Windows Is Under Attack, Microsoft Confirms — Act Now, CISA Warns
Update, May 15, 2025: This story, originally published May 14, has been updated with a new warning from the Cybersecurity and Infrastructure Security Agency along with additional information regarding further confirmed Microsoft Windows vulnerabilities that are not known to be under active exploitation but need to be patched as soon as possible anyway.
It's that time of the month again, when Patch Tuesday is quickly followed by Exploit Wednesday. The former is the monthly rollout of Microsoft's responses to newly discovered vulnerabilities in its services and products, and the latter is when hackers, cybercriminals and state-sponsored actors look to act upon these security disclosures before individuals and organizations have had the opportunity to update their systems. Unfortunately, Exploit Wednesday seems to have preceded Patch Tuesday this month, with Microsoft confirming multiple zero-day vulnerabilities that are known to be under attack before any fix was made available. Make no mistake, with security experts rating the risk prioritization of these exploits as critical, Windows users need to act fast.
It is not uncommon, sadly, for Windows users to find themselves faced with zero-day vulnerabilities that are being exploited by attackers in the wild. In March, for example, six zero-day attacks were confirmed, while there were three such active Windows exploits reported in January.
The latest Microsoft Patch Tuesday security rollout has now dropped, and it doesn't make for very comforting reading at all. So, let's dive straight into the multiple zero-day exploits impacting Windows users, starting with that has got the security professionals very concerned indeed. This memory corruption vulnerability sits within the Windows scripting engine, and a successful exploit can allow an attacker to execute code over the network. Not only does CVE-2025-30397 affect all versions of the Windows operating system, but it is also confirmed by Microsoft as being exploited in the wild. 'Microsoft's severity is rated as important and has CVSS 3.1 of 7.8,' Chris Goettl, vice president of security product management at Ivanti, pointed out, adding that 'risk-based prioritization warrants treating this vulnerability as critical.'
While the official CVE severity-rating scores tend to provide a decent baseline for vulnerability appraisal, in the real world, things are not always that clear-cut. CVE-2025-30397 has a base score of 7.5, and Microsoft says that the attack complexity rating is high. So, what's the issue? 'The advisory FAQ for CVE-2025-30397 explains that successful exploitation requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode,' Adam Barnett, lead software engineer at Rapid7 explains, 'and then causes the user to click a malicious link; there is no mention of a requirement for the user to actively reload the page in Internet Explorer Mode, so we must assume that exploitation requires only that the 'Allow sites to be reloaded in Internet Explorer' option is enabled.' Barnett warned that as the users most likely to still require this kind of Internet Explorer compatibility are enterprise organizations, and the concept of migration is likely 'buried several layers deep in a dusty backlog,' in Barnett's experience, then the pre-requisite conditions are already conveniently in place on the target asset and 'attack complexity is suddenly nice and low.'
The remaining under-attack zero-day vulnerabilities are:
CVE-2025-32709: an elevation of privilege vulnerability in the Windows ancillary function driver for WinSock that enables an attacker to gain admin privileges locally and impacts Windows Server 12 and later OS versions. Once again. Goettl warned that 'risk-based prioritization warrants treating this vulnerability as critical.'
CVE-2025-32701 and CVE-2025-32706 are a pair of zero-day vulnerabilities in the Windows Common Log File Driver System, and could enable a successful local attacker to gain system privileges. Impacting all versions of Windows, these types of security flaws are being closely monitored for detection by the Microsoft Threat Intelligence Center. 'Since Microsoft is aware of exploitation in the wild,' Barnett said, 'we know that someone else got there first, and there's no reason to suspect that threat actors will stop looking for ways to abuse CLFS any time soon.'
And finally, we come to another elevation of privilege zero-day vulnerability already being exploited by attackers, CVE-2025-30400, which impacts the Windows desktop window manager and affects Windows 10, Server 2016, and later OS versions. Barnett pointed out that this is great proof that such elevation of privileges vulnerabilities will never go out of fashion, what with Exploit Wednesday marking the one-year anniversary of CVE-2024-30051, which also hit the desktop windows manager.
The U.S. Cybersecurity and Infrastructure Security Agency has now joined the chorus of experts warning that these Windows zero-day vulnerabilities need to be addressed as a matter of urgency. A newly published alert has confirmed that CISA has added all five of the Windows zero-days to Known Exploited Vulnerabilities catalog, and that brings not only more than a little gravitas to the security warnings, but an obligation for certain federal agencies to apply the Microsoft patches to fix them no later than June 3rd, 2025. Of course, that is by the by for most readers, but it doesn't mean the CISA alert is meaningless. Indeed, the self-styled America's Cyber Defence Agency has strongly urged 'all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of catalog vulnerabilities as part of their vulnerability management practice."
