Microsoft has just released a patch for 57 security vulnerabilities. Among these vulnerabilities, six are particularly worrying because they are already being actively exploited by hackers. This major security update is important for keeping your systems up to date. update and protect yourself from cyber threats.
Microsoft has just released its monthly security update, correcting no fewer than 57 vulnerabilities in its software. This update This update is particularly important because it includes fixes for six zero-day flaws, which are already being actively exploited by hackers.
Of the 57 vulnerabilities fixed, six are classified as critical, 50 as important, and one as low severity. These flaws affect various components of Windows and other Microsoft products, highlighting the need for constant vigilance in cybersecurity.
Read also – Windows 11: Microsoft is stepping up its efforts to get you to install the latest version
Zero-days at the heart of concerns
The six zero-day vulnerabilities fixed are particularly worrying:
- CVE-2025-24983: A flaw in the Win32 kernel subsystem allowing privilege escalation.
- CVE-2025-24984: A vulnerability information disclosure vulnerability in Windows NTFS, exploitable via a malicious USB device.
- CVE-2025-24985: An integer overflow in the Windows Fast FAT file system driver, allowing remote code execution.
- CVE-2025-24991: An out-of-bounds read vulnerability in Windows NTFS, which may lead to information disclosure.
- CVE-2025-24993: A buffer overflow in Windows NTFS, allowing remote code execution.
- CVE-2025-26633: A buffer overflow vulnerability in Windows NTFS, which may lead to remote code execution. in the Microsoft Management Console, allowing certain security features to be bypassed.
These vulnerabilities affect critical components of Windows, including the NTFS and FAT file systems, as well as the system kernel. Their active exploitation underscores the urgency for users and system administrators to quickly deploy these patches.
Some of these vulnerabilities, such as those affecting NTFS and FAT, can be exploited in a chain to achieve remote code execution and information disclosure. Attackers often use malicious VHD (virtual hard drive) files to exploit these vulnerabilities, so it's important to be careful when opening files from untrusted sources.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its catalog of known and exploited vulnerabilities, requiring federal agencies to apply patches by April 1, 2025. This security update isn't just for Microsoft. Other major vendors like Adobe, Apple, Cisco, Google, and more have also released patches. patches this month, highlighting the importance of a comprehensive approach to IT security.
0 Comments