Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. In 2023, Kaspersky saw it deployed in Nokoyawa ransomware attacks that exploited another Windows zero-day, a privilege escalation flaw in the Common Log File System Driver tracked as CVE-2023-28252. Fixed in Windows security updates released during this month's Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko. ESET said on Tuesday that a zero-day exploit targeting the CVE-2025-24983 vulnerability was "first seen in the wild" in March 2023 on systems backdoored using PipeMagic malware. However, the vulnerability also affects newer Windows versions, including the still-supported Windows Server 2016 and Windows 10 systems running Windows 10 build 1809 and earlier. Yesterday, CISA added all six zero-days to its Known Exploited Vulnerabilities Catalog, ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems by April 1st, as required by the Binding Operational Directive (BOD) 22-01. PipeMagic was discovered by Kaspersky in 2022, and it can be used to harvest sensitive data, provides the attackers with full remote access to infected devices, and enables them to deploy additional malicious payloads to move laterally through the victims' networks. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," the U.S. cybersecurity agency warned. This exploit targets only older Windows versions (Windows Server 2012 R2 and Windows 8.1) that Microsoft no longer supports.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 12 Mar 2025 14:35:20 +0000