Microsoft Confirms Windows Is Under Attack — You Must Act Now
Multiple zero-day vulnerabilities are being exploited by attackaers, Microsoft warns.
It's that time of the month again, when Patch Tuesday is quickly followed by Exploit Wednesday. The former is the monthly rollout of Microsoft's responses to newly discovered vulnerabilities in its services and products, and the latter is when hackers, cybercriminals and state-sponsored actors look to act upon these security disclosures before individuals and organizations have had the opportunity to update their systems. Unfortunately, Exploit Wednesday seems to have preceded Patch Tuesday this month, with Microsoft confirming multiple zero-day vulnerabilities that are known to be under attack before any fix was made available. Make no mistake, with security experts rating the risk prioritization of these exploits as critical, Windows users need to act fast.
It is not uncommon, sadly, for Windows users to find themselves faced with zero-day vulnerabilities that are being exploited by attackers in the wild. In March, for example, six zero-day attacks were confirmed, while there were three such active Windows exploits reported in January.
The latest Microsoft Patch Tuesday security rollout has now dropped, and it doesn't make for very comforting reading at all. So, let's dive straight into the multiple zero-day exploits impacting Windows users, starting with that has got the security professionals very concerned indeed. This memory corruption vulnerability sits within the Windows scripting engine, and a successful exploit can allow an attacker to execute code over the network. Not only does CVE-2025-30397 affect all versions of the Windows operating system, but it is also confirmed by Microsoft as being exploited in the wild. 'Microsoft's severity is rated as important and has CVSS 3.1 of 7.8,' Chris Goettl, vice president of security product management at Ivanti, pointed out, adding that 'risk-based prioritization warrants treating this vulnerability as critical.'
While the official CVE severity-rating scores tend to provide a decent baseline for vulnerability appraisal, in the real world, things are not always that clear-cut. CVE-2025-30397 has a base score of 7.5, and Microsoft says that the attack complexity rating is high. So, what's the issue? 'The advisory FAQ for CVE-2025-30397 explains that successful exploitation requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode,' Adam Barnett, lead software engineer at Rapid7 explains, 'and then causes the user to click a malicious link; there is no mention of a requirement for the user to actively reload the page in Internet Explorer Mode, so we must assume that exploitation requires only that the 'Allow sites to be reloaded in Internet Explorer' option is enabled.' Barnett warned that as the users most likely to still require this kind of Internet Explorer compatibility are enterprise organizations, and the concept of migration is likely 'buried several layers deep in a dusty backlog,' in Barnett's experience, then the pre-requisite conditions are already conveniently in place on the target asset and 'attack complexity is suddenly nice and low.'
The remaining under-attack zero-day vulnerabilities are:
CVE-2025-32709: an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock that enables an attacker to gain admin privileges locally and impacts Windows Server 12 and later OS versions. Once again. Goettl warned that 'risk-based prioritization warrants treating this vulnerability as critical.'
CVE-2025-32701 and CVE-2025-32706 are a pair of zero-day vulnerabilities in the Windows Common Log File Driver System, and could enable a successful local attacker to gain system privileges. Impacting all versions of Windows, these types of security flaws are being closely monitored for detection by the Microsoft Threat Intelligence Center. 'Since Microsoft is aware of exploitation in the wild,' Barnett said, 'we know that someone else got there first, and there's no reason to suspect that threat actors will stop looking for ways to abuse CLFS any time soon.'
And finally, we come to another elevation of privilege zero-day vulnerability already being exploited by attackers, CVE-2025-30400, which impacts the Windows desktop window manager and affects Windows 10, Server 2016, and later OS versions. Barnett pointed out that this is great proof that such elevation of privileges vulnerabilities will never go out of fashion, what with Exploit Wednesday marking the one-year anniversary of CVE-2024-30051, which also hit the desktop windows manager.
The advice, therefore, is simple. Act now, and ensure that you update your Windows systems with the latest security patches as a matter of some urgency.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Verge
an hour ago
- The Verge
Pokémon Violet and Scarlet's Switch 2 update is as good as it looks
I recently did something sort of unusual: I went to a preview event for a game that's been out for almost three years. I've played around 400 hours of Pokémon Scarlet, according to my Nintendo Switch, since it was released in late 2022. It's safe to say I know the game pretty well. And yet, when I was invited to preview Pokémon Scarlet and Violet on the Nintendo Switch 2 ahead of the new console's launch, I gladly took the opportunity to see three-year-old games I already own. I wanted to find out just how much they'd improved. I have a high jank tolerance with games — it builds character — but I'm well aware of Scarlet and Violet 's shortcomings on the original Switch. There's lag. The frame rate is… inconsistent. There are online connectivity issues. For a lot of people, performance problems overshadowed what was otherwise a great new generation of Pokémon games. With the release of the Nintendo Switch 2, and the accompanying free performance update for Scarlet and Violet, that might finally change. Starting up the demo of Pokémon Scarlet on the Switch 2 at The Pokémon Company International's office in Bellevue, Washington, I knew immediately where I wanted to go first: Casseroya Lake, sometimes called 'Lag Lake,' where the games' graphical issues are most apparent. On the original Switch, the game really chugs when you're on the lake; the frame rate takes a dive, and it struggles to render more than a handful of pokémon in your immediate vicinity. Exploring the liveliest open areas and encountering the pokémon that populate them is one of Scarlet and Violet 's biggest strengths, but on the Switch, Casseroya Lake is dull and empty at best and impossible to navigate at worst. Playing on the Switch 2, however, Casseroya Lake ran beautifully. There were far more pokémon in view (and I was immediately accosted by a torpedo-like Veluza, same as it ever was), and the lag and stuttering