Among the corrections, 22 security vulnerabilities have made it possible to execute the code remotely, and 19 may allow attackers to receive higher system privileges. Three of them were classified as “critical ..
Two “zero days”: actively employed:
– CV-2025-21 391 – The disadvantage in Windows storage area allows attackers to delete files, which can lead to malfunctions in the system.
– CV-2025-21 418 – A safe vulnerability to the Windows auxiliary function driver, which allows computer pirates to fully access the system.
Other two open “zero days”:
– CV-2025-21 194 – The security error in Microsoft Surface may allow the attackers to overcome Pixiefail’s defense of the UEFI associated with previous security deficits.
– CV-2025-21 377 – An error in changing the NTLM mix that can allow hackers to steal accounting data when the user interacts with a malicious file.
Microsoft recommends users to update their systems immediately to remain protected.
Source: Ferra

I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.