Listen to this Post
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added six critical vulnerabilities in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This inclusion highlights the severity of these flaws and urges immediate attention from federal agencies and private organizations alike. These vulnerabilities range from privilege escalation to unauthorized local code execution, and all have been assigned high CVSS scores, reflecting their potential impact.
the Six New Microsoft Windows Vulnerabilities
CISA’s decision to add six Microsoft Windows vulnerabilities to its KEV catalog underscores the urgent need for both public and private sectors to address these critical security flaws. These vulnerabilities, which were addressed in Microsoft’s March 2025 Patch Tuesday update, include:
1. CVE-2025-24983 (Win32k Use-After-Free Vulnerability)
CVSS 7.0 – This use-after-free vulnerability in the Windows Win32 Kernel Subsystem allows attackers with local privileges to escalate their access to SYSTEM-level privileges.
2. CVE-2025-24984 (NTFS Information Disclosure Vulnerability)
CVSS 4.6 – Attackers with physical access and a malicious USB device can exploit this flaw to disclose sensitive heap memory data.
- CVE-2025-24985 (Fast FAT File System Driver Integer Overflow)
CVSS 7.8 – This integer overflow vulnerability allows attackers to execute unauthorized code locally, providing a path to system compromise.
4. CVE-2025-24991 (NTFS Out-Of-Bounds Read Vulnerability)
CVSS 5.5 – This flaw enables attackers to access and read sensitive data by exploiting an out-of-bounds memory read in the NTFS file system.
5. CVE-2025-24993 (NTFS Heap-Based Buffer Overflow Vulnerability)
CVSS 7.8 – This buffer overflow in NTFS can lead to unauthorized local code execution, potentially allowing attackers to control the affected system.
6. CVE-2025-26633 (Microsoft Management Console Improper Neutralization Vulnerability)
CVSS 7.0 – An improper neutralization flaw in the Microsoft Management Console (MMC) enables attackers to bypass local security mechanisms.
Detailed Vulnerability Analysis
The vulnerabilities outlined in this catalog highlight a range of attack vectors that could be exploited by both external and internal actors, depending on the nature of the flaw. Let’s take a deeper dive into each issue to understand its implications.
CVE-2025-24983: Win32k Use-After-Free Vulnerability
This flaw occurs in the Windows Win32 Kernel Subsystem, specifically in its handling of system resources. Use-after-free vulnerabilities are particularly dangerous because they allow attackers to exploit freed memory blocks, potentially injecting malicious code into them. Attackers could escalate privileges by leveraging this flaw, gaining full control of the system with SYSTEM-level privileges. The reported exploit since March 2023 targeting unsupported versions like Server 2012 R2, 8.1, and even Windows 10 builds before 1809 signals the widespread potential for compromise.
CVE-2025-24984: NTFS Information Disclosure Vulnerability
This vulnerability in NTFS allows attackers to disclose sensitive data stored in memory, which could potentially lead to identity theft or unauthorized access to private information. It requires physical access to the system, meaning an attacker must have direct access to a machine, potentially exploiting USB devices or other physical attack vectors. Though its CVSS score of 4.6 places it in the moderate-risk category, its exploitation in physical-access scenarios still poses a significant security risk.
CVE-2025-24985: Fast FAT File System Driver Integer Overflow
Integer overflows occur when a program attempts to store a number larger than the variable can hold. When this happens in system-level drivers like the Fast FAT File System, it can lead to unpredictable behavior, including code execution. Attackers can exploit this flaw to run arbitrary code locally, gaining access to the system. This vulnerability is considered high-risk, with a CVSS score of 7.8, signaling that attackers could cause significant damage or steal sensitive data.
CVE-2025-24991: NTFS Out-Of-Bounds Read Vulnerability
Out-of-bounds read vulnerabilities allow unauthorized access to data that is outside the intended range. In this case, attackers could gain access to sensitive data on NTFS partitions. Although the CVSS score of 5.5 indicates moderate risk, the possibility of exploiting this flaw to steal data is non-negligible, especially for organizations handling confidential information.
CVE-2025-24993: NTFS Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflows are often critical vulnerabilities that can allow attackers to execute arbitrary code in the context of a vulnerable application or system. This flaw in NTFS increases the likelihood of local code execution, which could allow attackers to gain full control of the machine. The CVSS score of 7.8 reflects the severe risk this vulnerability poses to affected systems.
CVE-2025-26633: MMC Improper Neutralization Vulnerability
The Microsoft Management Console (MMC) flaw impacts the system’s ability to properly neutralize input, allowing attackers to bypass security mechanisms. This means attackers could potentially disable or manipulate security features locally, weakening overall system protection. Its CVSS score of 7.0 places this issue in the medium-high risk category, emphasizing the importance of patching it.
What Undercode Says:
From a cybersecurity perspective, the addition of these six vulnerabilities to the KEV catalog is a call to action for all organizations, especially those relying heavily on Microsoft Windows environments. The cumulative CVSS scores of these flaws highlight their potential to escalate attacks, ranging from privilege escalation to code execution, and in some cases, full system compromise.
Several of these flaws involve system components (NTFS and Win32k) that are critical to Windows’ functioning, making them highly attractive targets for attackers. While some vulnerabilities, like CVE-2025-24984, require physical access, others like CVE-2025-24993 (NTFS buffer overflow) present much broader attack vectors, which could be exploited remotely or locally.
Importantly, the fact that CVE-2025-24983 has already been actively exploited since March 2023 underscores the urgency for patching. Attackers have demonstrated their ability to exploit these flaws in the wild, particularly in unsupported versions of Windows such as Server 2012 R2 and 8.1, as well as older Windows 10 builds.
Given that CISA has mandated that federal agencies address these vulnerabilities by April 1st, 2025, there’s a clear need for a broader, more urgent response from private sector organizations as well. It is essential to monitor the KEV catalog regularly and apply patches and mitigation strategies to reduce the risk of cyberattacks.
In the fast-evolving landscape of cyber threats, organizations must be proactive in their security measures. The inclusion of these vulnerabilities in CISA’s catalog offers an opportunity for system administrators to strengthen their defenses and avoid the pitfalls of known exploits. Organizations should not wait for a confirmed breach to take action.
Fact Checker Results:
- The vulnerabilities listed are legitimate and have been confirmed by CISA and Microsoft.
- CVE-2025-24983 has been actively exploited since March 2023, particularly targeting older and unsupported Windows versions.
- CISA has set an April 1st, 2025 deadline for federal agencies to fix these flaws, urging private organizations to follow suit.
References:
Reported By: https://securityaffairs.com/175298/hacking/u-s-cisa-adds-six-microsoft-windows-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Extra Source Hub:
https://www.github.com
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2





