Microsoft has released security updates for 57 vulnerabilities, including six actively exploited zero-day flaws. Among these, 23 are remote code execution vulnerabilities, and 22 relate to privilege escalation. The zero-days include issues in Windows NTFS, Win32 Kernel Subsystem, Microsoft Management Console (MMC), and the Fast FAT File System Driver. One of the exploits, CVE-2025-24983, was delivered via the PipeMagic backdoor, which has been linked to cyberattacks in Asia and Saudi Arabia. The flaws allow attackers to execute code, disclose information, and bypass security protections. Some of these vulnerabilities can be exploited using malicious VHD files. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch them by April 1, 2025. Other vendors, including Apple, Google, Cisco, VMware, and AMD, have also issued security patches.

‍