Microsoft on Tuesday liberated Security updates to solve 57 safety vulnerabilities in its software, including a tremendous six zero days, which, he said, are actively exploited in the wild.
Of the 56 deficiencies, six are estimated critical, 50 are important and one is low in severity. Twenty-three of the addressed vulnerabilities are the remote code errors and 22 refer to the escalation of privileges.
Updates in addition to 17 vulnerability Microsoft addressed to its browser based on Chromium since the exit Update Patch last month on Tuesdayone of which is a disadvantage of a fake characteristic of the browser (Cve-2025-26643CVS’s assessment: 5.4).
Six vulnerabilities that came under active operation are below –
- Cve-2025-24983 (CVSS assessment: 7.0) —The difference of Windows Win32 subsystem subsystems
- Cve-2025-24984 (CVSS Assessment: 4.6) – Windows NTFs Information, which allows an attacker with physical access to the target device and capable of connecting a harmful USB to potentially read parts of a pile of memory
- Cve-2025-24985 (CVSS assessment: 7.8) – Vulnerability of a whole overflow in the FAST FAT Window driver
- Cve-2025-2491 .
- Cve-2025-2493 (CVSS assessment: 7.8) – vulnerability of overflow buffer based on the pile in Windows NTFs, which allows an unauthorized attacker to perform a code locally
- Cve-2025-26633 .
ESET, which is credited with the detection and reporting of the CVE-2025-24983, stated that for the first time revealed a feat with zero day in the wild in March 2023 and put through the back called Pipemagic on the compromised hosts.
“Vulnerability- it is without using the Win32K driver” Slovakian company noted. “In a certain scenario achieved using the API WaitforinPutidle, the W32Process structure gets derefed more time than you need, resulting in the UAF. To achieve vulnerability, you need to win the race.”
Pipemagic, first discovered in 2022, is a trojan based on a plugin that aimed at organizing in Asia and Saudi Arabia, and malicious software is common in the form of a false Chatgpt app at the end of 2024.
“One of the unique features of the Pipemagic is that it creates a 16-bite random array to create a specified pipe in the \\. \ Pipe \ 1.
“This pipe is used for receiving custom useful loads, a stop lighting using a local default interface. Pipemagic usually works with several plagues loaded with command and control server (C2), which in this case was located on Microsoft Azure.”
The zero day initiative states that the CVE-2025-26633 stems from how MSc files are processed, allowing the attacker to avoid protecting files and execute the code in the current user’s context. Activities has been linked to a tracked actor threats Encryption (AKA LICERVA-208).
Action1 – noted This threat of actors can attach four vulnerabilities that affect the main components of the Windows file to cause the removed code (CVE-2025-24985 and CVE-2025-24993) and disclosure (CVE-2024984 and CVE-2025-2491). All four errors were reported anonymously.
“In particular, the operation relies on the attacker who creates a malicious VHD file and convinced the user to open or install VHD file,” said Kev Brin, Senior Director for threats in the threats. “VHD is a virtual hard drive and usually associated with the storage of the operating system for virtual machines.”
“While they are more often related to virtual machines, we have seen examples over the years when the threat subjects use VHD or VHDX files as part of phishing campaigns to reshape the malicious software passes past AV solutions. Depending on the Windows configuration, just twice incorporating the VHD to install the VHD to install the VHD. overload contained in the divided file. “
According to Satnam Narang, a senior engineer in research officers in Tenable, Cve-2025-2633-Drugs in the MMC used in the wild as a zero day after Cve-2024-43572 and Cve-2025-24985
As it is customary, it is not known now that the rest of the vulnerabilities are used in which context and accurately scale the attacks. Development has proposed Agency for cybersecurity and US infrastructure (CISA) to add them to well -known exploited vulnerabilities (Ship) A catalog that requires federal agencies to apply by April 1, 2025.
Software patches from other suppliers
In addition to Microsoft, over the past few weeks have also been released security updates to fix multiple vulnerabilities, including –
