Post

CISA Adds Six Critical Microsoft Windows Vulnerabilities to Exploited Flaws Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities catalog. Learn about these flaws and their implications for cybersecurity.

CISA Adds Six Critical Microsoft Windows Vulnerabilities to Exploited Flaws Catalog

TL;DR

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities catalog. These flaws include issues in Win32k, NTFS, and the Fast FAT File System Driver. Organizations are urged to address these vulnerabilities to prevent potential cyber threats.

CISA Adds Six Microsoft Windows Vulnerabilities to Known Exploited Flaws Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six critical Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog 1. These vulnerabilities pose significant risks to cybersecurity and require immediate attention from organizations to mitigate potential threats.

List of Added Vulnerabilities

The following vulnerabilities have been added to the catalog:

  1. CVE-2025-24983: Microsoft Windows Win32k Use-After-Free Vulnerability
  2. CVE-2025-24984: Microsoft Windows NTFS Information Disclosure Vulnerability
  3. CVE-2025-24985: Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
  4. CVE-2025-24991: Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
  5. CVE-2025-24993: Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
  6. CVE-2025-26633: Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

Descriptions and Impacts

These vulnerabilities were addressed in the Microsoft Patch Tuesday security updates for March 2025 2. Here are the descriptions and potential impacts of each flaw:

  • CVE-2025-24983 (CVSS 7.0): A use-after-free vulnerability in the Windows Win32 Kernel Subsystem that enables authorized attackers to escalate privileges locally 3.
  • CVE-2025-24984 (CVSS 4.6): An NTFS information disclosure flaw that lets attackers with physical access and a malicious USB device read portions of heap memory 4.
  • CVE-2025-24985 (CVSS 7.8): An integer overflow in the Windows Fast FAT File System Driver allowing unauthorized local code execution 5.
  • CVE-2025-24991 (CVSS 5.5): An out-of-bounds read vulnerability in NTFS that permits authorized attackers to access sensitive information 6.
  • CVE-2025-24993 (CVSS 7.8): A heap-based buffer overflow in NTFS that allows unauthorized local code execution 7.
  • CVE-2025-26633 (CVSS 7.0): An improper neutralization flaw in Microsoft Management Console that lets unauthorized attackers bypass security features locally 8.

Exploitation and Mitigation

ESET researchers discovered the vulnerability CVE-2025-24983, which has been exploited since March 2023. This zero-day flaw enables attackers with low privileges to escalate to SYSTEM privileges but requires winning a race condition. The exploit, linked to the PipeMagic backdoor, has targeted unsupported Windows versions like Server 2012 R2 and 8.1 but also affects Windows 10 (build 1809 and earlier) and Server 2016 9.

According to the Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies must address these vulnerabilities by the due date to protect their networks against potential attacks 10. Private organizations are also advised to review the catalog and address these vulnerabilities in their infrastructure 11.

CISA has ordered federal agencies to fix these vulnerabilities by April 1st, 2025.

Additional Resources

For further insights, check:

References

  1. “CISA Known Exploited Vulnerabilities Catalog”. (2025). CISA. Retrieved 2025-03-12. ↩︎

  2. “Microsoft Patch Tuesday Security Updates for March 2025”. (2025). Security Affairs. Retrieved 2025-03-12. ↩︎

  3. “CVE-2025-24983”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  4. “CVE-2025-24984”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  5. “CVE-2025-24985”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  6. “CVE-2025-24991”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  7. “CVE-2025-24993”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  8. “CVE-2025-26633”. (2025). Microsoft Security Response Center. Retrieved 2025-03-12. ↩︎

  9. “Kaspersky Uncovers PipeMagic Backdoor Attacks Businesses Through Fake ChatGPT Application”. (2025). Kaspersky. Retrieved 2025-03-12. ↩︎

  10. “Binding Operational Directive (BOD) 22-01”. (2025). CISA. Retrieved 2025-03-12. ↩︎

  11. “CISA Known Exploited Vulnerabilities Catalog”. (2025). CISA. Retrieved 2025-03-12. ↩︎

This post is licensed under CC BY 4.0 by the author.