Microsoft has taken a significant step in enhancing the security of its Windows operating systems by releasing more than 50 security updates, addressing various vulnerabilities, including six zero-day flaws that are actively being exploited.
Among the zero-day vulnerabilities, two of them, namely CVE-2025-24991 and CVE-2025-24993, impact the NTFS file system, which is the default file system for Windows and Windows Server. These vulnerabilities require attackers to trick targets into mounting a malicious virtual hard disk, potentially leading to local code execution or disclosure of memory portions. Researchers at ESET were credited with reporting CVE-2025-24983, an elevation of privilege vulnerability affecting older versions of Windows, exploited through the PipeMagic backdoor.
ESET’s Filip Jurčacko stated that the exploit targets Windows 8.1 and Server 2012 R2, which no longer receive security support. However, the vulnerability also exists in newer Windows OS versions, such as Windows 10 build 1809 and Windows Server 2016. Notably, Windows 11 and Server 2019 onwards are not listed as receiving patches, suggesting they may not be vulnerable.
Another zero-day vulnerability, CVE-2025-24984, is an NTFS weakness that can be exploited by inserting a malicious USB drive into a Windows computer. Microsoft’s advisory for this bug indicates that portions of heap memory could be improperly dumped into a log file, potentially exposing privileged information. Additionally, CVE-2025-24985 allows attackers to install malicious code by mounting a malicious virtual hard drive, while CVE-2025-26633 is a vulnerability in the Microsoft Management Console that requires the opening of a malicious file.
In addition to zero-day flaws, Microsoft has addressed six other critical vulnerabilities in its latest security updates, which could potentially be exploited by malware or malicious actors to take control of vulnerable PCs. It is worth noting that Microsoft has consistently published zero-day vulnerabilities on Patch Tuesday without evaluating them as critical severity for the past six months.
The SANS Internet Storm Center provides a comprehensive list of all the patches released by Microsoft, categorized by severity. Windows enterprise administrators are advised to stay informed about patch-related updates on websites like askwoody.com. Prior to updating, it is recommended to back up data and report any issues encountered during the application of the latest updates.
Overall, Microsoft’s proactive approach to addressing security vulnerabilities in its Windows operating systems demonstrates a commitment to enhancing cybersecurity and protecting users from potential threats and attacks.