Microsoft released a security update on Tuesday to address 57 security vulnerabilities in the software. This includes six zero-days that are said to be actively misused in the wild.
Of the 56 defects, six are rated as important, 50 are rated as important, and one is rated as low severity. The 23 vulnerabilities addressed are remote code execution bugs, while 22 is related to privilege escalation.
The update will be added in addition to 17 vulnerabilities that Microsoft has addressed in chrome-based Edge browsers since the release of the update on patch Tuesday last month.
Below are six vulnerabilities under aggressive exploitation –
CVE-2025-24983 (CVSS score: 7.0) – Windows Win32 Kernel Subsystem Youth After-Free (UAF) vulnerability. Potentially read malicious USB drives that read part of CVE-2025-24984 (CVSS score: 4.6) heap memory CVE-2025-24985 (CVSS score: 7.8) where certified attackers can increase local privileges – Integer overflow vulnerability in Windows Fast Fat File System Driver. CVE-2025-24993 (CVSS score: 7.8) – Windows NTFS heap-based buffer overflow vulnerability security feature that allows fraudulent attackers to execute code locally
ESET, which has been recognized for discovery and reporting of CVE-2025-24983, said it first discovered a zero-day exploit on Wild in March 2023 and was delivered to compromised hosts via a backdoor named Pipemagic.
“The Win32K driver vulnerability is invalid,” Slovakian Company said. “In certain scenarios achieved using the WaitforInputidle API, the W32Process structure must win racial conditions in order to cause UAF and reach vulnerability.”
First discovered in 2022, Pipemagic is a plugin-based Trojan targeting Asian and Saudi Arabian entities, with the malware being distributed in the form of fake Openai ChatGPT applications in a campaign in late 2024.
“One of Pipemagic’s unique features is to generate a random array of 16 bytes and create named pipes in the format\\.\Pipe\1.,” Kaspersky revealed in October 2024. ”
“This pipe is used to receive encoded payloads and stops signals through the default local interface. Piping usually works with multiple plugins downloaded from a command and control (C2) server. In this case, it is hosted in Microsoft Azure.”
The Zero Day initiative noted that CVE-2025-26633 was due to the way MSC files were handled, and that attackers could circumvent file reputation protection and execute code in the context of the current user. This activity is linked to a threat actor tracked as encrypthub (aka Larva-208).
Action1 noted that four vulnerabilities that threat actors affect core window file system components can cause remote code execution (CVE-2025-24985 and CVE-2025-24993) and disclosure (CVE-2025-24984 and CVE-2025-24991). All four bugs were reported anonymously.
“Specifically, exploits rely on attackers to create malicious VHD files and convince users to open or mount the VHD file,” says Kev Breen, senior director of threat research at Immersive. “VHDs are virtual hard disks and are usually associated with storing the operating system for virtual machines.”
“They are commonly associated with virtual machines, but we’ve seen many years of examples of threat actors using VHD or VHDX files as part of phishing campaigns in the past that smuggled malware payloads.
According to Satnam Narang, Senior Staff Research Engineer at Tenable, CVE-2025-26633 became the second flaw in the wild as zero-day MMC after CVE-2024-43572 and CVE-2025-24985, the first vulnerability in Windows Fast File System Driver since March 2022.
As is conventional, it is unknown what the remaining vulnerabilities are currently being exploited in what context and at the exact scale of the attack. This development prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to add them to a known exploited vulnerabilities (KEV) catalogue that requires federal agencies to apply fixes by April 1, 2025.
Software patches from other vendors
In addition to Microsoft, security updates have also been released by other vendors over the past few weeks, rectifying some vulnerabilities.
Source link
