Microsoft Patches Zero-Day Vulnerability Exploited Since March 2023

ESET, a Slovak cybersecurity company, has reported that a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. The vulnerability, now tracked as CVE-2025-24983, was reported to Microsoft by ESET researcher Filip Jurčacko and was addressed in this month's Patch Tuesday security updates, as reported by Bleeping Computer.

The problem is a use-after-free error that lets attackers with low privileges gain system privileges without needing any action from the user. Microsoft has classified these attacks as high complexity.

This vulnerability affects older Windows versions like Windows Server 2012 R2 and Windows 8.1, which Microsoft no longer supports. It also impacts newer systems, including Windows Server 2016 and Windows 10 with build 1809 or earlier. The issue starts from improper memory usage during software operation, which can lead to crashes, malicious code execution, privilege escalation, or data corruption.

Kaspersky discovered ...