Microsoft has released the final patches for six newly discovered Windows vulnerabilities identified by Check Point Research, including one rated as critical. These vulnerabilities could crash entire systems or allow attackers to run malicious code, posing real risks to business operations.
Additionally, one of the vulnerabilities marks what is likely the first publicly disclosed bug in a Rust-based component of the Windows kernel, raising important questions about the limits and challenges of memory safety in modern software.
Check Point says it strongly encourage all Microsoft users to apply the August updates right away, adding that its customers are already protected.
Breaking down the vulnerabilities
Check Point Research identified six vulnerabilities in Microsoft Windows ranging from critical to moderate severity. Below are the three most significant flaws:
Vulnerability in Rust-Based Windows kernel component – system crash risk
Check Point Research uncovered what is probably the first-ever publicly disclosed security flaw in a Rust-based component of the Windows kernel – Microsoft’s foundational operating system layer. This vulnerability can cause a total system crash, forcing a hard reboot and instantly knocking users offline.
Rust is widely praised for its ability to prevent memory bugs that have long challenged software security. Its introduction into Windows aimed to enhance system safety. In this case, the vulnerability emerged because Rust detected an underlying issue – but instead of containing the problem gracefully, it triggered a system-wide failure.
For organisations with large or remote workforces, the risk is significant: attackers could exploit this flaw to simultaneously crash numerous computers across an enterprise, resulting in widespread disruption and costly downtime.
This discovery highlights that even with advanced security technologies like Rust, continuous vigilance and proactive patching are essential to maintaining system integrity in a complex software environment.
Memory corruption vulnerabilities enabling arbitrary code execution
Among the remaining vulnerabilities, two are especially concerning due to their exploitability – one of which is classified as critical and was patched on Tuesday.
Both vulnerabilities, tracked as CVE-2025-30388 and CVE-2025-53766, allow attackers to execute arbitrary code on the affected system, effectively giving them the ability to run any malicious software they choose. This could include installing remote control tools or launching other damaging attacks, leading to a full system compromise.
The attack vector involves interacting with a specially crafted file. When a user opens or processes this file, the vulnerability is triggered, allowing the attacker to take control.
Additional Memory Corruption and Information Disclosure Vulnerabilities
The remaining three vulnerabilities also involve memory corruption, but with a different twist: they lead to information disclosure.
Typically, information leaks are less immediately dangerous because an attacker would need a way to obtain the data leaked on a local system. However, one of these vulnerabilities, identified as CVE-2025-47984, can leak memory contents directly over the network, potentially exposing sensitive information beyond the local system.
This network-linked memory leak raises the stakes as attackers could remotely access data they shouldn’t see without needing physical access to the computer.
While these issues are generally considered less critical than full system compromise, they still represent important security risks and relevant patches should be applied.