Microsoft

Microsoft has a critical remote vulnerability (CVSS 8.8) that allows unauthenticated attackers to compromise systems over the network with only user interaction required, resulting in complete confidentiality, integrity, and availability compromise. Based on the CVSS vector, this is a network-based attack with low complexity that needs no special privileges but does require the user to click or interact with something malicious. Security teams should monitor for patch availability before the September 19, 2025 deadline and watch for exploitation attempts targeting users through social engineering or phishing campaigns.