Microsoft patches an ‘extraordinary’ number of zero-day security vulnerabilities
|
By
Georgina Torbet Published March 12, 2025 |
Today is a good day to make sure your Windows 10 and 11 machines are up to date, as Microsoft has released a hefty new security update for a number of zero-day vulnerabilities. The patch, part of Microsoft’s Patch Tuesday update, contains fixes for Windows Server as well and include patches for six vulnerabilities which have already been exploited plus six more critical issues.
The new update addresses security issues of a hefty seven zero-days, including flaws which can enable remote code execution, in which an attacker can run code on the victim’s system. One of these vulnerabilities requires the attacker to first trick a local user into taking some specific actions like mounting a malicious virtual hard disk image, and has already been taken advantage of my some hackers. This vulnerability, CVE-2025-24993, is marked as a severity 7.8 by Microsoft so it’s important to patch to protect against it.
As described by The Register, another vulnerability, CVE-2025-24991, also makes use of virtual hard disk images and can enable attackers to access data, and a similar vulnerability, CVE-2025-24984, can allow attackers to insert information into a log file. Three more already exploited flaws are included in the patch too, plus six further critical flaws.
Seeing this number of bugs in Windows which are already being exploited out in the wild is “extraordinary”, according to the Zero Day Initiative, which advises system admins to act fast to protect their systems from these issues. It also states that a Microsoft Management Console Security Feature Bypass Vulnerability, CVE-2025-26633, has already impacted more than 600 organizations, advising admins to “test and deploy this fix quickly to ensure your org isn’t added to the list.”
In addition to the Windows patches from Microsoft, Adobe also released patches for bugs in its Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer programs, as part of Patch Tuesday. None of these bugs are currently being exploited but it’s still a good idea to make sure your software is up to date.
Related Posts
This extraordinary humanoid robot plays basketball like a pro, really
Digital Trends has already reported on the G1’s ability to move in a way that would make even the world’s top gymnasts envious, with various videos showing it engaged in combat, recovering from falls, and even doing the housework.
How to Use Pollo AI Video Generator: A Step-by-Step Guide
Here we’re talking about the Pollo AI video generator which can be used with a variety of prompts, and I’ll talk you through using each one.
This 49-inch curved Samsung ultrawide is down to $799.99 and basically replaces two monitors at once
You’re getting a massive 49-inch curved Dual QHD panel, 120Hz refresh rate, USB-C, HDR400, and an adjustable stand that’s built for serious productivity but still fast and smooth enough for after-hours gaming.