The monthly Patch Tuesday update for Windows addresses more than 50 vulnerabilities, including six zero-day flaws that are being actively exploited.
Microsoft releases a security update for all supported Windows versions every second Tuesday of the month. ‘Patch Tuesday’ has become a familiar term among Windows users. This month’s update proves to be essential: Microsoft fixes more than 50 vulnerabilities in various Windows versions in one go.
Among the 50 vulnerabilities are six zero-day flaws that affect different Windows versions and, according to Microsoft, are being actively exploited:
Six Zero-Days in Windows
Two of the zero-day flaws, CVE-2025-24991 and CVE-2025-24993, are located in NTFS, the standard file system of Windows. Attackers must convince a victim to mount a malicious virtual hard drive. CVE-2025-24991 can lead to memory data leakage, while CVE-2025-24993 enables local code execution.
The third zero-day, CVE-2025-24983, is an elevation of privilege flaw in older Windows versions. Researchers from ESET discovered that this bug is being exploited by the PipeMagic backdoor, which can exfiltrate data and provide remote access. The exploit specifically targets Windows 8.1, for which support ended in early 2023, Windows Server 2012 R2. However, the vulnerability is also present in Windows 10 build 1809 and Windows Server 2016.
read also
How Do You Keep Your PC Safe After the End of Windows 10 Updates?
CVE-2025-24984 is another NTFS vulnerability, where an attacker can insert a malicious USB drive into a Windows system to leak memory information to a log file. The impact is considered less severe, but Microsoft still rates the flaw as important. CVE-2025-24985 allows the installation of malicious code via a manipulated virtual hard drive, and finally, CVE-2025-26633 affects the Microsoft Management Console and requires the target to open a malicious file.
In addition to the six zero-days, Microsoft has also classified six other vulnerabilities as critical. These can be exploited by attackers to completely take over systems without user intervention.
Microsoft continues to roll out monthly security updates and advises users to update their systems in a timely manner. Administrators can consult the full list of updates via the SANS Internet Storm Center or other specialized sources. Windows updates regularly go wrong: the most recent Windows 11 update causes printers to malfunction.