Microsoft patches an ‘extraordinary’ number of zero-day security vulnerabilities

Luke Larsen / Digital Trends

Today is a good day to make sure your Windows 10 and 11 machines are up to date, as Microsoft has released a hefty new security update for a number of zero-day vulnerabilities. The patch, part of Microsoft’s Patch Tuesday update, contains fixes for Windows Server as well and include patches for six vulnerabilities which have already been exploited plus six more critical issues.

The new update addresses security issues of a hefty seven zero-days, including flaws which can enable remote code execution, in which an attacker can run code on the victim’s system. One of these vulnerabilities requires the attacker to first trick a local user into taking some specific actions like mounting a malicious virtual hard disk image, and has already been taken advantage of my some hackers. This vulnerability, CVE-2025-24993, is marked as a severity 7.8 by Microsoft so it’s important to patch to protect against it.

As described by The Register, another vulnerability, CVE-2025-24991, also makes use of virtual hard disk images and can enable attackers to access data, and a similar vulnerability, CVE-2025-24984, can allow attackers to insert information into a log file. Three more already exploited flaws are included in the patch too, plus six further critical flaws.

Seeing this number of bugs in Windows which are already being exploited out in the wild is “extraordinary”, according to the Zero Day Initiative, which advises system admins to act fast to protect their systems from these issues. It also states that a Microsoft Management Console Security Feature Bypass Vulnerability, CVE-2025-26633, has already impacted more than 600 organizations, advising admins to “test and deploy this fix quickly to ensure your org isn’t added to the list.”

In addition to the Windows patches from Microsoft, Adobe also released patches for bugs in its Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer programs, as part of Patch Tuesday. None of these bugs are currently being exploited but it’s still a good idea to make sure your software is up to date.

Please enable Javascript to view this content

Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…

Windows may have a serious security problem on its hands

The premier sensors enabling Windows Hello fingerprint authentication are not as secure as manufacturers had hoped. Researchers have discovered security flaws in a number of fingerprint sensors used in several laptops that work with the Windows Hello authentication feature.

Security researchers at Blackwing Intelligence have uncovered that laptops made by Dell, Lenovo, and Microsoft can have their Windows Hello fingerprint authentication bypassed easily due to vulnerabilities in the sensors that can cause them to be taken over by bad actors at the system level.

Is macOS more secure than Windows? This malware report has the answer

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation — and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Apple’s security trumps Microsoft and Twitter’s, say feds

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.