ESET, a Slovak cybersecurity company, has reported that a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. The vulnerability, now tracked as CVE-2025-24983, was reported to Microsoft by ESET researcher Filip Jurčacko and was addressed in this month’s Patch Tuesday security updates, as reported by Bleeping Computer.
The problem is a use-after-free error that lets attackers with low privileges gain system privileges without needing any action from the user. Microsoft has classified these attacks as high complexity.
This vulnerability affects older Windows versions like Windows Server 2012 R2 and Windows 8.1, which Microsoft no longer supports. It also impacts newer systems, including Windows Server 2016 and Windows 10 with build 1809 or earlier. The issue starts from improper memory usage during software operation, which can lead to crashes, malicious code execution, privilege escalation, or data corruption.
Kaspersky discovered the PipeMagic backdoor in 2022. This backdoor can steal sensitive information, give attackers full remote access to infected devices, and allow them to add more malicious software to move within networks. In 2023, Kaspersky saw this backdoor being used in Nokoyawa ransomware attacks. The attackers exploited a new Windows vulnerability known as CVE-2023-28252.
Microsoft also patched five other zero-day vulnerabilities during the March 2025 Patch Tuesday updates.
CISA has urged all organizations to prioritize patching these vulnerabilities to reduce exposure to cyberattacks. The agency highlighted that these vulnerabilities are common ways for attackers to strike and pose risks to organizations around the world.