Vulnerabilities in file system drivers: Several of the other zero-day vulnerabilities are related to the Windows NT File System (NTFS) driver. One is a remote code execution flaw that can be triggered by the user mounting a specially crafted VHD (virtual hard disk) that triggers a buffer overflow (CVE-2025-24993).A similar vulnerability, CVE-2025-24985, that can be exploited via a malicious VHD is located in the FAT file system driver triggering an integer overflow that leads to arbitrary code execution.Two other zero-day vulnerabilities related to NTFS can result in information disclosure. One is exploitable via VHDs again (CVE-2025-24991) and one through USB drives inserted into the computer (CVE-2025-24984).One security feature bypass exploited in the wild was patched in the Microsoft Management Console (CVE-2025-26633). Exploitation requires user interaction, which is why Microsoft hasn’t rated this as critical.”Successful exploitation leads to an outcome which isn’t specified by the advisory, but since the Microsoft Management Console has a feature set which includes the creation, hosting, and distribution of custom tools for the administrative management of both hardware and software for any supported version of Windows, it’s easy enough to see why an attacker might be interested,” researchers from vulnerability intelligence firm Rapid7 stated.The last zero-day is a use-after-free flaw in Microsoft Access (CVE-2025-26630) that can lead to remote code execution. Exploiting this vulnerability requires users to open a malicious file.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3843369/microsoft-patches-privilege-escalation-flaw-exploited-since-2023.html
