Microsoft recently addressed significant security vulnerabilities affecting various versions of Windows, including Windows 11 and Windows Server 2022. Attackers are actively exploiting five specific vulnerabilities, which could enable the installation of malicious code and compromise systems.
Exploited Vulnerabilities
The vulnerabilities, documented as CVE-2025-30400, CVE-2025-30397, CVE-2025-32709, CVE-2025-32701, and CVE-2025-32706, are classified with a high threat level. Attackers can manipulate victims into clicking on specially crafted links, which then switch Microsoft Edge into Internet Explorer mode—a version that is no longer supported and receives no security updates since its end of life in June 2022. Additionally, there is a critical threat through vulnerabilities in the common log file system driver that can grant system rights to attackers.
Ongoing Threats
Further vulnerabilities in Microsoft Defender (CVE-2025-26685) and Visual Studio (CVE-2025-32702) have also been recognized, both of which may lead to system compromises through malicious code execution. Specifically, Azure is impacted by two critical vulnerabilities (CVE-2025-29827, CVE-2025-29972) that allow attackers to elevate user privileges.
Microsoft provides detailed information about the vulnerabilities and the measures to mitigate them in their Security Update Guide. It is crucial for users to stay updated and secure their systems against these ongoing threats.