*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Windows Win32k Use-After-Free Vulnerability

CVSS Score: 7.0 (High)
Identifier: CVE-2025-24983
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-24983 – Microsoft Security Advisory

Description: CVE-2025-24983 is a use-after-free vulnerability in the Windows Win32 Kernel Subsystem. This flaw allows an authenticated attacker to elevate privileges locally by running a specially crafted program that exploits a race condition. Successful exploitation could grant the attacker SYSTEM privileges, potentially leading to a complete system compromise. Microsoft has reported active exploitation of this vulnerability in the wild.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Windows NTFS Information Disclosure Vulnerability

CVSS Score: 4.6 (Medium)
Identifier: CVE-2025-24984
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-24984 – Microsoft Security Advisory

Description: CVE-2025-24984 is an information disclosure vulnerability in the Windows New Technology File System (NTFS). This flaw arises from the insertion of sensitive information into log files, which could allow an unauthorized attacker to disclose information through a physical attack. Successful exploitation requires physical access to the system, such as inserting a malicious USB drive, and could lead to exposure of sensitive information.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Windows Fast FAT File System Driver Integer Overflow Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-24985
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-24985 – Microsoft Security Advisory

Description: CVE-2025-24985 is an integer overflow vulnerability in the Windows Fast FAT File System Driver. This flaw allows a local, unauthorized attacker to execute arbitrary code by convincing a user to mount a specially crafted virtual hard disk (VHD). Successful exploitation could lead to a complete system compromise. Active exploitation of this vulnerability has been reported in the wild.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Windows NTFS Out-of-Bounds Read Vulnerability

CVSS Score: 5.5 (Medium)
Identifier: CVE-2025-24991
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-24991 – Microsoft Security Advisory

Description: CVE-2025-24991 is an out-of-bounds read vulnerability in the Windows New Technology File System (NTFS). This flaw allows an authorized attacker to disclose sensitive information locally. Exploitation requires the attacker to convince a user to mount a specially crafted virtual hard disk (VHD), leading to unintended information disclosure.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Windows NTFS Heap-Based Buffer Overflow Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-24993
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-24993 – Microsoft Security Advisory

Description: CVE-2025-24993 is a heap-based buffer overflow vulnerability in the Windows New Technology File System (NTFS). This flaw allows an unauthorized attacker to execute code locally by convincing a user to mount a specially crafted virtual hard disk (VHD). Successful exploitation could lead to arbitrary code execution on the affected system. Active exploitation of this vulnerability has been reported in the wild.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Microsoft Management Console Security Feature Bypass Vulnerability

CVSS Score: 7.0 (High)
Identifier: CVE-2025-26633
Exploit or POC: Yes, active exploitation has been observed in the wild.
Update: CVE-2025-26633 – Microsoft Security Advisory

Description: CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). This flaw arises from improper neutralization within MMC, allowing an unauthorized attacker to bypass security features locally. To exploit this vulnerability, an attacker must convince a user to open a specially crafted MSC file, leading to potential code execution in the context of the current user. Active exploitation of this vulnerability has been reported in the wild.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators and users are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the active exploitation of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.

Microsoft Access Remote Code Execution Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-26630
Exploit or POC: No
Update: CVE-2025-26630 – Microsoft Security Advisory

Description: CVE-2025-26630 is a use-after-free vulnerability in Microsoft Office Access that allows an unauthorized attacker to execute code locally. This flaw arises when the program erroneously continues to reference memory that has already been released, leading to possible memory corruption and code execution opportunities for attackers. Successful exploitation requires user interaction, such as opening a specially crafted file, and could lead to arbitrary code execution on the affected system.

Mitigation Recommendation: Patching is currently the only method of mitigation. Microsoft has released security updates to address this vulnerability. Administrators and users are advised to apply the latest patches as specified in the Microsoft Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Note: Given the severity of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.