Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft patches an ‘extraordinary’ number of zero-day security vulnerabilities

By
The Surface Pro 11 on a white table in front of a window.
Luke Larsen / Digital Trends

Today is a good day to make sure your Windows 10 and 11 machines are up to date, as Microsoft has released a hefty new security update for a number of zero-day vulnerabilities. The patch, part of Microsoft’s Patch Tuesday update, contains fixes for Windows Server as well and include patches for six vulnerabilities which have already been exploited plus six more critical issues.

The new update addresses security issues of a hefty seven zero-days, including flaws which can enable remote code execution, in which an attacker can run code on the victim’s system. One of these vulnerabilities requires the attacker to first trick a local user into taking some specific actions like mounting a malicious virtual hard disk image, and has already been taken advantage of my some hackers. This vulnerability, CVE-2025-24993, is marked as a severity 7.8 by Microsoft so it’s important to patch to protect against it.

Recommended Videos

As described by The Register, another vulnerability, CVE-2025-24991, also makes use of virtual hard disk images and can enable attackers to access data, and a similar vulnerability, CVE-2025-24984, can allow attackers to insert information into a log file. Three more already exploited flaws are included in the patch too, plus six further critical flaws.

Seeing this number of bugs in Windows which are already being exploited out in the wild is “extraordinary”, according to the Zero Day Initiative, which advises system admins to act fast to protect their systems from these issues. It also states that a Microsoft Management Console Security Feature Bypass Vulnerability, CVE-2025-26633, has already impacted more than 600 organizations, advising admins to “test and deploy this fix quickly to ensure your org isn’t added to the list.”

In addition to the Windows patches from Microsoft, Adobe also released patches for bugs in its Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer programs, as part of Patch Tuesday. None of these bugs are currently being exploited but it’s still a good idea to make sure your software is up to date.

Editors’ Recommendations

Topics
Georgina Torbet
Georgina Torbet
Space Writer
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Is macOS more secure than Windows? This malware report has the answer
A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more
It’s not just you — Microsoft admits its patches broke OneDrive
Microsoft OneDrive files can sync between a PC and a phone.

If you’ve been experiencing OneDrive crashes and error messages, before digging too deep for a solution, note that it might be Microsoft’s fault. Common solutions like restarting, or signing out and back in won’t help because the issue is with the latest Windows 10 update.

Apparently, the problem begins after installing the 22H2 update for Windows 10 that was released on October 18, 2022. Today, Microsoft confirmed that after updating Windows 10, OneDrive might “unexpectedly close,” a nice way to describe a crash. This problem isn’t affecting Windows 11 computers and it’s still possible to use OneDrive via a browser.

Read more