Microsofthas recently addressed a set of 80 vulnerabilities in its software, of which eight have been classified as critical and 72 as important. It is important to note that none of these vulnerabilities have been exploited so far as a zero-day flaw. This month, of the 80 reported vulnerabilities, 38 are related to privilege escalation, which represents almost 50% of all the flaws, surpassing remote code execution vulnerabilities for the third time this year.
Windows against cyber pirates
One of the most concerning vulnerabilities is CVE-2025-55234, which has a CVSS of 8.8 and allows relay attacks in SMB. Microsoft has warned that simply applying patches is not enough, as additional auditing options need to be implemented to ensure proper protection of the environment. “This vulnerability allows an attacker to capture and forward authentication material, which could lead to privilege escalation”, security experts explained.
Another critical vulnerability is CVE-2025-54914, with a CVSS of 10.0, which affects Azure Networking and does not require any action from the customer. Additionally, flaws have been discovered in BitLocker that could allow an attacker with physical access to bypass protection and access encrypted data, recommending the enabling of TPM+PIN to enhance security.
In addition, researcher Fabian Mosch has presented a new lateral movement technique called BitLockMove, which allows for the remote manipulation of BitLocker records, potentially leading to the execution of code with elevated privileges. This technique highlights the importance of enhancing security measures around the affected devices.
Microsoft, along with other providers, has released security updates to address several vulnerabilities and protect its users against potential attacks.