Microsoft Windows GDI patch release for CVE-2025-30388, CVE-2025-53766, and CVE-2025-47984
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft shipped Patch Tuesday fixes for Windows GDI flaws in GdiPlus.dll and gdi32full.dll, covering CVE-2025-30388, CVE-2025-53766, and CVE-2025-47984. The update set addressed bugs that could enable remote code execution and information disclosure. The release spans May, July, and August 2025 security updates.
Related Happenings
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch Release
First: 27.05.2026 17:30
Last: 27.05.2026 17:30
Sources 1
About this happening:
**Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch ReleaseAbout this happening: **Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft Windows 11 mandatory Patch Tuesday updates (KB5089549, KB5087420)
Security Patch Release
First: 12.05.2026 21:09
Last: 12.05.2026 21:09
Sources 1
About this happening:
Microsoft released **mandatory Windows 11 cumulative updates** for **KB5089549** and **KB5087420**, delivering the **May 2026 Patch Tuesday** fixes for **120 vulnerabilities** acr...
Microsoft Windows 11 mandatory Patch Tuesday updates (KB5089549, KB5087420)
Security Patch ReleaseAbout this happening: Microsoft released **mandatory Windows 11 cumulative updates** for **KB5089549** and **KB5087420**, delivering the **May 2026 Patch Tuesday** fixes for **120 vulnerabilities** acr...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Timeline
-
03.11.2025 18:00 2 articles · 6mo ago
Check Point Research reveals Windows GDI flaws in GdiPlus.dll and gdi32full.dll
Initial DisclosureCheck Point Research revealed previously unknown Windows Graphics Device Interface (GDI) flaws in GdiPlus.dll and gdi32full.dll after Microsoft had already shipped fixes, showing that malformed EMF and EMF+ records could trigger memory corruption, remote code execution, or information disclosure. The bugs were tracked as CVE-2025-30388, CVE-2025-53766, and CVE-2025-47984, and Microsoft addressed them through KB5058411, KB5062553, and KB5063878; researchers also noted impact to Microsoft Office for Mac and Android.
Show sources
- New GDI Flaws Could Enable Remote Code Execution in Windows — www.infosecurity-magazine.com — 03.11.2025 18:00
- New GDI Flaws Could Enable Remote Code Execution in Windows — www.infosecurity-magazine.com — 03.11.2025 18:00