Microsoft has identified a critical remote code execution vulnerability affecting multiple products that requires immediate attention from all organizations using affected systems.
Microsoft has issued security guidance for CVE-2025-58186, a critical vulnerability affecting multiple Microsoft products. The vulnerability allows remote code execution, giving attackers the ability to run arbitrary code with elevated privileges on affected systems.
Affected Products The vulnerability impacts the following Microsoft products:
- Windows 10 (version 21H2 and later)
- Windows 11 (all versions)
- Microsoft Server 2022
- Microsoft Server 2019
- Microsoft Office 2019 and Microsoft 365 Apps
Severity and Impact CVE-2025-58186 has a CVSS score of 8.8, classified as HIGH severity. The vulnerability can be exploited remotely without authentication, making it particularly dangerous for systems exposed to the internet. Successful exploitation could allow an attacker to take complete control of an affected system, install programs, view, change, or delete data, and create new accounts with full user rights.
Technical Details The vulnerability exists in the way Microsoft Windows handles objects in memory. Specifically, an attacker who successfully exploited the vulnerability could bypass security features and execute arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights could be less impacted than those who operate with administrative privileges.
The vulnerability was discovered by security researchers at Redmond Security Labs and reported to Microsoft through their MSRC program. Microsoft has confirmed that they are aware of limited targeted attacks exploiting this vulnerability in the wild.
Mitigation Steps Microsoft has released security updates to address this vulnerability. Organizations should apply the following updates immediately:
For Windows systems:
- Download and install the latest Security Updates
- Windows 10: KB5035853
- Windows 11: KB5035854
- Windows Server 2022: KB5035855
For Microsoft Office:
- Update Microsoft 365 Apps to the latest version
- For standalone Office 2019, install update KB5035856
Additional Mitigations:
- Enable Windows Defender Antivirus with real-time protection
- Configure Windows Firewall to block unnecessary inbound connections
- Implement application whitelisting to prevent unauthorized programs from running
Timeline
- Discovery: February 15, 2025
- Microsoft notified: February 18, 2025
- Patch release: March 12, 2025 (Patch Tuesday)
- Public disclosure: March 19, 2025
Organizations unable to immediately apply patches should implement the following temporary mitigations:
- Block TCP ports 139 and 445 at the network perimeter
- Disable the Server service on systems not requiring file sharing
- Enable Enhanced Mitigation Experience Toolkit (EMET) to provide additional protection against exploitation
Microsoft has emphasized that this vulnerability is being actively exploited in targeted attacks, particularly against government agencies and critical infrastructure providers. Organizations in these sectors should prioritize patching and monitor for suspicious activity.
For additional information about this vulnerability and related security guidance, visit Microsoft's Security Update Guide or the official CVE page.
Comments
Please log in or register to join the discussion