Microsoft releases update to fix 57 security vulnerabilities

Accordingly, Microsoft's update aims to fix the following bugs: 23 elevation of privilege bugs, 3 security feature bypass bugs, 23 remote code execution bugs, 4 information disclosure bugs, 1 denial of service bug, and 3 spoofing bugs. In addition, Microsoft has also released patches for many vulnerabilities in Mariner and Microsoft Edge.

According to information from Bleeping Computer, Windows computer users need to urgently update this month's security patches because 7 of them are important patches to address 0-day vulnerabilities, with 6 of the vulnerabilities being actively exploited.

Among them: two vulnerabilities CVE-2025-24985 and CVE-2025-24993 allow attackers to execute code remotely by tricking users into opening a malicious VHD file. Another vulnerability affects Windows Fast FAT System Drive, while the remaining vulnerability is related to Windows NTFS. Two information disclosure vulnerabilities in Windows NTFS, CVE-2025-24984 and CVE-2025-24991, allow bad actors to steal data when users connect a malicious USB drive.

CVE-2025-24983 is a vulnerability in the Windows Win32 kernel subsystem that allows local attackers to take over the system, while CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console. Microsoft said most of the zero-day vulnerabilities exploited were discovered anonymously, although some were identified by security firms such as ESET and Trend Micro.

Additionally, the CVE-2025-26630 vulnerability allows remote code execution in Microsoft Office Access if a user opens a file from a phishing attack.

To ensure the device is updated, users need to go to Start- Settings- Windows Update- select Check for Windows updates.