Patchday Microsoft: Attackers attack Windows and delete data

Unknown attackers are currently targeting various versions of Windows and Windows Server. Admins should ensure that Windows Update is active and the latest patches are installed so that systems are protected against the attacks.

Attacks on Windows

In addition to Windows 10 and 11, current and older server versions are also affected. Attackers gain system rights via a vulnerability (CVE-2025-21418"high"). In such a position, it can be assumed that they can completely compromise PCs.

Successful attacks on the second exploited vulnerability (CVE-2025-21391 "high") enable attackers to delete files. According to Microsoft, this does not allow them to access confidential information, but it does mean that certain services no longer work.

It is currently unknown how such attacks take place and to what extent.

Further dangers

Two vulnerabilities (CVE-2025-21194 "high", CVE-2025-21377 "medium") are publicly known and attacks may be imminent. The first influences various Surface models. If attacks succeed, attackers can bypass security mechanisms in the UEFI to compromise the hypervisor and kernel. To achieve this, however, victims have to play along and restart their Surface model, among other things.

The second known vulnerability affects Windows and attackers can gain access to NTLMv2 hashes. To achieve this, however, a victim must click on a prepared file.

The majority of the remaining vulnerabilities are classified as "high" threat level. At these points, attackers can gain higher user rights under Azure, Dynamics 365 or Windows, among others, or execute malicious code in the context of Excel. Microsoft lists further information on the vulnerabilities closed on this patchday in the Security Update Guide.

(des)