Although it makes sense to highlight the five zero-day vulnerabilities that Microsoft has confirmed are already being exploited in the wild, leaving unpatched Windows users open to attack, this security rollout also includes fixes for another 65 vulnerabilities that cannot be ignored. Mike Walters, co-founder of Action1, has mentioned two Microsoft Office vulnerabilities, for example. CVE-2025-30386 is a remote code execution flaw, and RCE is something that will make any security-aware reader shiver. The shivering is dulled a little by the fact that it is, somewhat oddly, classified as using a local attack vector. 'This vulnerability is considered remote code execution,' Walters explained, 'as it can be triggered by delivering a malicious document. If the affected user has administrative privileges, an attacker could gain full control of the system.' All users, from the enterprise to consumers are at risk, Walters said, adding that the 'ability to trigger exploitation via the Preview Pane further elevates the risk, as users may not even need to open the attachment explicitly.'
The second Microsoft Office vulnerability of note, CVE-2025-30377, is another RCE and similar to the first in that it can be used to execute arbitrary code. 'While the attack scenarios are comparable,' Walters said, 'this vulnerability is considered less likely to be exploited due to additional conditions or complexities in developing a reliable exploit.' As both can result in full system compromise, neither should be underestimated, and patches should be applied as soon as possible.
The advice, therefore, is simple. Act now, and ensure that you update your Windows systems with the latest security patches as a matter of some urgency.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
24 minutes ago
- Yahoo
2 AI Growth Stocks That Could Help Set You Up for Life
Credo provides a lot of key components for upgrading AI-driven data centers. Arm's AI-optimized designs and new first-party chipmaking business could drive its long-term growth. Neither of these stocks is cheap, but they both deserve their premium valuations. 10 stocks we like better than Credo Technology Group › The artificial intelligence (AI) market has grown like a weed over the past decade. That rapid expansion -- which was fueled by more sophisticated cloud computing services, large language models, and generative AI applications -- lit a blazing fire under some high-growth tech stocks. The most obvious winners are Nvidia, the world's top producer of discrete graphics processing units (GPUs) for processing AI tasks; and Microsoft, which acquired a big stake in OpenAI and integrated the start-up's AI tools into its own services. But there are still plenty of other under-the-radar AI growth plays that might have more upside potential. Let's look at two of them: Credo Technology (NASDAQ: CRDO) and Arm Holdings (NASDAQ: ARM). Credo, which went public in 2022, sells a wide range of high-speed connectivity solutions for the data center, cloud, and AI markets. Its core products include data transfer chips, digital signal processors, line card components, and active electric cables for data centers. From fiscal 2022 to fiscal 2025 (which ended this May), Credo's revenue grew at a compound annual growth rate (CAGR) of 60%. It also turned profitable for the first time in fiscal 2025. Credo attributed that growth to the rapid expansion of the cloud and AI markets, which drove its hyperscale customers to aggressively upgrade their data center infrastructure. Its biggest customer -- widely believed to be Microsoft -- accounted for 39% of its revenue in fiscal 2024. That customer concentration isn't ideal, but it also isn't surprising considering how much Microsoft is prioritizing the expansion of its cloud and AI ecosystems. Its other major customers include Amazon and Tesla. From fiscal 2025 to fiscal 2027, analysts expect Credo's revenue to rise at a CAGR of 47% as its earnings per share (EPS) increase at a CAGR of 113%. That rapid growth could be driven by the continued expansion of the AI market, and a shift toward higher-speed ethernet connections that will spur demand for its new optical modules. There's also rising demand for its "chiplet" designs, which are more modular, customizable, and scalable than monolithic system on chips (SoCs), which merge together multiple chips on a single die. It isn't cheap at 64 times this year's earnings, but it could have plenty of room to run over the next few decades. Arm is a U.K. chip designer which was acquired by Japan's SoftBank in 2016 and spun off again in a second IPO in 2023. It develops power-efficient CPUs that consume less power than the x86 CPUs produced by Intel and AMD. That makes Arm's chips well-suited for smartphones, tablets, Internet of Things (IoT) gadgets, connected vehicles, and even some notebook computers and servers. Its chip designs are now installed in approximately 99% of the world's smartphones, and most of its growth over the past few years has been fueled by its AI-optimized Armv9 designs. Arm's revenue rose 24% in fiscal 2025 (which ended this March), and analysts expect that figure to grow at a CAGR of 21% over the next three years. Its EPS, which surged 159% in fiscal 2025, is expected to grow at a CAGR of 41% through fiscal 2028. Arm originally only generated its revenue by licensing its designs to chipmakers like Qualcomm, MediaTek, and Apple instead of producing its own chips. But earlier this year, it announced that it would start developing its own first-party chips and outsource its production to Taiwan Semiconductor Manufacturing. That surprising move would boost Arm's operating expenses and turn it into a direct competitor for some of its top clients. But it could also undercut other Arm-based chips because it doesn't need to pay any royalties or licensing fees for its own designs. Its first-party brand recognition could also make it a more appealing option than third-party Arm-based chips for OEMs. Arm's stock certainly isn't cheap at 113 times this year's earnings, but it could be a great long-term play on the market's growing demand for more power-efficient AI chips. Before you buy stock in Credo Technology Group, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Credo Technology Group wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $656,825!