Euro Security logo white
ESET discovers critical vulnerability in Microsoft Windows

March 14, 2025

Cyber Security

Zero-day exploit allowed execution of malicious code

Researchers at the European IT security company ESET have discovered an extremely dangerous vulnerability (CVE-2025-24983) in older versions of Microsoft Windows. A weakness in the code allowed the execution of a zero-day exploit. Experts define a zero-day exploit as a malicious program that exploits unpatched security vulnerabilities. For a successful attack, the victim’s computer must already be infected with a backdoor. If compromised, hackers were given extensive access rights to the affected system. Microsoft closed the vulnerability as soon as it became known.

‘The vulnerability is related to improper memory utilisation during software operation,’ explains ESET researcher Filip Jurčacko, who discovered the zero-day exploit. ’On compromised computers, hackers could use this to execute their own code and cause devastating damage.’

These Windows versions were affected

Users of outdated Windows 10 versions were particularly at risk: the vulnerability exploited by the attack occurred in versions prior to Windows 10 Build 1809. This version is already several years old. Therefore, users with older computers that had not been updated for some time were most likely to be at risk. Users of Windows 8.1, which has not been supported for a long time, were also among the affected group.

Since the vulnerability also occurred in Windows Server 2016, it could also endanger companies. Microsoft will continue to provide security updates for the server operating system until January 2027.

Experts recommend switching to the latest operating system as soon as possible

The current vulnerability mainly affected older versions of Microsoft. But even users who are running the latest version of Windows 10 should switch to Windows 11 as soon as possible or look for alternative secure operating systems: free support for Windows 10 ends in October. This means that there will be no more free security updates. Users who do not subscribe to Microsoft’s paid Extended Update Service are at risk of falling victim to a cyber incident.

Microsoft provides a guide that offers users of affected systems helpful information about the vulnerability and the patch: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983

Related Articles

Commentary: BERLIN – Known risks, familiar words, familiar failures

Jan 7, 2026

The power outage in Berlin since 3 January 2026 is extraordinary in its scale, but remarkably familiar in its causes and political consequences. Five damaged high-voltage cables, tens of thousands of households without electricity and heating, restrictions on mobile...

Commentary: Hesse’s clear stance against left-wing extremism

Jan 7, 2026

In his statement, Hesse's Interior Minister Roman Poseck paints a deliberately clear picture of left-wing extremism as a threat to security. The core of his position is clear: left-wing extremism is not understood as a marginal phenomenon or merely a side issue of...

Positive safety record at Bavaria’s Christmas markets

Jan 4, 2026

Successful protection concepts combining presence, prevention and cooperation At the end of the 2025 Christmas market season, the Bavarian State Ministry of the Interior reports a thoroughly positive safety record. Home Secretary Joachim Herrmann spoke of...

Share This