Euro Security logo white
ESET discovers critical vulnerability in Microsoft Windows

March 14, 2025

Cyber Security

Zero-day exploit allowed execution of malicious code

Researchers at the European IT security company ESET have discovered an extremely dangerous vulnerability (CVE-2025-24983) in older versions of Microsoft Windows. A weakness in the code allowed the execution of a zero-day exploit. Experts define a zero-day exploit as a malicious program that exploits unpatched security vulnerabilities. For a successful attack, the victim’s computer must already be infected with a backdoor. If compromised, hackers were given extensive access rights to the affected system. Microsoft closed the vulnerability as soon as it became known.

‘The vulnerability is related to improper memory utilisation during software operation,’ explains ESET researcher Filip Jurčacko, who discovered the zero-day exploit. ’On compromised computers, hackers could use this to execute their own code and cause devastating damage.’

These Windows versions were affected

Users of outdated Windows 10 versions were particularly at risk: the vulnerability exploited by the attack occurred in versions prior to Windows 10 Build 1809. This version is already several years old. Therefore, users with older computers that had not been updated for some time were most likely to be at risk. Users of Windows 8.1, which has not been supported for a long time, were also among the affected group.

Since the vulnerability also occurred in Windows Server 2016, it could also endanger companies. Microsoft will continue to provide security updates for the server operating system until January 2027.

Experts recommend switching to the latest operating system as soon as possible

The current vulnerability mainly affected older versions of Microsoft. But even users who are running the latest version of Windows 10 should switch to Windows 11 as soon as possible or look for alternative secure operating systems: free support for Windows 10 ends in October. This means that there will be no more free security updates. Users who do not subscribe to Microsoft’s paid Extended Update Service are at risk of falling victim to a cyber incident.

Microsoft provides a guide that offers users of affected systems helpful information about the vulnerability and the patch: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983

Related Articles

Mobile phone usage at Oktoberfest remains at record levels

Mobile phone usage at Oktoberfest remains at record levels

Sep 26, 2025

Over ten percent more data traffic than in the same period last year Virtually no dropped calls French visitors jump to third place in guest rankings The weather during the first week of Oktoberfest was cold and rainy. That didn't hurt cell phone usage. Compared to...

Free meals are the strongest motivator

Sep 26, 2025

According to a study by the University of South Florida, employees value fitness and health less Employees who have direct contact with customers, such as cashiers or salespeople, are more likely to be motivated by perks such as free meals and excursions than by free...

Share This