Important security updates have been released for Azure, Office, Windows, etc. There are already attacks and more may be imminent.

Unknown attackers are currently targeting various Windows and Windows Server versions. Admins should ensure that Windows Update is active and the latest patches are installed so that systems are protected from attacks.

Attacks on Windows

In addition to Windows 10 and 11, current and older server versions are also affected. Attackers gain system rights via a vulnerability (CVE-2025-21418 high). In such a position, it can be assumed that they can completely compromise PCs.

Successful attacks on the second exploited vulnerability (CVE-2025-21391 high) enable attackers to delete files. According to Microsoft, this does not allow them to access confidential information, but it can ensure that certain services no longer work.

How such attacks work and to what extent they take place is currently unknown.

Further vulnerabilities

Two vulnerabilities (CVE-2025-21194 high, CVE-2025-21377 medium) are publicly known and attacks may be imminent. The first affects various Surface models.

If attacks work, attackers can bypass security mechanisms in the UEFI to compromise the hypervisor and kernel. To do this, however, victims must play along and, among other things, restart their Surface model.

The second known vulnerability affects Windows and attackers can gain access to NTLMv2 hashes. To do this, however, a victim must click on a prepared file.

The majority of the remaining security vulnerabilities are classified as having a high threat level. At these points, attackers can gain higher user rights in Azure, Dynamics 365 or Windows, among others, or execute malicious code in the context of Excel.

Microsoft lists further information on the vulnerabilities closed on this patch day in the Security Update Guide.