Microsoft's latest major patch fixes a serious zero-day flaw, and a host of other issues - so update now

Among them was a known zero-day vulnerability in Windows Kerberos, the company's implementation of the Kerberos authentication protocol, which securely verifies user identities in a Windows network using tickets instead of sending passwords over the network.

Kerberos was found to contain a “relative path traversal” flaw which allows an authorized threat actor to elevate privileges over a network.

Critical severity flaws

Besides the zero-day, Microsoft fixed another 106 flaws, including 13 bugs labeled “critical”.

Of those, nine are remote code execution (RCE) flaws that can be abused in device takeover attacks, information disclosure flaws that can be used in data exfiltration attacks, and an elevation of privilege bug.

Some of the more notable vulnerabilities fixed in the release include a 10/10, critical flaw in Azure OpenAI, tracked as CVE-2025-53767 which could allow unauthenticated threat actors to remotely access sensitive information in AI environments.

Another notable mention is a remote code execution bug in Microsoft Graphics Component that can be exploited through malicious files or images. It is tracked as CVE-2025-50165, and was given a severity score of 9.8/10 (critical).

There are also CVE-2025-53766, CVE-50171, and CVE-2025-53792, all of which have a severity score of 9.1 and higher, making them critical.

In total, 111 vulnerabilities were addressed by Microsoft, and although none are marked as being actively exploited in the wild, admins would be wise to apply the fix without delay.

Via BleepingComputer

You might also like

• Microsoft patches three worrying security flaws in its latest critical update, so update now
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers