![[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLbNLee9VlpBpNmlxQSBF7IHwrQajzAJWYjhcHTIVVqzroGXrpk_x9Sbbua1Xi-QtO9jbcX1canKTWWzfaOshSarJol1Ude7LNQMeV5B2x71gaXxWg_cjEJ3bPuuoyyyMLgWB9hCtZ1PV5j3QOGByinGCAETqul2WWz-mVYiuERYWPVu7ob8lSckM-ocw/s1600/soc.jpg?#)
![[The AI Show Episode 147]: OpenAI Abandons For-Profit Plan, AI College Cheating Epidemic, Apple Says AI Will Replace Search Engines & HubSpot’s AI-First Scorecard](https://www.marketingaiinstitute.com/hubfs/ep%20147%20cover.png)
![How to Enable Remote Access on Windows 10 [Allow RDP]](https://bigdataanalyticsnews.com/wp-content/uploads/2025/05/remote-access-windows.jpg)
![Artist Shocked To Find Her Poster Designs From 2017 In Bungie's Marathon: 'A Major Company Has Deemed It Easier To Pay A Designer To Imitate Or Steal My Work Than To Write Me An Email' [Update]](https://i.kinja-img.com/image/upload/c_fill,h_675,pg_1,q_80,w_1200/4ce7afff77473c3cccca9cc349c42790.jpg)
-Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple using sketchy warning for apps bought using third-party payment systems [Updated]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/Apple-using-scary-looking-warning-for-apps-bought-using-third-party-payment-systems.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Sony WH-1000XM6 Unveiled With Smarter Noise Canceling and Studio-Tuned Sound [Video]](https://www.iclarified.com/images/news/97341/97341/97341-640.jpg)
![Watch Aston Martin and Top Gear Show Off Apple CarPlay Ultra [Video]](https://www.iclarified.com/images/news/97336/97336/97336-640.jpg)
![Apple Slaps Warnings on Apps Using External Purchases in the EU [Updated]](https://images.macrumors.com/t/Zy0e-JLM0fNyngEYaXu5rMH1lJk=/1920x/article-new/2025/05/app-store-external-payments-warning.jpg)
CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities
CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities, which affect core Windows components, have been flagged as critical attack vectors and require immediate attention from organizations and users worldwide. Five Windows Zero-Days […] The post CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities appeared first on Cyber Security News.
CISA has issued an urgent alert after adding five new Microsoft Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities, which affect core Windows components, have been flagged as critical attack vectors and require immediate attention from organizations and users worldwide.
Five Windows Zero-Days
The five vulnerabilities, all patched by Microsoft in its May 2025 Patch Tuesday update, are:
- CVE-2025-30400: A use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library. Successful exploitation allows an attacker to elevate privileges locally, potentially gaining SYSTEM-level access.
- CVE-2025-32701: A use-after-free flaw in the Windows Common Log File System (CLFS) driver, enabling local privilege escalation to SYSTEM.
- CVE-2025-32706: A heap-based buffer overflow in the CLFS driver, also facilitating local privilege escalation.
- CVE-2025-30397: A type confusion vulnerability in the Microsoft Windows Scripting Engine. This remote code execution flaw can be triggered via a specially crafted URL, allowing attackers to execute arbitrary code over a network if a user is lured to a malicious site.
- CVE-2025-32709: A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock, which lets an attacker escalate privileges to administrator.
All five vulnerabilities have been observed under active exploitation, though there is currently no public evidence linking them to specific ransomware campaigns.
Security experts warn that these vulnerabilities pose a significant risk to both government and private sector organizations, as they allow attackers to escalate privileges or execute code remotely.
The vulnerabilities impact all supported versions of Windows, and exploitation could lead to full system compromise, data theft, malware installation, and lateral movement across networks.
CISA’s inclusion of these flaws in the KEV catalog triggers a mandate for U.S. federal agencies to apply Microsoft’s security patches by June 3, 2025.
However, CISA strongly urges all organizations, not just federal entities, to prioritize patching as part of their vulnerability management practices. The agency emphasizes that timely remediation is critical, as attackers often move quickly to exploit newly disclosed flaws.
CISA and Microsoft advise all organizations and users to:
- Apply the latest security updates from Microsoft immediately.
- Follow vendor-specific mitigation instructions if patches cannot be applied.
- Review and implement guidance under Binding Operational Directive (BOD) 22-01 for cloud services.
- Discontinue use of affected products if mitigations are unavailable.
This wave of zero-day exploitation highlights the persistent threat facing Windows environments. Security professionals caution that attackers, including ransomware affiliates, are likely to continue targeting privilege escalation and remote code execution flaws for initial access and lateral movement.
As exploitation is ongoing, organizations are urged to act swiftly to minimize exposure and protect critical systems from compromise.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
The post CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities appeared first on Cyber Security News.
