Microsoft issued an emergency patch for CVE-2025-68346, a critical remote code execution flaw affecting multiple Windows versions requiring immediate patching.
Microsoft confirmed a severe security vulnerability in Windows operating systems. Tracked as CVE-2025-68346, this flaw enables remote attackers to execute arbitrary code without authentication. Unpatched systems face immediate compromise risk.
Affected products include Windows 10 versions 21H2 through 22H2, Windows 11 versions 21H2 and 22H2, and Windows Server 2022. Systems without the June 2025 cumulative updates remain vulnerable. Microsoft assigned a CVSS v3.1 score of 9.8 (Critical) due to low attack complexity and no user interaction requirements.
The vulnerability exists in the Windows Network Driver Interface Specification (NDIS) component. Attackers can exploit it by sending specially crafted network packets to exposed systems. Successful exploitation grants SYSTEM-level privileges, enabling full device control. Network-facing devices are at highest risk.
Mitigation requires immediate installation of Microsoft's security update released June 11, 2025. Administrators should prioritize patching externally accessible systems first. Verify installation using the KB5034xxx update identifier. For systems that cannot be patched immediately, restrict SMBv3 traffic via firewall rules as a temporary measure.
Microsoft detected limited targeted attacks exploiting this vulnerability prior to patch release. The Microsoft Security Response Center confirmed patch availability through Windows Update and the Security Update Guide. Enterprise administrators should deploy updates using WSUS or Microsoft Endpoint Configuration Manager. Monitor systems for unusual network activity on ports 445/TCP and 139/TCP.
Comments
Please log in or register to join the discussion