For more details, visit: https://thehackernews.com/2025/03/urgen ... urity.htmlThe updates are in addition to 17 vulnerabilities Microsoft addressed in its Chromium-based Edge browser since the release of last month's Patch Tuesday update, one of which is a spoofing flaw specific to the browser (CVE-2025-26643, CVSS score: 5.4).
The six vulnerabilities that have come under active exploitation are listed below -
• CVE-2025-24983 (CVSS score: 7.0) - A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally
• CVE-2025-24984 (CVSS score: 4.6) - A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory
• CVE-2025-24985 (CVSS score: 7.8) - An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally
• CVE-2025-24991 (CVSS score: 5.5) - An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally
• CVE-2025-24993 (CVSS score: 7.8) - A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally
• CVE-2025-26633 (CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally
Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Forum rules
Behave rationally.
Behave yourself.
Self moderate your posts.
Be reasonable.
No Spam.
No Blunt promotion.
No nonsense whatsoever.
Behave rationally.
Behave yourself.
Self moderate your posts.
Be reasonable.
No Spam.
No Blunt promotion.
No nonsense whatsoever.
-
Prajayblogger
- Posts: 52
- Joined: Mon Feb 24, 2025 6:56 am