I'd come to expect were nonexistent. I battled that Veluza with no problems. I stumbled upon a Slowpoke outbreak and sent out my Clodsire to auto-battle them — no lag. I found a wild Tera Pokémon and watched the Tera animation play out, looking sharper than I'd ever seen it. (I was playing in docked mode at a station set up by TPCi, so maybe that last one could be credited to the TV. But still.) It was the same case everywhere I went during my 30-minute demo: a stable and smooth frame rate, significantly faster load times, and far more pokémon populating the world. The Switch 2 update is not a complete overhaul of the graphics themselves — the grass textures looked just as unremarkable as always to my eye, for example — but it does seem to eliminate the performance issues that have dragged Scarlet and Violet down for nearly three years. It's a noticeable improvement in the world, in battle, in Tera raids, and even in menus. Is it praiseworthy for a game to simply run well? Maybe not. I don't pretend to know how games are made on a technical level, or really any level, but I know they're not easy to make. And I had enough fun with Pokémon Scarlet to play for 400 hours without the performance issues bothering me much. But it did feel bittersweet, briefly, to think how much more these games could have shone if they'd run well in the first place. Then, in the last five minutes of my demo, as I waded in a different body of water to confirm that it too ran smoothly, I saw it: among the pods of Buizel dotting the shore, a shiny. A good portion of my 400 hours in Scarlet were spent shiny hunting, because even though the alternate-color versions of pokémon are not quite as hard to find as they were in previous games, I get excited every time I see one, without fail. It's the perfect encapsulation of the kind of joy Scarlet and Violet have to offer: exploring a lively area and finding something special. I caught the shiny Buizel despite knowing that it wasn't my save file and not mine to keep. The Switch 2 update is arguably arriving a bit late for my Scarlet save file, depending on how many hours you think are reasonable to spend playing this game. But I also own Violet, and I have played about two hours of that version total. Looking at the shiny Buizel I didn't get to keep, I realized I was really excited to have a reason to play Violet finally — to rediscover what I liked most about these games, in a state that does them justice.
Yahoo
2 hours ago
- Yahoo
Nvidia dethrones Microsoft as the world's most valuable publicly traded company with a $3.45 trillion market cap
Nvidia reclaimed top spot as the most valuable publicly traded company, surpassing Microsoft. Investors are bullish on Nvidia shares since its earnings call, despite tariffs and chip controls. Chip stocks are seeing an overall upward trend as the VanEck Semiconductor ETF climbs. Nvidia reclaimed the title of the most valuable publicly traded company. The AI chipmaking giant led by CEO Jensen Huang surpassed Microsoft after its stock jumped 3% to close at $141.40 on Tuesday. Nvidia now boasts a market cap of $3.444 trillion, edging out Microsoft's $3.441 trillion based on data from Nasdaq. The last time Nvidia held the top spot was on January 24. Since last June, it has been competing with Apple and Microsoft for the title of the top market cap company. The rise in Nvidia's value came a week after the company reported Q1 revenues that beat Wall Street expectations at $44.06 billion, which makes for a 69% year-over-year increase. Confidence in Nvidia remains high despite the company expecting to lose $8 billion in revenue over the next quarter due to the Trump administration's new chip export control policies, which prevented it from selling its H20 chips developed specifically for China's market. Huang has expressed dissatisfaction over chip controls during the earnings call and in media appearances that followed. "On export control, China is one of the world's largest AI markets and a springboard to global success. With half of the world's AI researchers based there, the platform that wins China is positioned to lead globally," Huang said during the May 28 earnings call. "Today, however, the $50 billion China market is effectively closed to US industry." "Export controls should strengthen US platforms, not drive half of the world's AI talent to rivals," Huang added. Immediately after the earnings call on May 28, Nvidia shares shot up nearly 5% after trading hours, and as of June 3, had gained nearly 24% over the past month. Overall, this week, investors flocked to chip stocks. The VanEck Semiconductor ETF climbed 2%, while individual companies like Micron Technology also gained as much as 4%. A spokesperson for Nvidia declined to comment. Microsoft did not immediately respond to a request for comments. Read the original article on Business Insider
Business Insider
2 hours ago
- Business Insider
Nvidia dethrones Microsoft as the world's most valuable publicly traded company with a $3.45 trillion market cap
The AI chipmaking giant led by CEO Jensen Huang surpassed Microsoft after its stock jumped 3% to close at $141.40 on Tuesday. Nvidia now boasts a market cap of $3.444 trillion, edging out Microsoft's $3.441 trillion based on data from Nasdaq. The last time Nvidia held the top spot was on January 24. Since last June, it has been competing with Apple and Microsoft for the title of the top market cap company. The rise in Nvidia 's value came a week after the company reported Q1 revenues that beat Wall Street expectations at $44.06 billion, which makes for a 69% year-over-year increase. Confidence in Nvidia remains high despite the company expecting to lose $8 billion in revenue over the next quarter due to the Trump administration's new chip export control policies, which prevented it from selling its H20 chips developed specifically for China's market. Huang has expressed dissatisfaction over chip controls during the earnings call and in media appearances that followed. "On export control, China is one of the world's largest AI markets and a springboard to global success. With half of the world's AI researchers based there, the platform that wins China is positioned to lead globally," Huang said during the May 28 earnings call. "Today, however, the $50 billion China market is effectively closed to US industry." "Export controls should strengthen US platforms, not drive half of the world's AI talent to rivals," Huang added. Immediately after the earnings call on May 28, Nvidia shares shot up nearly 5% after trading hours, and as of June 3, had gained nearly 24% over the past month. Overall, this week, investors flocked to chip stocks. The VanEck Semiconductor ETF climbed 2%, while individual companies like Micron Technology also gained as much as 4%.
