Upcoming smartphone update promises to avert potential issues
In the rapidly evolving digital landscape, both Windows and Android users are being urged to apply immediate security updates to protect their devices from recently discovered critical vulnerabilities. While the risks are more pressing for Windows users, Android users should also remain vigilant.
For Windows, the most severe recent vulnerability is CVE-2025-47981, a critical zero-click remote code execution (RCE) flaw found in the SPNEGO Extended Negotiation (NEGOEX) protocol used by Windows authentication. This vulnerability, considered wormable, allows unauthenticated attackers to execute arbitrary code remotely without any user interaction or elevated privileges. Affecting Windows 10 (version 1607 and later) and Windows 11, it poses an urgent risk, especially in enterprise environments with VPN-accessible or internet-facing systems.
Microsoft released patches in July 2025 for 130 vulnerabilities, including multiple RCE flaws and information disclosure bugs in Windows components such as Routing and Remote Access Service (RRAS) and Windows Shell. Another notable vulnerability, CVE-2025-6554 in Microsoft Edge, requires updating the browser to protect against in-the-wild attacks.
On the Android front, no specific new critical vulnerabilities were found in the provided context. However, it is common that Android security requires regularly applying system and app updates to mitigate vulnerabilities promptly.
To safeguard their devices, users can take the following steps:
- Immediately apply the available security updates from Microsoft, especially for Windows 10 and 11 systems, including the July 2025 Patch Tuesday fixes that address CVE-2025-47981 and related issues.
- For environments using RRAS, restrict RRAS ports to trusted networks or VPN concentrators, use firewall rules, and disable unused RRAS features to limit exposure even before patching.
- Keep web browsers such as Microsoft Edge and Google Chrome up to date to protect against actively exploited browser vulnerabilities.
- Maintain good security hygiene like using endpoint protection, disabling unnecessary services, restricting network exposure, and monitoring for suspicious activity.
While details on newly discovered Android vulnerabilities were not found in the search results, standard protection measures include applying OS and app security patches promptly, avoiding untrusted apps, and using security features like Google Play Protect.
In a recent investigation, Amnesty International discovered the misuse of one of the vulnerabilities in an examination of activities on unlocked mobile devices. Google has released a security update for Android to address two zero-day vulnerabilities that have already been exploited, including CVE-2024-53150, found in the Android kernel.
Users of Android smartphones who haven't installed the update yet should do so immediately to secure their devices. The April 2025 update, part of Google's ongoing efforts to improve the security of its Android operating system, is available for various Android devices and can be installed through the system's built-in software update feature or by downloading it directly from Google's website.
In summary, the critical wormable zero-click RCE in Windows NEGOEX authentication (CVE-2025-47981) presents the primary immediate threat, and Microsoft urges urgent patching to protect Windows users. Keeping all software, including browsers and firmware, current with patches remains the best defense against these vulnerabilities. For Android users, promptly installing system and app updates is essential for maintaining a secure digital environment.
Top-tier gadgets, such as smartphones and laptops running Windows, are under increased security risks due to the recent discovery of critical vulnerabilities like CVE-2025-47981. Android users should also prioritize system updates to minimize potential threats.
