Microsoft’s latest security update addresses 57 vulnerabilities, including six zero-days already being exploited in the wild. The April patch includes fixes for 6 Critical and 50 Important-rated flaws, with 23 remote code execution vulnerabilities and 22 privilege escalation issues.

## Zero-Day Vulnerabilities Under Active Exploitation

The six actively exploited vulnerabilities include:

– **CVE-2025-24983**: Windows Win32 Kernel Subsystem use-after-free vulnerability allowing local privilege escalation
– **CVE-2025-24984**: Windows NTFS information disclosure vulnerability exploitable via malicious USB drives
– **CVE-2025-24985**: Integer overflow in Windows Fast FAT File System Driver enabling local code execution
– **CVE-2025-24991**: Out-of-bounds read vulnerability in Windows NTFS allowing local information disclosure
– **CVE-2025-24993**: Heap-based buffer overflow in Windows NTFS enabling local code execution
– **CVE-2025-26633**: Microsoft Management Console vulnerability allowing security feature bypass

ESET researchers discovered CVE-2025-24983 being exploited since March 2023 via the PipeMagic backdoor, which targets entities in Asia and Saudi Arabia. The malware has been distributed through fake ChatGPT applications and uses a unique named pipe mechanism for receiving payloads.

Security experts note that four of these vulnerabilities affect core Windows file system components and could be chained together. The exploit typically involves crafting malicious VHD files that users are tricked into opening or mounting.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply patches by April 1, 2025.

## Additional Vendor Updates

Numerous other technology vendors have also released security patches recently, including Adobe, Apple, Cisco, Dell, Google, IBM, Mozilla, NVIDIA, Samsung, and Zoom.