top of page
perceptive_background_267k.jpg

Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volg…

Published:

11 November 2025 at 18:29:38

Alert date:

5 December 2025 at 08:03:23

Source:

ncsc.nl

Click to open the original link from this advisory

Microsoft has patched multiple vulnerabilities in Windows affecting various components. The most critical vulnerability is CVE-2025-60724 in the GDI+ Graphics Component with CVSS 9.8, allowing arbitrary code execution. Attack vectors include Denial-of-Service, arbitrary code execution with admin rights, access to sensitive data, and privilege escalation. The GDI+ vulnerability can be exploited by tricking users to download malicious files or through public web services without user interaction. Total of 42 CVEs were patched across Windows components including DirectX, Remote Desktop, Bluetooth, Hyper-V, and kernel components.

Technical details

Mitigation steps:

Affected products:

Microsoft Windows
Windows DirectX
Windows Administrator Protection
Windows Bluetooth
Windows License Manager
Windows Remote Desktop
Windows RRAS
Windows Hyper-V
Windows Speech
Windows Smart Card
Windows OLE
Windows Kernel
Windows WLAN Service

Related links:

https://advisories.ncsc.nl/advisory?id=NCSC-2025-0358

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page