Microsoft addresses 57 security vulnerabilities

Busy day for Microsoft!

The six vulnerabilities that have come under active exploitation are listed below -

  • CVE-2025-24983 (CVSS score: 7.0) - A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally
  • CVE-2025-24984 (CVSS score: 4.6) - A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory
  • CVE-2025-24985 (CVSS score: 7.8) - An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally
  • CVE-2025-24991 (CVSS score: 5.5) - An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally
  • CVE-2025-24993 (CVSS score: 7.8) - A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally
  • CVE-2025-26633 (CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally