Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 CVSS score: 7.8/7.0, which has been describ...

CVE-2025-60274

creationtimestamp| type| source ---|---|--- 2025-11-16 20:47:14+00:00| seen| https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/...

Patch Tuesday - October 2025

Microsoft is publishing 172 new vulnerabilities today. Microsoft is aware of public disclosure for just two of the vulnerabilities published today, and claims no evidence of in-the-wild exploitation. Today sees six zero-day vulnerabilities patched, but only a single one is evaluated as critical...

PT-2025-32857

Name of the Vulnerable Software and Affected Versions: Microsoft Teams versions prior to 25122.1415.3698.6812 Description: A heap-based buffer overflow exists in Microsoft Teams, potentially allowing an unauthorized attacker to execute code over a network. Exploitation may involve malicious links...