A recent zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited since March 2023, according to Slovak cybersecurity company ESET. The security flaw, tracked as CVE-2025-24983, allows attackers with low privileges to gain SYSTEM privileges without user interaction.
The vulnerability is caused by a use-after-free weakness that can lead to software crashes, execution of malicious code, privilege escalation, or data corruption. Microsoft patched the issue in Windows security updates released during this month’s Patch Tuesday.
ESET reported that a zero-day exploit targeting the CVE-2025-24983 vulnerability was first seen in the wild in March 2023 on systems backdoored using PipeMagic malware. The exploit targets older Windows versions, including Windows Server 2012 R2 and Windows 8.1, which are no longer supported by Microsoft.
Newer Windows versions, including Windows Server 2016 and Windows 10 systems running Windows 10 build 1809 and earlier, are also affected by the vulnerability. The exploitation requires a race condition, making it high complexity.
Microsoft has released security updates to patch the vulnerability, and CISA has added all six zero-days to its Known Exploited Vulnerabilities Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems by April 1st.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-kernel-zero-day-exploited-since-2023