Microsoft has just fixed 55 security vulnerabilities discovered in the Windows code. Among the vulnerabilities listed by the editor, there are four zero-day vulnerabilities. Microsoft defines a zero-day vulnerability as a vulnerability that is either made public or already exploited by hackers, before an official patch is available.
Two vulnerabilities exploited in cyberattacks
Two of the vulnerabilities have been actively exploited by cybercriminals as part of their activities. One of the flaws could "allow an attacker to delete data, including data that could cause a service interruption", but is unlikely to result in "disclosure of confidential information".
As Tenable experts point out, "seven elevation of privilege vulnerabilities have been identified in the Windows Storage category, including two in 2022, one in 2023, and four in 2024". However, "this is the first time a vulnerability in this category has been reported as being exploited in the wild as a zero day.".
The second exploited flaw affects the Auxiliary Functions Driver (AFD.sys), a core component of Windows that handles network communications via the Windows Sockets (WinSock) API. The vulnerability allows a local attacker to bypass security restrictions and execute malicious code with elevated privileges, or even take complete control of the PC. The American giant did not say more about the circumstances of the attacks, nor about the identity of the hackers.
Other worrying breaches patched
Among the other zero-day flaws, there is a flaw that concerns the hypervisor, a software that manages virtual machines on Windows. It could allow an attacker to bypass theUEFI (Unified Extensible Firmware Interface), the firmware that manages the boot process, in order to access the secure kernel of Windows. On some computers, a hacker could use the flaw to take control of a virtual machine, and eventually compromise the operating system.
According to our colleagues at Bleeping Computer, the breach is likely related to PixieFail, a set of nine security flaws discovered in UEFI last month. It affects all manufacturers that rely on this open source solution. Finally, Microsoft also announced that it has patched a Windows vulnerability that exposes users' NTLM (New Technology LAN Manager) hashes, i.e. encrypted versions of passwords. All it took was to trick the user into interacting with a malicious file, even without opening it, to get their hands on the hashes.
To protect its users, Microsoft included fixes in the February 2025 Patch Tuesday. We obviously recommend that you install the update on your Windows computer. To install the latest updates released by Microsoft, go to your computer's Settings, then select Update & Security. In the Windows Update section, click Check for updates. If updates are available, they will be downloaded and installed automatically.
Source: Microsoft
0 Comments