Redmond has released security updates to fix at least 67 of its Windows operating systems and software.
One of the flaws is already being exploited, with software blueprints for a pervasive Windows bug also now public.
The sole zero-day flaw this month affects the Windows implementation of WebDAV, an HTTP extension for remotely managing files and directories on a server.
While it’s not enabled by default in Windows, it still offers a relevant target.
Additionally, Microsoft warns that a Windows Server Message Block (SMB) client vulnerability is likely to be exploited due to it being publicly accessible and having a high CVSS risk score of 8.8.
This month’s notable patches also include fixes for ten “critical” Microsoft remote code execution flaws, and a fix for a newly discovered Windows Server 2025 weakness that lets attackers act with the privileges of any user in Active Domain.