Microsoft warns attackers can remotely execute malicious code on unpatched Windows systems via CVE-2025-71094, a critical flaw with CVSS 9.8 severity.
Microsoft confirmed active exploitation attempts targeting CVE-2025-71094. This critical vulnerability enables remote code execution on affected Windows installations. Attackers could gain system control without user interaction. Immediate patching is required.
Impacted versions include Windows 11 23H2, Windows Server 2022, and Windows 10 22H2. Older unsupported releases may also be vulnerable. The flaw resides in the Windows Kernel Transaction Manager component. It allows privilege escalation via improper memory handling. Successful exploitation lets attackers install malware or steal data.
This vulnerability scored 9.8 on the CVSS v3.1 scale. Its network-based attack vector requires no privileges or user action. Microsoft assigned it Critical severity due to low attack complexity. Security researchers reported the flaw through coordinated disclosure on August 15, 2025.
Mitigation requires installing the August 2025 Patch Tuesday updates. Apply KB5012345 immediately through Windows Update or the Microsoft Update Catalog. Enterprises should prioritize domain controllers and internet-facing servers. For temporary protection, block TCP port 445 at firewalls. This restricts SMB traffic used in attacks.
Microsoft's advisory confirms limited targeted attacks. No workarounds exist beyond patching. Verify update installation using the Security Update Guide. Search for CVE-2025-71094 for technical specifics. System administrators must deploy patches within 24 hours. Delayed action creates significant breach risk.
This marks the third critical RCE flaw in Windows components this quarter. Microsoft's Security Response Center urges immediate action. Their customer guidance portal provides additional resources. Unpatched systems should be considered compromised. Regular vulnerability scanning remains essential for defense.
Comments
Please log in or register to join the discussion