On Tuesday, Microsoft announced the release of critical security updates aimed at addressing an impressive total of 57 vulnerabilities across its software suite. Among these, the company highlighted a staggering six zero-day vulnerabilities that are currently being exploited in the wild, posing significant risks to users and organizations alike.
Of the 57 vulnerabilities identified, six have been classified as Critical, with 50 deemed Important, and one rated as Low in severity. Notably, 23 of the vulnerabilities are categorized as remote code execution bugs, while 22 relate to privilege escalation.
This update comes in addition to the 17 vulnerabilities that were addressed in Microsoft’s Chromium-based Edge browser since the last Patch Tuesday update. Among these, one particularly concerning issue is a spoofing flaw specific to the browser, identified as CVE-2025-26643, which has a CVSS score of 5.4.
The six vulnerabilities that have come under active exploitation include:
CVE-2025-24983 (CVSS score: 7.0): A use-after-free vulnerability in the Windows Win32 Kernel Subsystem that allows an authorized attacker to elevate privileges locally. CVE-2025-24984 (CVSS score: 4.6): An information disclosure vulnerability in Windows NTFS that permits an attacker with physical access to read portions of heap memory using a malicious USB drive. CVE-2025-24985 (CVSS score: 7.8): An integer overflow vulnerability in the Windows Fast FAT File System Driver, enabling unauthorized code execution locally. CVE-2025-24991 (CVSS score: 5.5): An out-of-bounds read vulnerability in Windows NTFS, allowing an authorized attacker to disclose information locally. CVE-2025-24993 (CVSS score: 7.8): A heap-based buffer overflow vulnerability in Windows NTFS that allows unauthorized code execution. CVE-2025-26633 (CVSS score: 7.0): An improper neutralization vulnerability in Microsoft Management Console, enabling an unauthorized attacker to bypass security features locally.ESET, the cybersecurity firm credited with discovering and reporting CVE-2025-24983, revealed it first identified the zero-day exploit in March 2023. This vulnerability was delivered via a backdoor named PipeMagic on compromised systems. ESET highlighted that the vulnerability arises from a use-after-free condition in the Win32k driver, which occurs when a race condition is won through specific API calls.
PipeMagic, first discovered in 2022, is a plugin-based trojan that has targeted entities in Asia and Saudi Arabia. It has been distributed masquerading as a fake OpenAI ChatGPT application in campaigns that commenced in late 2024. One notable characteristic of PipeMagic is its ability to generate a 16-byte random array to create a named pipe in a specific format, as revealed by Kaspersky in October 2024.
The Zero Day Initiative noted that CVE-2025-26633 is another serious flaw in the Microsoft Management Console exploited in the wild. This vulnerability allows attackers to evade file reputation protections and execute code in the context of the current user. Activity surrounding this has been linked to a threat actor identified as EncryptHub (also known as LARVA-208).
Furthermore, security experts from Action1 indicated that attackers could potentially chain the four vulnerabilities affecting core Windows file system components to achieve remote code execution and information disclosure. This exploit could involve convincing a user to open or mount a malicious VHD file (Virtual Hard Disk), which can easily execute payloads embedded within.
Due to the severity of these vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added them to its Known Exploited Vulnerabilities (KEV) catalog. This action mandates that federal agencies apply the necessary patches by April 1, 2025, ensuring that government systems remain secure.
In addition to Microsoft’s updates, several other vendors have also released security patches over the past few weeks. These updates aim to rectify vulnerabilities across various platforms, including:
Adobe Amazon Web Services Apple Cisco Mozilla Firefox NVIDIA Zoom ...and many more.As cybersecurity threats continue to evolve, it is crucial for users and organizations to stay informed about vulnerabilities and apply updates promptly to safeguard their systems.
