Critical Windows Vulnerabilities Uncovered Amid Patch Day

Recent reports indicate that attackers are actively targeting Windows 10, Windows 11, and various server versions. The extent of these attacks is currently unclear, prompting administrators to ensure that Windows Update is enabled and systems are up to date.

Microsoft has released essential security updates through Windows Update for several services, including Azure, BitLocker, and Kerberos. However, updates for Windows 10 are notably absent. A significant vulnerability identified as CVE-2025-29824, categorized as 'high,' affects the file system driver. Details about this vulnerability are limited, but it appears that locally authenticated attackers can gain system-level rights. This vulnerability, described as a use-after-free memory error, suggests that attackers could exploit it through specific inputs.

Once a successful breach occurs, attackers may execute malicious code, potentially compromising entire systems. Microsoft has stated that security patches for 32-bit and 64-bit versions of Windows 10 are currently not available, with no timeline provided for their release.

Additional threats have been identified, with several vulnerabilities classified as 'critical.' These include issues affecting Excel (CVE-2025-27752), Hyper-V (CVE-2025-27491), and Windows Remote Desktop Services (CVE-2025-27480), all rated as 'high.' In the case of the Remote Desktop vulnerability, attackers only need to connect to a vulnerable system via RDP and trigger a race condition to deploy malicious code.

Updates for Hyper-V on Windows 10 are expected to be released at a later date. Furthermore, patches are also available for Office, SharePoint, and Windows Defender, where attackers could potentially gain unauthorized access to information, trigger denial-of-service conditions, or elevate their user privileges. Microsoft provides detailed information on these vulnerabilities in their Security Update Guide.