On July 19, 2025, Microsoft released an out-of-bound advisory addressing two vulnerabilities, one of which being rated as critical and allowing unauthenticated remote attacker to execute arbitrary code on vulnerable systems. This critical flaw is actively being exploited in the wild.
It is recommended isolating vulnerable system from the Internet, but also from internal systems, and running a compromise assessment before updating.