remediation guidance

The short answer is: No — Azure Linux is the only Microsoft product Microsoft has publicly attested so far to include the vulnerable GLib component for CVE‑2025‑3360, but that attestation is a product‑scoped inventory statement, not proof that other Microsoft images, kernels, or services cannot...

CISA’s latest update to the Known Exploited Vulnerabilities (KEV) Catalog adds four actively exploited CVEs — a mix of application logic flaws, an insecure development-tooling exposure, a supply‑chain compromise, and a PHP file‑inclusion bug — underscoring the breadth of attack surfaces...