Critical vulnerabilities in Microsoft Exchange Server (CVE-2025-25007 and CVE-2025-25005) enable unauthenticated attackers to spoof emails and tamper with data over the network, affecting multiple Exchange versions. Additionally, a Windows Graphics Component flaw (CVE-2025-49743) allows privilege escalation through race conditions. Microsoft has released urgent patches for all affected platforms and urges immediate deployment to prevent sophisticated attacks.