#Vulnerabilities

Microsoft Addresses Critical Vulnerability in Multiple Products

Vulnerabilities Reporter
2 min read

Microsoft has released security updates to address CVE-2025-67030, a critical vulnerability affecting multiple products. The vulnerability allows remote code execution. Organizations must apply patches immediately.

Microsoft Addresses Critical Vulnerability in Multiple Products

Microsoft has released security updates to address CVE-2025-67030, a critical vulnerability affecting multiple products. The vulnerability allows remote code execution with no user interaction required.

Impact

This vulnerability is critical. Attackers can exploit it to take complete control of affected systems. They can install programs, view, change, or delete data, and create new accounts with full user rights.

Affected Products

Windows 10 (version 21H2 and later) Windows 11 (all versions) Windows Server 2022 Windows Server 2019 Microsoft Office 2019 Microsoft 365 Apps for Enterprise

Technical Details

CVE-2025-67030 is a memory corruption vulnerability in the Microsoft Graphics Component. When the vulnerability is exploited, it can corrupt system memory in a way that could allow arbitrary code execution.

The vulnerability exists due to improper handling of specially crafted image files. An attacker could exploit this by convincing a user to open a malicious file or visit a specially crafted website.

Severity

CVSS Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Mitigation

Microsoft has released security updates to address this vulnerability. Organizations should apply the updates immediately.

For affected Windows systems:

  1. Install the latest security updates through Windows Update
  2. For systems that cannot receive updates immediately, implement the workarounds below

Workarounds:

  • Block access to suspicious image files
  • Disable the Microsoft Graphics Component via Group Policy
  • Use Microsoft Defender Application Control to block vulnerable components

Timeline

  • Vulnerability discovered: December 2024
  • Microsoft notified: January 2025
  • Patch developed: February 2025
  • Release date: March 11, 2025

Additional Resources

Microsoft Security Update Guide CVE-2025-67030 Details Windows Security Updates

Organizations should prioritize patching systems that are exposed to the internet or handle untrusted files. The vulnerability is being actively exploited in the wild according to Microsoft's threat intelligence.

#CVE-2025-67030#Microsoft#Remote Code Execution#Windows#Security Patch

Comments

Loading comments...
Back to Home