Critical Windows Vulnerabilities Under Active Attack: What You Need to Know
Microsoft has confirmed that multiple zero-day vulnerabilities in Windows are being actively exploited by attackers. This urgent news means Windows users need to take immediate action to protect their systems. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued a warning, urging organizations to apply the necessary patches as soon as possible to mitigate the risk of cyberattacks.
This situation follows closely after Microsoft's monthly Patch Tuesday rollout, a period often targeted by malicious actors seeking to exploit newly disclosed vulnerabilities before fixes can be implemented. However, this time, attackers appear to have jumped the gun.
CVE-2025-30397: A Critical Scripting Engine Flaw
One of the most concerning vulnerabilities, CVE-2025-30397, involves a memory corruption flaw within the Windows scripting engine. A successful exploit could allow attackers to execute code remotely, impacting all versions of the Windows operating system. While Microsoft rates the severity as 'important,' security experts at Ivanti deem it ‘critical’ due to the potential for severe damage.
The complexity of exploiting CVE-2025-30397 lies in the attacker's need to prepare the target system to use Edge in Internet Explorer Mode and then trick the user into clicking a malicious link. Adam Barnett from Rapid7 points out that enterprises, which often rely on Internet Explorer compatibility, are particularly vulnerable because the necessary conditions for exploitation are likely already in place.
Other Zero-Day Vulnerabilities Under Attack
In addition to CVE-2025-30397, Microsoft has confirmed the exploitation of several other zero-day vulnerabilities :
- CVE-2025-32709: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock.
- CVE-2025-32701 & CVE-2025-32706: A pair of zero-day vulnerabilities in the Windows Common Log File Driver System.
- CVE-2025-30400: Another elevation of privilege vulnerability impacting the Windows desktop window manager.
These vulnerabilities could allow attackers to gain administrative privileges and take control of affected systems, highlighting the urgency of applying the necessary patches.
CISA's Warning and the Urgency to Act
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all five Windows zero-days to its Known Exploited Vulnerabilities catalog. Federal agencies are now obligated to apply the Microsoft patches by June 3rd, 2025.
CISA strongly urges all organizations to prioritize the remediation of catalog vulnerabilities to reduce exposure to cyberattacks which is an obligation for certain federal agencies to apply the Microsoft patches to fix them no later than June 3rd, 2025.
Beyond Zero-Days: Other Critical Vulnerabilities
Besides the actively exploited zero-day flaws, Microsoft's latest security rollout includes fixes for 65 other vulnerabilities that cannot be ignored. Two Microsoft Office vulnerabilities, CVE-2025-30386 and CVE-2025-30377, are remote code execution (RCE) flaws. While one is considered less likely to be exploited, both could lead to a full system compromise if left unpatched.
Windows 11 Updates and AI Integration
Microsoft has also released KB5058411 and KB5058405 cumulative updates for Windows 11 versions 24H2 and 23H2 to address these security vulnerabilities and other issues.
Notably, the updates include new AI features for Copilot+ PCs, such as Recall, which continuously takes screenshots of user activity. While Microsoft has made efforts to address privacy concerns, security experts remain wary of the potential for misuse. This has raised concerns, especially regarding the ability of Microsoft Copilot AI to access restricted passwords.
What's Your Next Step?
With multiple critical vulnerabilities actively being exploited, the time to act is now. Ensure your Windows systems are updated with the latest security patches and remain vigilant against potential threats.
What security measures are you taking to protect your systems? Share your thoughts and concerns in the comments below.
