Microsoft addresses critical vulnerability CVE-2025-68817 affecting multiple products with immediate security updates.
Microsoft has released security updates to address a critical remote code execution vulnerability affecting multiple products. Attackers could exploit this vulnerability to take control of affected systems.
What's Affected
- Microsoft Windows 10 (versions 1903, 1909, 2004, 20H2, 21H1, 21H2, 22H2)
- Microsoft Windows 11 (versions 21H2, 22H2, 23H2)
- Microsoft Server 2016, 2019, 2022
- Microsoft Edge (Chromium-based)
Severity
CVE-2025-68817 has a CVSS score of 8.8 (High severity). The vulnerability allows remote code execution without authentication.
Technical Details
The vulnerability exists when Microsoft Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Users whose accounts are configured to have fewer user rights could be less impacted than users who operate with administrative user rights. However, the vulnerability could still be exploited to take control of an affected system.
Mitigation
Microsoft recommends applying the security updates immediately. The updates are available through:
- Windows Update
- Microsoft Update Catalog
- Microsoft Update Server
For enterprise environments, deploy updates through your standard patch management system.
Timeline
- Vulnerability discovered: March 2025
- Security updates released: April 2025
- Next security bulletin: May 2025
Additional Information
For more details, visit the Microsoft Security Response Center or the official security update guide.
Organizations experiencing issues with the updates should contact Microsoft Support.
Comments
Please log in or register to join the discussion