#Vulnerabilities

Critical Microsoft Vulnerability CVE-2025-61145 Requires Immediate Patching

Vulnerabilities Reporter
2 min read

Microsoft has identified a critical remote code execution vulnerability affecting multiple products. Organizations must apply security updates immediately to prevent exploitation.

Critical Microsoft Vulnerability CVE-2025-61145 Requires Immediate Patching

Microsoft has released security updates addressing a critical vulnerability that could allow remote code execution. Organizations must apply these patches immediately to prevent potential attacks.

What's Affected

The vulnerability impacts multiple Microsoft products including:

  • Windows 10 and Windows 11
  • Windows Server 2019 and 2022
  • Microsoft Office 2019 and Microsoft 365 Apps
  • Microsoft Edge (Chromium-based)

Severity Assessment

CVE-2025-61145 carries a CVSS score of 9.8, indicating critical severity. The vulnerability allows an attacker to execute arbitrary code with system privileges without authentication.

Technical Details

The vulnerability exists in the way the Microsoft Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

Attackers could then install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires no user interaction beyond convincing a user to open a specially crafted document or visit a malicious website.

Mitigation Steps

Microsoft has released security updates to address this vulnerability. Organizations should:

  1. Apply the latest security updates immediately

  2. Enable the Enhanced Mitigation Experience Toolkit (EMET)

    • Configure system settings to block known exploitation techniques

  3. Implement network segmentation

    • Restrict access to critical systems from untrusted networks

  4. Train users to recognize phishing attempts

    • Exercise caution with unexpected documents and links

Timeline

  • Discovery: September 2025
  • Vendor notified: September 2025
  • Patch release: November 2025
  • Public disclosure: November 2025

Additional Resources

Organizations unable to immediately patch should implement additional compensating controls as outlined in Microsoft's guidance. The threat landscape for this vulnerability is rapidly evolving with active exploitation observed in the wild.

#CVE#Microsoft#Remote Code Execution#Patch#Security Update

Comments

Loading comments...
Back to Home