CyberSecurity news
FlagThis
do son@Cybersecurity News
//
Microsoft has released a patch for a Windows kernel vulnerability, CVE-2025-24983, after it was exploited in the wild since March 2023. Cybersecurity firm ESET discovered the zero-day exploit being used to escalate privileges on compromised machines. The vulnerability, a "Use-after-Free" (UaF) flaw related to improper memory management, allows attackers to gain system-level access, enabling data exfiltration and remote access. Microsoft has assigned a severity score of 7.0 to the flaw, acknowledging that malicious actors had been exploiting it.
The patch addresses a long-standing security vulnerability in the Windows NT kernel subsystem, which has been actively exploited by hackers for two years. The primary targets are older Windows versions, including Windows 10 v1809 and Windows Server 2016, as well as Windows 8.1 and Server 2012 R2. It appears the complexity of exploitation contributed to the delay. This flaw enables attackers to escalate privileges from a low-level local account to system-level access, facilitating malicious activities. Microsoft confirms that this vulnerability does not affect newer operating systems such as Windows 11 and Windows Server 2019.
ImgSrc: securityonline.
References :
The patch addresses a long-standing security vulnerability in the Windows NT kernel subsystem, which has been actively exploited by hackers for two years. The primary targets are older Windows versions, including Windows 10 v1809 and Windows Server 2016, as well as Windows 8.1 and Server 2012 R2. It appears the complexity of exploitation contributed to the delay. This flaw enables attackers to escalate privileges from a low-level local account to system-level access, facilitating malicious activities. Microsoft confirms that this vulnerability does not affect newer operating systems such as Windows 11 and Windows Server 2019.
ImgSrc: securityonline.
Share:
References :
- securityonline.info: Microsoft Patches 2-Year-Old Windows Kernel Flaw CVE-2025-24983 After Exploitation
- The Hacker News: Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
- BleepingComputer: New Windows zero-day exploited by 11 state hacking groups since 2017
- Blog: Microsoft reluctant to patch Windows zero-day exploited by nation-state hackers
- Sam Bent: Microsoft Windows Zero-Day Used by Nation-States
- SecureWorld News: Nation-State Hackers Exploit Windows Shortcut Zero-Day Vulnerability