CVE-2025-24983

Microsoft: Windows CLFS zero-day exploited by ransomware gang By Sergiu Gatlan April 8, 2025 03:05 PM 0 Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. The vulnerability, tracked as CVE-2025-29824, was patched during this month's Patch Tuesday and was only exploited in a limited number of attacks. CVE-2025-29824 is due to a use-after-free weakness that lets local at...

EncryptHub linked to MMC zero-day attacks on Windows systems By Sergiu Gatlan March 25, 2025 12:51 PM 0 A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month. Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed 'MSC EvilTwin' and now tracked as CVE-2025-26633) resides in how MSC files are handled on vulnerable devices. Attackers can leverage the vulnera...

Microsoft patches Windows Kernel zero-day exploited since 2023 By Sergiu Gatlan March 12, 2025 10:30 AM 0 Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. Fixed in Windows security updates released during this month's Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko. The vulnerability is caused by a us...

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws By Lawrence Abrams March 11, 2025 01:45 PM 2 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes six "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy

Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals. Let’s start with the six already exploited vulnerabilities, three of which impact Windows NTFS. The first is CVE-2025-24993 - a heap-based buffer overflow in NTFS used by Windows Server 2008 and later systems, as well as Windows 10 and 11. The flaw makes remote code execution (RCE) a poss...