New Critical Microsoft Windows Warning As 3 Zero-Day Attacks Underway

As if Windows users hadn’t got enough to worry about when it comes to security issues, from the forthcoming ending of security support for Windows 10 to a surge in Russian cyberattacks now Microsoft has confirmed that a staggering three new zero-day exploits are being used in ongoing cyberattacks. Here’s what you need to know.

ForbesNew Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

All Windows Users Alerted To Three Zero-Day Attacks Already Underway

Microsoft has released the latest Patch Tuesday round-up of security patches, and this month, it’s a whopper: 159 vulnerabilities, 12 of which are critical and include no less than eight zero-days; three of which are already known to be under active exploitation according to Microsoft. “This is definitely one of those months where admins need to step back, take a deep breath, and determine their plan of attack,” Tyler Reguly, associate director of security research and development at Fortra, said.

Although, as is usually the case when actively exploited zero-day vulnerabilities are concerned, there is precious little technical information available about these exploits. The three vulnerabilities are classified as CVE-2025-21335, CVE-2025-21333 and CVE-2025-21334, impacting Hyper-V, which, as Kev Breen, senior director of threat research at Immersive Labs said, “is heavily embedded in modern Windows 11 operating systems and used for a range of security tasks including device guard and credential guard.” These are listed as elevation of privileges issues, “meaning that if an attacker has already gained access to a host through something like a phishing attack, they could use these vulnerabilities to gain SYSTEM level permissions on the infected device.” With such techniques often observed being used by nation-state and ransomware operators, Breen warned these should be at the top of the list for patching this month.

Chris Goettl, vice president of security product management at Ivanti., said that the vulnerabilities affect Microsoft Windows versions 10, 11, and Server 2025 and “risk-based prioritization warrants treating these vulnerabilities as Critical.”

I have reached out to Microsoft for a statement.

ForbesNew Gmail Cyber Attack— Encryption Key Crypto Hackers Strike

The Potential Impacts Of Windows Zero-Day Trio

Mike Walters, president and co-founder of Action1, warned of the potential impact of these zero-day exploits for Windows users, explaining that organizations relying on Hyper-V, including data centers, cloud providers, enterprise IT environments and development platforms are at risk. These potential impacts include, Walters said:

  • Accessing and manipulating virtual machines on the host.
  • Stealing sensitive data or credentials.
  • Moving laterally within the network to target other systems.
  • Disrupting critical services by modifying configurations or deploying malicious code.

All of this means that Windows users should treat this month’s Patch Tuesday as seriously as any other, if not more so, given the nature of these zero-day exploits. Given the ongoing exploitation, Walters recommended that applying the available security update should be a priority. Organizations should also strengthen their security posture, Walters concluded, “restrict local access, enforce strong authentication and segment critical systems,” he said.

ForbesNew PayPal Security Warning—$2,000 ‘Phish-Free’ Attacks Ongoing

Scroll to Top