• Check Point Research uncovered six fresh vulnerabilities in Microsoft Windows, including one critical flaw with potential for wide-reaching impact.
  • These weaknesses could trigger system crashes, enable arbitrary code execution, or expose sensitive data across networks.
  • Following a responsible disclosure process, Check Point privately reported these issues to Microsoft, with the final patch delivered on August 12 Patch Tuesday.
  • Check Point customers are already protected—our security solutions actively detect and block attempts to exploit these vulnerabilities.

On Tuesday, August 12th, Microsoft released the final patches for six newly discovered Windows vulnerabilities identified by Check Point Research, including one rated as critical. These vulnerabilities could crash entire systems or allow attackers to run malicious code, posing real risks to business operations.

Additionally, one of the vulnerabilities marks what is likely the first publicly disclosed bug in a Rust-based component of the Windows kernel, raising important questions about the limits and challenges of memory safety in modern software.

We strongly encourage all Microsoft users to apply the August updates right away. Check Point customers are already protected—our security solutions detect and block these threats.

Read on to learn more about each vulnerability, the potential risks they pose, and how Check Point customers remain protected.

Breaking Down the Vulnerabilities

Check Point Research identified six vulnerabilities in Microsoft Windows, ranging from critical to moderate severity. In this section, we’ll focus on the three most significant flaws, explaining their potential impact and why they matter—before briefly summarizing the remaining ones.

  1. Vulnerability in Rust-Based Windows Kernel Component — System Crash Risk

Check Point Research uncovered what is probably the first-ever publicly disclosed security flaw in a Rust-based component of the Windows kernel—Microsoft’s foundational operating system layer. This vulnerability can cause a total system crash, forcing a hard reboot and instantly knocking users offline.

Rust is widely praised for its ability to prevent memory bugs that have long challenged software security. Its introduction into Windows aimed to enhance system safety. In this case, the vulnerability emerged because Rust detected an underlying issue—but instead of containing the problem gracefully, it triggered a system-wide failure.

For organizations with large or remote workforces, the risk is significant: attackers could exploit this flaw to simultaneously crash numerous computers across an enterprise, resulting in widespread disruption and costly downtime.

This discovery highlights that even with advanced security technologies like Rust, continuous vigilance and proactive patching are essential to maintaining system integrity in a complex software environment.

  1. Memory Corruption Vulnerabilities Enabling Arbitrary Code Execution

Among the remaining vulnerabilities, two are especially concerning due to their exploitability, one of which is classified as critical and was patched Tuesday, August 12th.

Both vulnerabilities, tracked as CVE-2025-30388 and CVE-2025-53766, allow attackers to execute arbitrary code on the affected system, effectively giving them the ability to run any malicious software they choose. This could include installing remote control tools or launching other damaging attacks, leading to a full system compromise.

The attack vector involves interacting with a specially crafted file. When a user opens or processes this file, the vulnerability is triggered, allowing the attacker to take control.

  1. Additional Memory Corruption and Information Disclosure Vulnerabilities

The remaining three vulnerabilities also involve memory corruption, but with a different twist: they lead to information disclosure.

Typically, information leaks are less immediately dangerous because an attacker would need a way to obtain the data leaked on a local system.  However, one of these vulnerabilities, identified as CVE-2025-47984, can leak memory contents directly over the network, potentially exposing sensitive information beyond the local system.

This network-linked memory leak raises the stakes, as attackers could remotely access data they shouldn’t see without needing physical access to the computer.

While these issues are generally considered less critical than full system compromise, they still represent important security risks and relevant patches should be applied.

Secure Your Systems: Patch Now and Remain Protected

The six Windows vulnerabilities uncovered by Check Point Research, including a system crash due to a flaw in a Rust-based kernel component, highlight the ongoing challenges of securing even the most mature and widely used operating systems.

These vulnerabilities could lead to system crashes, remote code execution, and sensitive data leaks, all of which pose serious risks to organizations of any size.

We strongly urge all Microsoft users to apply the August Patch Tuesday updates as soon as possible to protect their systems from these threats.

Check Point customers are already safeguarded: our security solutions detect and block exploitation attempts related to these vulnerabilities, ensuring continuous protection even before patches are applied.

Staying proactive with updates and threat detection is key to maintaining a strong security posture in today’s evolving landscape.

To learn about the latest attacks, vulnerabilities, and cyber intelligence, visit our website at https://research.checkpoint.com/.

You may also like