Microsoft has addressed a privilege escalation vulnerability in the Win23k driver, which has been exploited since 2023. This issue is one of six zero-day vulnerabilities patched in Microsoft’s March update cycle. While none of these flaws are deemed critical according to Microsoft’s ranking system, they pose significant risks, especially because one is associated with a backdoor called PipeMagic.
The vulnerability, identified as CVE-2025-24983, is a use-after-free memory corruption error in the Win32 kernel subsystem that allows malicious actors to gain elevated privileges. Researchers from ESET reported this flaw, indicating its exploitation began earlier this year when PipeMagic malware was used to attack affected systems, particularly those running Windows 8.1 and Server 2012 R2.
PipeMagic, a plugin-based malware discovered in 2022, has primarily targeted organizations in Asia and, more recently, entities in Saudi Arabia through a fake ChatGPT application developed in Rust. The flaw affects operating systems prior to Windows 10 build 1809, including Windows Server 2016, but does not impact newer versions such as Windows 11.
Additionally, other zero-day vulnerabilities addressed in this patch cycle relate to the Windows NT File System (NTFS) driver. For example, CVE-2025-24993 can lead to remote code execution if a user mounts a specially crafted virtual hard disk (VHD). Another vulnerability, CVE-2025-24985, involves a similar threat from a malicious VHD targeting the FAT file system driver.
ESET highlighted two more NTFS-related vulnerabilities that could result in information disclosure: one via VHDs (CVE-2025-24991) and another through USB devices connected to the computer (CVE-2025-24984).
Microsoft also addressed a security feature bypass vulnerability in the Microsoft Management Console (CVE-2025-26633), which requires user interaction to be exploited. Furthermore, another use-after-free flaw (CVE-2025-26630) in Microsoft Access can enable remote code execution through malicious files.
In total, Microsoft fixed 57 vulnerabilities in March’s update, including six linked to in-the-wild exploitation. While the majority are not rated critical, IT administrators are advised to prioritize these patches promptly.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
