Major Tech Giants Patch 326 Vulnerabilities, Including Zero-Days and Actively Exploited Flaws
Microsoft 365, Google, Mozilla, and Adobe have released crucial security updates addressing a total of 326 vulnerabilities across their software products. These updates include fixes for critical remote code execution flaws and zero-day exploits.
Microsoft 365 topped the list with 67 fixes, including 10 critical ones. Notably, they patched CVE-2025-33073, an elevation of privilege vulnerability in Windows Server Message Block (SMB) client, which could grant attackers 'SYSTEM' level control over a vulnerable PC without further user interaction. Microsoft 365 warns that this flaw is likely to be exploited due to public proof-of-concept code.
The tech giant also addressed CVE-2025-33053, a critical remote code execution flaw in their Exchange Server software, which is already under active attack. This vulnerability, with low attack complexity, relies on a user clicking a malicious link.
Google Chrome and Mozilla Firefox both released updates requiring a browser restart. Chrome's update fixed two zero-day exploits (CVE-2025-5419 and CVE-2025-4664).
Adobe released updates for seven products, addressing at least 259 vulnerabilities, including one already under active attack (CVE-2025-33053) affecting the Windows implementation of WebDAV.
Users are advised to apply these updates promptly to protect against known vulnerabilities and potential cyber threats. The sheer number of patched flaws underscores the importance of regular software updates and diligent cybersecurity practices.
