Microsoft patches an ‘extraordinary’ number of zero-day security vulnerabilities
|
By
Georgina Torbet Published March 12, 2025 |
Today is a good day to make sure your Windows 10 and 11 machines are up to date, as Microsoft has released a hefty new security update for a number of zero-day vulnerabilities. The patch, part of Microsoft’s Patch Tuesday update, contains fixes for Windows Server as well and include patches for six vulnerabilities which have already been exploited plus six more critical issues.
The new update addresses security issues of a hefty seven zero-days, including flaws which can enable remote code execution, in which an attacker can run code on the victim’s system. One of these vulnerabilities requires the attacker to first trick a local user into taking some specific actions like mounting a malicious virtual hard disk image, and has already been taken advantage of my some hackers. This vulnerability, CVE-2025-24993, is marked as a severity 7.8 by Microsoft so it’s important to patch to protect against it.
As described by The Register, another vulnerability, CVE-2025-24991, also makes use of virtual hard disk images and can enable attackers to access data, and a similar vulnerability, CVE-2025-24984, can allow attackers to insert information into a log file. Three more already exploited flaws are included in the patch too, plus six further critical flaws.
Seeing this number of bugs in Windows which are already being exploited out in the wild is “extraordinary”, according to the Zero Day Initiative, which advises system admins to act fast to protect their systems from these issues. It also states that a Microsoft Management Console Security Feature Bypass Vulnerability, CVE-2025-26633, has already impacted more than 600 organizations, advising admins to “test and deploy this fix quickly to ensure your org isn’t added to the list.”
In addition to the Windows patches from Microsoft, Adobe also released patches for bugs in its Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer programs, as part of Patch Tuesday. None of these bugs are currently being exploited but it’s still a good idea to make sure your software is up to date.
Related Posts
New study shows AI isn’t ready for office work
A reality check for the "replacement" theory
Google Research suggests AI models like DeepSeek exhibit collective intelligence patterns
The paper, published on arXiv with the evocative title Reasoning Models Generate Societies of Thought, posits that these models don't merely compute; they implicitly simulate a "multi-agent" interaction. Imagine a boardroom full of experts tossing ideas around, challenging each other's assumptions, and looking at a problem from different angles before finally agreeing on the best answer. That is essentially what is happening inside the code. The researchers found that these models exhibit "perspective diversity," meaning they generate conflicting viewpoints and work to resolve them internally, much like a team of colleagues debating a strategy to find the best path forward.
Microsoft tells you to uninstall the latest Windows 11 update
https://twitter.com/hapico0109/status/2013480169840001437?s=20