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $865,550!* Now, it's worth noting Stock Advisor's total average return is 994% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 2, 2025 John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Leo Sun has positions in Amazon and Apple. The Motley Fool has positions in and recommends Advanced Micro Devices, Amazon, Apple, Intel, Microsoft, Nvidia, Qualcomm, Taiwan Semiconductor Manufacturing, and Tesla. The Motley Fool recommends the following options: long January 2026 $395 calls on Microsoft, short August 2025 $24 calls on Intel, and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. 2 AI Growth Stocks That Could Help Set You Up for Life was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
29 minutes ago
- Yahoo
Microsoft Keeps Hitting Record Highs. Analysts Think There's Still Room to Rise
Microsoft shares closed at a record high Thursday and are on track to do it again on Friday. Analysts this week highlighted the tech titan's strong position amid the AI revolution. The consensus price target for analysts tracked by Visible Alpha is about 12% higher than Microsoft's intraday (MSFT) shares are on pace to close at a second record high in as many days Friday, but analysts say there's still a lot of upside left on the table for the world's most valuable company. Bernstein this week raised its target to $540 from $520, arguing the company's partnership with OpenAI 'can generate huge potential revenue upside for Azure' by the end of the decade, according to CNBC. Wedbush meanwhile said Microsoft 'is currently in the driver's seat on the AI front,' in a note to clients. Microsoft's Intelligent Cloud segment, which includes the Azure cloud computing platform, delivered 21% revenue growth year-over-year last quarter, beating analysts expectations. Microsoft called for similar growth in the current quarter, which runs through June. Following the company's Microsoft Build event last month, Goldman Sachs analysts said the company could reach $300 billion in cloud revenue by 2029, compared to $135 billion in fiscal 2024. The bank raised its price target to $550 from $480. The consensus price target for Microsoft shares among analysts tracked by Visible Alpha is near $525, which implies 12% upside over Friday's intraday price of about $471 with all 19 analysts issuing a buy or equivalent rating. Microsoft has jockeyed with Nvidia (NVDA) this week for the title of the most valuable company in the world by market capitalization. Its valuation stood at a whopping $3.48 trillion Friday, with Nvidia just behind at $3.46 billion. Read the original article on Investopedia Sign in to access your portfolio
Yahoo
29 minutes ago
- Yahoo
Trump-Musk induced Tesla slide points to market risks from massive stocks
By Lewis Krauskopf NEW YORK (Reuters) -The rift between President Donald Trump and Tesla chief Elon Musk has captivated the world as a political drama, but it has also become a Wall Street spectacle, highlighting the risk to equity markets from the world's biggest stocks. Tesla shares slid 14% on Thursday as Musk and Trump feuded largely on social media, including the president threatening to cut off government contracts to Musk's companies. Although the stock modestly rebounded on Friday, Thursday's decline dragged down some of the most closely followed equity indexes, which are more heavily influenced by companies with the largest market values. Tesla's fall accounted for about half of Thursday's declines for both the S&P 500 and the Nasdaq 100, which fell 0.5% and 0.8% respectively, on the day. The S&P 500 is generally considered the benchmark for the U.S. stock market while the tech-heavy Nasdaq 100 is the basis for the Invesco QQQ Trust, one of the most popular exchange-traded funds. "It's a widely held stock," said Robert Pavlik, senior portfolio manager at Dakota Wealth. "When this big-name company that represents a sizable portion of the index sells off, it has an overall effect on the index, but it also has a psychological effect on investors." Tesla's decline points to the risk that many investors have long warned about, of indexes being heavily influenced by a handful of megacap stocks. Tesla is the smallest by market value of a group of massive tech and growth companies known as the "Magnificent Seven," which overall drove equity index gains in 2023 and 2024. The group has had a rockier 2025 so far, but more recently has been rebounding. The Magnificent Seven, which include Apple, Microsoft and Nvidia, had a combined weight of nearly one-third in the S&P 500 overall as of Thursday's close. "If you're an investor and you own the S&P or the Nasdaq 100 ... you just need to be aware that you own a lot of exposure to a very small cohort of names," said Todd Sohn, ETF and technical strategist at Strategas. Tesla's decline on Thursday knocked about $150 billion off its market value, while its weights in the S&P 500 and Nasdaq 100 stood at 1.6% and 2.6%, respectively. Tesla shares rebounded somewhat on Friday, up about 5% in mid-day trade, putting its market value around $970 billion. Microsoft and Nvidia, whose market values exceed $3 trillion, held weights of 6.9% and 6.8% in the S&P 500 as of Thursday. Tesla shares are down some 37% since mid-December, a period that has seen the S&P 500 fall about 1%, meaning its influence in the index has also declined over that time. The shares hold a broad influence among ETFs. Tesla has a varying presence in about 10% of the total universe of about 4,200 ETFs, according to Sohn. Those include the Consumer Discretionary Select Sector SPDR Fund, which sank 2.5% on Thursday, and the Roundhill Magnificent Seven ETF, which dropped 2.6%. "It's very important to know holistically what is in all your ETFs, because a lot of them are overlapping," Sohn said. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
