The Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm about a security flaw in Windows. According to an advisory published by the federal agency on March 3, 2025, cybercriminals are actively exploiting a flaw in the operating system to carry out attacks.
A Windows flaw that dates back to 2018
Identified in 2018, the vulnerability allows an attacker to gain elevated privileges on the targeted system, i.e. to access features normally reserved for administrators. From then on, the attacker is able to take complete control of the system. He can freely install malware, exfiltrate or modify data or create new accounts with full rights.
As Microsoft explains, the flaw is in the Win32k component of Windows, which is programmed to manage interactions between the operating system and the user interface. Microsoft specifies that the vulnerability concerns several iterations of the OS, namely Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Corrected in 2018, the flaw is actively exploited
Although Microsoft released a patch in December 2018, CISA assures that hackers are using the flaw to carry out attacks. Not all machines have taken the time to do the necessary updates. The breach has been added to CISA's catalog of known exploited vulnerabilities. It therefore encourages all US federal agencies to take strong measures to protect their computers from hackers who would try to exploit the vulnerability. In short, federal agents must update their computers urgently.
In the process, CISA has also added several vulnerabilities targeting Cisco VPN routers. By combining these breaches with With compromised credentials, it is possible to gain elevated access to the system. Last month, the federal agency had already pinned a flaw in Microsoft Outlook as being actively exploited in cyberattacks. CISA had demanded that federal agencies take measures against this vulnerability, which allows remote code execution, by the end of the month. In any case, we strongly recommend that you install all the updates updates available as soon as possible.
Source: CISA
0 Comments