Microsoft’s latest Patch Tuesday update addresses over 100 vulnerabilities across its products, including Windows, Office, and SharePoint. The updates fix more than a dozen critical-severity flaws, with most being rated high-severity due to their CVSS scores.
According to Trend Micro’s Zero Day Initiative, one vulnerability, CVE-2025-53766, allows remote code execution through viewing a specially crafted image on Windows’ GDI+ component. Another critical vulnerability, CVE-2025-50165, impacts Windows’ graphics component and requires the user to view a specially crafted image.
Microsoft has not reported any of these vulnerabilities being exploited in the wild, with most having an ‘exploitation less likely’ or ‘exploitation unlikely’ assessment. However, experts warn that malicious ads can still be used to exploit some vulnerabilities.
Adobe has also released its Patch Tuesday updates, addressing nearly 70 CVEs across over a dozen products.
Source: https://www.securityweek.com/microsoft-patches-over-100-vulnerabilities