Detections
Analytics

CVE-2025-24983

high

Description

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)

Published: 2025-03-11

Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.

References

https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate

https://www.bleepingcomputer.com/news/security/encrypthub-linked-to-zero-day-attacks-targeting-windows-systems/

https://www.securityweek.com/newly-patched-windows-zero-day-exploited-for-two-years/

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-kernel-zero-day-exploited-since-2023/

https://x.com/ESETresearch/status/1899508656258875756

https://www.tenable.com/blog/microsofts-march-2025-patch-tuesday-addresses-56-cves-cve-2025-26633-cve-2025-24983

https://www.securityweek.com/patch-tuesday-microsoft-patches-57-flaws-flags-six-active-zero-days/

https://www.crn.com/news/security/2025/microsoft-discloses-extraordinary-number-of-actively-exploited-vulnerabilities-researcher

https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog

https://cyberscoop.com/microsoft-patch-tuesday-march-2025/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983

Details

Source: Mitre, NVD

Published: 2025-03-11

Updated: 2025-03-13

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High