Microsoft Fixes Six Actively-Exploited 0-Day Flaws In Patch Tuesday Rollout, Update ASAP

Microsoft addressed a vulnerability registered on the CVE program as CVE-2025-24993, one of the six reported active exploits. For a successful attack, hackers will need to trick users into mounting a Virtual Hard Disk (VHD); otherwise, the attack will fail. As a Remote Code Execution (RCE) vulnerability, malicious actors can trick users into taking actions that trigger payloads or malware without physical access to the computer. With a successful attack, bad actors can steal sensitive information, corrupt systems with viruses, or control the victim's computer remotely.
Microsoft also reported that hackers are already exploiting CVE-2025-24983. Successful exploitation allows hackers to assume administrator roles and enjoy full privileges on a system. However, unlike CVE-2025-24993, this vulnerability cannot be exploited without physical access to the computer, making it less critical. Local attackers can install a backdoor, trojan, or malware, which could lead to all sorts of problems.

The other four exploited vulnerabilities are CVE-2025-26633, CVE-2025-24991, CVE-2025-24984, and CVE-2025-24985. CVE-2025-26633 allows attackers to find their way around a core security feature on Windows, while CVE-2025-24984 and CVE-2025-24991 enable local attackers to read the heap memory. The last zero-day exploit - CVE-2025-24985, like CVE-2025-24993, requires attackers to trick users into mounting a VHD.
The update fixes 23 remote code execution security flaws, 22 vulnerabilities allowing attackers to gain special privileges, and 12 vulnerabilities that can cause security bypass, spoofing, denial of service (DOS), and information disclosure.
As expected, to give users a reasonable timeframe for updating their OS, Microsoft did not reveal details of how criminals exploit the flaws. However, users are encouraged to update their Windows PCs as soon as possible to have it patched against all 57 vulnerabilities.
This is all we have until next month's edition of Patch Tuesday, we urge you to keep your Windows installs safe from the relentless fingers of hackers.