Summary: A zero-day vulnerability, tracked as CVE-2025-24983, in the Windows Win32 kernel has been actively exploited since March 2023, potentially allowing attackers to gain SYSTEM privileges. Microsoft has addressed this issue along with others in its March 2025 Patch Tuesday updates. The flaw particularly affects older Windows operating systems, including Windows 8.1 and Server 2012 R2, and requires attackers to successfully execute a race condition to exploit it.
Affected: Microsoft Windows (including Windows 8.1, Windows Server 2012 R2, and Windows Server 2016)
Keypoints :
- Vulnerability identified as CVE-2025-24983 with a CVSS score of 7.0, related to a use-after-free bug.
- Exploitation of the vulnerability requires winning a race condition, allowing attackers to elevate privileges.
- Specifically affects OS versions released before Windows 10 build 1809 and is leveraged through the PipeMagic backdoor.
- Attacks exploiting this flaw have been noted for two years and involve multiple ransomware groups.
Source: https://www.securityweek.com/newly-patched-windows-zero-day-exploited-for-two-years/