Since March 2023, attacks have taken advantage of a recently patched zero-day vulnerability in the Windows Win32 Kernel Subsystem, according to Slovak cybersecurity firm ESET. The security flaw, which was reported to Microsoft by ESET researcher Filip Jurčacko, has been fixed in Windows security updates that were released during this month’s Patch Tuesday. It is currently tracked as CVE-2025-24983. A use-after-free flaw that allows attackers with limited privileges to obtain SYSTEM privileges without requiring user interaction is the source of the vulnerability.
Chromecast users, don’t factory reset: Google issues urgent warning amid outage
However, because successful exploitation necessitates the threat actors winning a race condition, Redmond classified such attacks as high complexity.On Tuesday, ESET reported that a zero-day exploit that targets the CVE-2025-24983 vulnerability was “first seen in the wild” on PipeMagic malware-backdoored systems in March 2023. Only the older Windows versions that Microsoft no longer supports—Windows Server 2012 R2 and Windows 8.1—are targeted by this exploit. Nevertheless, the vulnerability also impacts more recent iterations of Windows, such as Windows 10 systems running Windows 10 build 1809 and below, as well as the still-supported Windows Server 2016. “Inappropriate memory usage during software operation is linked to the Use-After-Free (UAF) vulnerability. ESET also told BleepingComputer that this can result in data corruption, privilege escalation, software crashes, or the execution of malicious code, including remotely.
Researchers uncover hidden ‘backdoor’ in widely used ESP32 microchip
“The exploit was implemented through the PipeMagic backdoor, which allowed for remote access to the computer and data exfiltration.” PipeMagicFederal agencies have until April 1st to patch. Microsoft also fixed the following five zero-day vulnerabilities that were identified as actively exploited during the March 2025 Patch Tuesday: Windows NTFS Information Disclosure Vulnerability (CVE-2025-24984) Windows Fast FAT File System Driver Remote Code Execution Vulnerability (CVE-2025-24985) Windows NTFS Information Disclosure Vulnerability (CVE-2025-24991) The Windows NTFS Remote Code Execution Vulnerability
Apple’s new A16 iPad may have a special trick up its sleeve
(CVE-2025-24993) Microsoft Management Console Security Feature Bypass Vulnerability (CVE-2025-26633) In accordance with the Binding Operational Directive (BOD) 22-01, CISA ordered Federal Civilian Executive Branch (FCEB) agencies to secure their systems by April 1st, and yesterday it added all six zero-days to its Known Exploited Vulnerabilities Catalog. The U.S. cybersecurity agency cautioned that “these types of vulnerabilities pose significant risks to the federal enterprise and are frequent attack vectors for malicious cyber actors.” “But