Microsoft has recently pushed out updates for 57 patches across 10 product families. Among these patches are six critical issues and nine with a CVSS base score of 8.0 or higher. Of these, six issues affecting Windows are actively being exploited, while one has been publicly disclosed but not yet exploited.
Looking ahead, Microsoft predicts that 11 additional CVEs are more likely to be exploited within the next 30 days. Four of this month’s issues can be directly detected by Sophos products. The release also includes information on servicing stack updates and 12 Edge patches released a few days prior. Additionally, nine Adobe Reader issues are addressed in this release.
The patches are sorted by severity, predicted exploitability timeline, CVSS base score, and product family. Windows received the lion’s share of patches with 37, while other significant families include 365 with 11 patches, Office with 11 patches, Azure with 4 patches, and Visual Studio with 4 patches.
In addition to the general patches, specific issues such as the Microsoft Office Remote Code Execution Vulnerability (CVE-2025-24057) and the Remote Desktop Client Remote Code Execution Vulnerability (CVE-2025-26645) have been highlighted. A series of vulnerabilities affecting various file systems within Windows have also been identified, with some already being exploited in the wild.
Furthermore, updated information on Microsoft’s advisory-style updates and a breakdown of the patches affecting different Windows Server versions are provided. The appendix lists advisories, other relevant CVEs addressed in the release, and highlights affected Windows Server versions.
It is recommended for users to download the updates manually from the Windows Update Catalog website if they wish to avoid waiting for their system to pull them down automatically. Microsoft assures users that the latest builds of Windows are no longer vulnerable to the identified issues.