Microsoft disclosed CVE-2025-71064, a critical security flaw enabling remote attackers to execute arbitrary code on unpatched systems.
A severe vulnerability in Microsoft software, designated CVE-2025-71064, exposes systems to remote code execution attacks. This flaw carries a CVSS v3.1 score of 9.8 (Critical). Attackers exploiting this vulnerability could gain full control of affected devices without user interaction.
Affected products include Windows 11 versions 23H2 and 24H1, Windows Server 2022, and Microsoft Office 365 ProPlus builds 2308 through 2311. Unsupported Windows versions may also be vulnerable. The security weakness originates from improper memory handling in the Windows Kernel TCP/IP stack. Specifically, attackers can craft malicious network packets triggering a buffer overflow when processed by the tcpip.sys driver component.
Microsoft released patches addressing CVE-2025-71064 on November 12, 2025. Administrators must immediately apply updates via Windows Update or the Microsoft Update Catalog. For systems requiring delayed patching, implement temporary mitigations: block inbound TCP ports 445 and 139 at network boundaries and disable SMBv1 using Group Policy. These measures reduce attack surface but don't eliminate risk.
The vulnerability was reported to Microsoft through coordinated disclosure on October 1, 2025. Public exploit code was confirmed inactive at patch release. Microsoft's Security Update Guide provides technical details and detection logic. System administrators should prioritize patch deployment before December 1, 2025 when exploit availability is anticipated.
Failure to remediate could enable network-based attacks compromising enterprise environments. Verify patch installation using PowerShell command Get-Hotfix -Id KB5037856. Monitor Microsoft Security Response Center advisories for additional guidance.
Comments
Please log in or register to join the discussion