Microsoft has released security updates to address a critical vulnerability affecting multiple products. Exploitation could allow remote code execution.
Microsoft has released security updates to address CVE-2025-68780, a critical vulnerability affecting multiple Microsoft products. The vulnerability could allow remote code execution if an attacker successfully exploits it.
What's Affected
The following Microsoft products are affected by CVE-2025-68780:
- Windows 10 Version 1903 and later
- Windows 11 Version 21H2 and later
- Windows Server 2022
- Microsoft Edge (Chromium-based)
- Microsoft Office 2019 and Microsoft 365 Apps
Severity and Impact
CVSS Score: 8.8 (Critical)
Exploitation of this vulnerability could allow an attacker to execute arbitrary code with elevated privileges. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Mitigation Steps
Microsoft recommends the following immediate actions:
Install Updates Immediately
- Apply the security updates released on Patch Tuesday
- Windows users: Enable automatic updates or check for updates manually
Workarounds
- Disable the affected component in Group Policy (if applicable)
- Implement network segmentation to limit exposure
- Use application whitelisting to restrict unauthorized code execution
Detection
- Monitor for unusual process execution patterns
- Enable advanced logging on affected systems
- Review Microsoft's Detection Guidance for specific indicators
Timeline
- Discovery: July 15, 2025
- Notification to Vendor: July 18, 2025
- Patch Release: August 11, 2025 (as part of August Security Updates)
- Public Disclosure: August 14, 2025
Organizations should prioritize deployment of these updates, especially on systems exposed to untrusted networks. For enterprise environments, test updates in a non-production environment before widespread deployment.
Additional information is available in the Microsoft Security Advisory ADV980001.
Comments
Please log in or register to join the discussion