On May 27, 2025, Microsoft released an out-of-band update, KB5061977, for Windows 11 version 24H2, elevating the OS build to 26100.4066. This emergency patch addresses a security vulnerability currently under active exploitation. While specific details about the vulnerability remain undisclosed to prevent further abuse, the swift deployment suggests a significant threat, potentially involving remote code execution or privilege escalation.
The update is accessible through Windows Update, Windows Update for Business, WSUS, and the Microsoft Update Catalog. Organizations are strongly advised to prioritize the installation of this patch, especially on systems that are publicly accessible or integral to business operations.
Although KB5061977 focuses on security enhancements, it also includes reliability improvements without introducing new features or visible changes. For IT administrators, managing an out-of-band update can be challenging, as it requires scheduling outside regular maintenance windows, potentially disrupting planned processes. Nonetheless, prompt action is crucial, as even brief delays in patching can expose systems to large-scale attacks.
This release reflects a broader trend of Microsoft issuing updates outside the standard monthly cycle, underscoring the importance of a flexible and well-prepared patch management strategy. Organizations should utilize test environments, perform system backups in advance, and closely monitor updates to maintain security and operational integrity.
In recent months, Microsoft has addressed multiple vulnerabilities in Windows 11 24H2. For instance, the March 2025 Patch Tuesday update resolved 57 security issues, including six critical remote code execution vulnerabilities and six actively exploited zero-day vulnerabilities. Notably, CVE-2025-24983, a use-after-free vulnerability in the Windows Win32 Kernel Subsystem, allowed attackers to elevate privileges to SYSTEM level. Additionally, CVE-2025-24985, an integer overflow vulnerability in the Windows Fast FAT File System Driver, could enable remote code execution by tricking users into mounting a specially crafted VHD file. (techaipost.com)
In April 2025, Microsoft released cumulative update KB5055523 for Windows 11 version 24H2, addressing multiple vulnerabilities, including CVE-2025-26687, a use-after-free issue in Windows Win32K - GRFX that allowed unauthorized attackers to elevate privileges over a network. Another critical vulnerability, CVE-2025-27481, involved remote code execution, enabling attackers to bypass authentication and execute unauthorized commands. (tenable.com)
The rapid deployment of KB5061977 highlights the evolving nature of cybersecurity threats and the necessity for organizations to maintain vigilant and proactive patch management practices. By promptly applying security updates and adhering to best practices, organizations can mitigate risks and safeguard their systems against emerging vulnerabilities.
Source: techzine.eu Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2