June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild:

RCE – WEBDAV (CVE-2025-33053). The vulnerability is related to Internet Explorer mode in Microsoft Edge and other applications. Exploited via malicious URL click.
SFB – Chromium (CVE-2025-4664)
Memory Corruption – Chromium (CVE-2025-5419)

There’s a PoC for one of the vulnerabilities on GitHub, but I doubt it actually works:

EoP – Microsoft Edge (CVE-2025-47181)

Other notable ones include:

RCE – Microsoft Office (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), KPSSVC (CVE-2025-33071), SharePoint (CVE-2025-47172), Outlook (CVE-2025-47171)
EoP – SMB Client (CVE-2025-33073), CLFS (CVE-2025-32713), Netlogon (CVE-2025-33070)

Full Vulristics report

На русском

May Microsoft Patch Tuesday. A total of 93 vulnerabilities – about 1.5 times fewer than in April. Of these, 22 were added between the April and May MSPT. There are 5 vulnerabilities show signs of in-the-wild exploitation:

EoP – Microsoft DWM Core Library (CVE-2025-30400)
EoP – Windows CLFS Driver (CVE-2025-32701, CVE-2025-32706)
EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-32709)
Memory Corruption – Scripting Engine (CVE-2025-30397). RCE when clicking a malicious link. Exploitation requires the “Allow sites to be reloaded in Internet Explorer” option.

There are currently no vulnerabilities with public exploits.

Notable among the rest:

RCE – Remote Desktop Client (CVE-2025-29966, CVE-2025-29967), Office (CVE-2025-30377, CVE-2025-30386), Graphics Component (CVE-2025-30388), Visual Studio (CVE-2025-32702)
EoP – Kernel Streaming (CVE-2025-24063), CLFS Driver (CVE-2025-30385)

Full Vulristics report

На русском

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild:

EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.
SFB – Microsoft Edge (CVE-2025-2783). Sandbox escape with an existing PoC exploit.
RCE – Microsoft Edge (CVE-2025-24201). Originally reported as a WebKit vuln on Apple OSes.

Microsoft also patched vulnerabilities in Kubernetes with known exploits (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-24513)

Other notable ones:

RCE – LDAP (CVE-2025-26670, CVE-2025-26663), TCP/IP (CVE-2025-26686), Microsoft Office (CVE-2025-29794, CVE-2025-29793), RDS (CVE-2025-27480, CVE-2025-27482), Hyper-V (CVE-2025-27491)
SFB – Kerberos (CVE-2025-29809)

Full Vulristics report

На русском

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild:

RCE – Windows Fast FAT File System Driver (CVE-2025-24985)
RCE – Windows NTFS (CVE-2025-24993)
SFB – Microsoft Management Console (CVE-2025-26633)
EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983)
InfDisc – Windows NTFS (CVE-2025-24991, CVE-2025-24984)
AuthBypass – Power Pages (CVE-2025-24989) – in Microsoft web service, can be ignored

There are no vulnerabilities with public exploits, there are 2 more with private ones:

RCE – Bing (CVE-2025-21355) – in Microsoft web service, can be ignored
SFB – Windows Kernel (CVE-2025-21247)

Among the others:

RCE – Windows Remote Desktop Client (CVE-2025-26645) and Services (CVE-2025-24035, CVE-2025-24045), MS Office (CVE-2025-26630), WSL2 (CVE-2025-24084)
EoP – Windows Win32 Kernel Subsystem (CVE-2025-24044)

Full Vulristics report

На русском

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild:

EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
EoP – Windows Storage (CVE-2025-21391)

There are no vulnerabilities with public exploits, but there are 7 with private ones:

RCE – Microsoft Edge (CVE-2025-21279, CVE-2025-21283)
Auth. Bypass – Azure (CVE-2025-21415)
EoP – Windows Setup Files Cleanup (CVE-2025-21419)
Spoofing – Windows NTLM (CVE-2025-21377)
Spoofing – Microsoft Edge (CVE-2025-21267, CVE-2025-21253)

Among the rest, the following can be highlighted:

RCE – Windows LDAP (CVE-2025-21376), Microsoft Excel (CVE-2025-21381, CVE-2025-21387), Microsoft SharePoint Server (CVE-2025-21400), DHCP Client Service (CVE-2025-21379)
EoP – Windows Core Messaging (CVE-2025-21184, CVE-2025-21358, CVE-2025-21414), Windows Installer (CVE-2025-21373)

Full Vulristics report

На русском