SC Media reports that Microsoft has addressed 56 security vulnerabilities as part of this month's Patch Tuesday, including a pair of zero-day flaws that may have already been leveraged in attacks.The fixed zero-days included the Windows Storage component privilege escalation bug, tracked as CVE-2025-21391, which could be exploited to facilitate arbitrary data writing and deletion. The bug could also be chained with a code execution issue to enable system takeovers, according to Trend Micro Zero Day Initiative researcher Dustin Childs.Exploitation of the other privilege escalation zero-day, tracked as CVE-2025-21418, could allow for full system hijacking.Automox Senior Security Director Henry Smith said this bug was potentially associated with the Windows Ancillary Function Driver for WinSock flaw, tracked as CVE-2023-21768. Childs noted that Microsoft's latest batch of vulnerability fixes was "more in line with expectations" after the tech conglomerate issued patches for 159 security bugs last month.
You can skip this ad in 5 seconds