Microsoft has released 130 security patches, including a critical Windows remote code execution flaw that should be given a high priority for patching, says Trend Micro researcher Dustin Childs.
Overview of the Security Patches
- Microsoft released 130 security patches for various products, including Windows, Office, Azure,.NET, Visual Studio, Windows BitLocker, Windows Hyper-V, and Microsoft Edge.
- The patches address vulnerabilities that affect multiple product categories.
- Among the patches are critical-severity remote code execution flaws affecting Microsoft Office, SharePoint, and SQL Server.
A Critical Windows Remote Code Execution Flaw
Microsoft has disclosed a Windows remote code execution vulnerability (tracked at CVE-2025-47981) that “definitely” should be prioritized for patching, according to Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative.
The flaw “allows remote, unauthenticated attackers to execute code simply by sending a malicious message to an affected system,” Childs wrote. “Since there’s no user interaction, and since the code executes with elevated privileges, this bug falls into the wormable class of bugs.”
This vulnerability has received a severity rating of 9.8 out of 10.0 and has a high exploitability index rating, which means that Microsoft expects attacks within 30 days.
Why This Flaw is Critical
- The vulnerability allows remote, unauthenticated attackers to execute code without user interaction.
- The code executes with elevated privileges, making it a high-risk vulnerability.
- It falls into the wormable class of bugs, which are highly malicious and difficult to defend against.
Other Critical Vulnerabilities
- A SharePoint remote code execution vulnerability (tracked at CVE-2025-49704) with a severity rating of 8.8 out of 10.0.
- A SQL Server remote code execution vulnerability (tracked at CVE-2025-49717) with a severity rating of 8.5 out of 10.0.
