CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. Security experts warn that these vulnerabilities pose a significant risk to both government and private sector organizations, as they allow attackers to escalate privileges or execute code remotely. Security professionals caution that attackers, including ransomware affiliates, are likely to continue targeting privilege escalation and remote code execution flaws for initial access and lateral movement. Researchers have uncovered a sophisticated technique to bypass Windows Defender Application Control (WDAC), a critical Windows security feature designed to prevent unauthorized code execution. The vulnerabilities impact all supported versions of Windows, and exploitation could lead to full system compromise, data theft, malware installation, and lateral movement across networks. The vulnerabilities, which affect core Windows components, have been flagged as critical attack vectors and require immediate attention from organizations and users worldwide. All five vulnerabilities have been observed under active exploitation, though there is currently no public evidence linking them to specific ransomware campaigns. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. CISA’s inclusion of these flaws in the KEV catalog triggers a mandate for U.S. federal agencies to apply Microsoft’s security patches by June 3, 2025. As exploitation is ongoing, organizations are urged to act swiftly to minimize exposure and protect critical systems from compromise. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 16:19:54 +0000