

Adobe this month patched nearly 30 vulnerabilities across its product portfolio.

This article was published by Security Week. Please check their website for the original content.