Among the flaws addressed in this month’s batch of updates are three vulnerabilities in the Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) actively exploited in attacks. The flaws allow attackers to escalate their privileges to SYSTEM-level access.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
In addition to the Hyper-V flaws, Microsoft has also fixed five publicly known vulnerabilities, including CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395 (Microsoft Access Remote Code Execution Vulnerability), CVE-2025-21275 (Windows App Package Installer Elevation of Privilege Vulnerability), CVE-2025-21308 (Windows Themes Spoofing Vulnerability).
The first three vulnerabilities (CVE-2025-21186, CVE-2025-21366, CVE-2025-21395) could allow remote code execution in Microsoft Access, potentially leading to full system compromise if exploited. The App Package Installer flaw (CVE-2025-21275) enables attackers to escalate privileges, while the Windows Themes Spoofing vulnerability (CVE-2025-21308) could be leveraged in social engineering attacks to mislead users.
Microsoft has not disclosed the details of how these vulnerabilities might be actively exploited in the wild, nor has it identified the threat actors behind any attacks.
In addition to the above-mentioned flaws, Redmond addressed a slew of high-risk issues affecting Microsoft NEGOEX, Microsoft Excel, Microsoft Office, Microsoft Windows OLE, Microsoft Visual Studio, Microsoft .NET, .NET Framework, and Visual Studio, Microsoft RMCAST, Windows NTLM V1, Microsoft Internet Explorer, Microsoft Word, and other software.
