Patchday: Attackers attack Windows and gain system rights
Microsoft has provided important security patches for Azure, Bitlocker and Kerberos, among others, via Windows Update.
Updates are available.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers are currently targeting Windows 10/11 and various Windows server versions. The extent of the attacks is currently unclear. Admins should quickly ensure that Windows Update is active and that PCs are up-to-date.
No updates for Windows 10 yet
The exploited vulnerability (CVE-2025-29824 “high”) affects the protocol file system driver. Not much information about the vulnerability is currently available. The little information available suggests that locally authenticated attackers can gain system privileges. As this is a memory corruption vulnerability (use-after-free), it can be assumed that attackers can trigger this error with certain inputs.
In the position after a successful attack, it is likely that attackers will execute malicious code and thus compromise entire systems. In a warning message about the vulnerability, Microsoft states that the security patches for Windows 10 32-bit and 64-bit are not yet available. It is not yet clear when they will follow.
Further dangers
Microsoft classifies several malware vulnerabilities as “critical”. These include Excel(CVE-2025-27752 “high”), Hyper-V(CVE-2025-27491 “high”) and Windows Remote Desktop Services(CVE-2025-27480 “high”). In the latter case, an attacker only needs to connect to a vulnerable system via RDP and trigger a race condition to be able to push malicious code onto computers. The Hyper-V updates for Windows 10 will be released at a later date.
There are also patches for Office, SharePoint and Windows Defender. Attackers can use these points to gain unauthorized access to information, trigger DoS states or obtain higher user rights, among other things. Microsoft provides more detailed information on the vulnerabilities in the Security Update Guide.
(des)
