Microsoft Patchday: Attackers exploit three gaps in Hyper-V
Microsoft has released important security updates for Azure, Office and Windows, among others. Attacks are already underway.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers are currently targeting various versions of Windows and Windows Server. The gateways are three vulnerabilities in the Hyper-V virtualization technology. Other Windows vulnerabilities are publicly known, so it is obvious that attacks are imminent. Among other things, malicious code can get onto systems via these vulnerabilities. Admins should therefore ensure that Windows Update is active and the latest security patches are installed.
Patch now!
Microsoft has classified the three exploited Hyper-V vulnerabilities(CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) as “high” threat level. They affect various editions of Windows 10 and 11 as well as Windows Server 2022 and 2025. It is not yet known how attacks actually work. Microsoft states that attackers use the vulnerabilities to gain system rights.
In such a position, it can be assumed that computers are considered fully compromised. The extent of the attacks remains unclear. Further vulnerabilities in Access (e.g., CVE-2025-21186 “high”), App Package Installer(CVE-2025-21275 “high”) and Windows Themes(CVE-2025-21308 “high”) are publicly known and attacks could be imminent. Attackers can target these vulnerabilities with prepared emails and execute malicious code.
Further dangers
Several Windows vulnerabilities are classified as “critical”. For example, attackers can gain higher user rights in the context of NTLM V1 (CVE-2025-21311) or Outlook can swallow manipulated emails, allowing attackers to execute malicious code remotely (CVE-2025-21298).
Other vulnerabilities affect Excel, SharePoint and many Windows components. Microsoft lists further information on all gaps closed on this patch day in the Security Update Guide.
(des)