Introduction
Microsoft has released a crucial security update, addressing 57 security vulnerabilities in its software. Among these, six zero-day vulnerabilities have been actively exploited by attackers. The update is part of Microsoft’s monthly Patch Tuesday release, aimed at improving system security and protecting users from cyber threats.
Breakdown of the Security Flaws
The 57 vulnerabilities are categorized as follows:
- 6 Critical
- 50 Important
- 1 Low severity
Additionally, 23 flaws are related to remote code execution, and 22 involve privilege escalation, making them high-priority threats.
Actively Exploited Zero-Days
Microsoft confirmed that six of these vulnerabilities have been actively exploited in the wild, posing a serious risk to users. Here are the key details:
- CVE-2025-24983 (CVSS score: 7.0) – A use-after-free vulnerability in the Win32 Kernel Subsystem, allowing attackers to escalate privileges locally.
- CVE-2025-24984 (CVSS score: 4.6) – An NTFS information disclosure flaw that enables attackers with physical access to a target device to read memory data.
- CVE-2025-24985 (CVSS score: 7.8) – An integer overflow vulnerability in the Windows Fast FAT File System Driver, which allows local code execution.
- CVE-2025-24991 (CVSS score: 5.5) – An out-of-bounds read vulnerability in NTFS, leading to information disclosure.
- CVE-2025-24993 (CVSS score: 7.8) – A heap-based buffer overflow in Windows NTFS, which allows unauthorized code execution.
- CVE-2025-26633 (CVSS score: 7.0) – A security feature bypass vulnerability in Microsoft Management Console (MMC).
These zero-days have been linked to sophisticated attack campaigns, some of which were first observed as early as 2023.
Key Threats and Attack Methods
One of the notable threats includes PipeMagic, a trojan that was used to exploit CVE-2025-24983. This backdoor malware was distributed under the disguise of a fake OpenAI ChatGPT application and has targeted entities in Asia and Saudi Arabia. Attackers used this vulnerability to gain elevated privileges and execute malicious commands.
Additionally, threat actors could chain multiple vulnerabilities together to achieve remote code execution and data theft. Specifically, attackers could craft malicious Virtual Hard Disk (VHD) files, tricking users into opening them, thereby triggering hidden malware payloads.
Urgent Action Required
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and businesses are urged to apply the patches by April 1, 2025, to prevent potential cyberattacks.
How to Update Your Microsoft Software:
- Open Settings on your Windows device.
- Navigate to Update & Security > Windows Update.
- Click Check for updates and install any available security patches.
- Restart your device to complete the update process.
Security Updates from Other Vendors
Besides Microsoft, several other companies have released security patches to address vulnerabilities, including:
- Adobe
- Apple
- Cisco
- Google (Android, Chrome, Pixel, and Cloud services)
- Mozilla (Firefox, Thunderbird)
- Linux distributions (Ubuntu, Red Hat, Debian, etc.)
- SAP, VMware, and more
Conclusion
This latest security update highlights the ongoing efforts to combat cyber threats and protect users from exploited vulnerabilities. Microsoft urges all users to apply the latest patches immediately to stay protected. Cybersecurity is a shared responsibility—keeping your systems updated is the first step toward a safer digital environment.
SoloSecurities
Add comment