U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.———————————————————————————————————————————————The U.S. Cybersecurity and Infrastructure Security Agency (CISA) [added](https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog) the following vulnerabilities to its [Known Exploited Vulnerabilities (KEV) catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog):* [CVE-2025-24983](https://www.cve.org/CVERecord?id=CVE-2025-24983) Microsoft Windows Win32k Use-After-Free Vulnerability* [CVE-2025-24984](https://www.cve.org/CVERecord?id=CVE-2025-24984) Microsoft Windows NTFS Information Disclosure Vulnerability* [CVE-2025-24985](https://www.cve.org/CVERecord?id=CVE-2025-24985) Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability* [CVE-2025-24991](https://www.cve.org/CVERecord?id=CVE-2025-24991) Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability* [CVE-2025-24993](https://www.cve.org/CVERecord?id=CVE-2025-24993) Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability* [CVE-2025-26633](https://www.cve.org/CVERecord?id=CVE-2025-26633) Microsoft Windows Management Console (MMC) Improper Neutralization VulnerabilityBelow are the descriptions of these flaws that Microsoft addressed with the release of [Microsoft Patch Tuesday security updates for March 2025](https://securityaffairs.com/175289/hacking/microsoft-patch-tuesday-security-updates-for-march-2025.html):* **[CVE-2025-24983](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983) (CVSS 7.0):** A use-after-free vulnerability in the Windows Win32 Kernel Subsystem that enables authorized attackers to escalate privileges locally.* **[CVE-2025-24984](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984) (CVSS 4.6):** An NTFS information disclosure flaw that lets attackers with physical access and a malicious USB device read portions of heap memory.* **[CVE-2025-24985](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985) (CVSS 7.8):** An integer overflow in the Windows Fast FAT File System Driver allowing unauthorized local code execution.* **[CVE-2025-24991](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991) (CVSS 5.5):** An out-of-bounds read vulnerability in NTFS that permits authorized attackers to access sensitive information.* **[CVE-2025-24993](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993) (CVSS 7.8):** A heap-based buffer overflow in NTFS that allows unauthorized local code execution.* **[CVE-2025-26633](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633) (CVSS 7.0):** An improper neutralization flaw in Microsoft Management Console that lets unauthorized attackers bypass security features locally.ESET researchers, who discovered the vulnerability CVE-2025-24983, reported that the zero-day ****[CVE-2025-24983](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983)**** has been exploited since March 2023. The flaw enables attackers with low privileges to escalate to SYSTEM privileges but requires winning a race condition. The exploit, linked to the [PipeMagic backdoor](https://www.kaspersky.com/about/press-releases/kaspersky-uncovers-pipemagic-backdoor-attacks-businesses-through-fake-chatgpt-application), has targeted unsupported Windows versions like Server 2012 R2 and 8.1 but also affects Windows 10 (build 1809 and earlier) and Server 2016.According to [Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](https://cyber.dhs.gov/bod/22-01/), FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.Experts also recommend private organizations review the [Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) and address the vulnerabilities in their infrastructure.CISA orders federal agencies to fix this vulnerability by April 1st, 2025.A few days ago, U.S. Cybersecurity and Infrastructure Security Agency (CISA) [added](https://securityaffairs.com/174923/security/u-s-cisa-adds-linux-kernel-and-vmware-esxi-and-workstation-flaws-to-its-known-exploited-vulnerabilities-catalog.html) other Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog.Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, CISA)**

Related Tags:
CVE-2025-26633

CVE-2025-24984

CVE-2025-24985

CVE-2025-24991

CVE-2025-24993

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 335 – Electrical Equipment

Appliance

Component Manufacturing

NAICS: 92 – Public Administration

NAICS: 33 – Manufacturing – Metal

Electronics And Other

Associated Indicators:

Threat Intel Solutions

U.S. CISA adds six Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us