Microsoft confirms three Windows zero-day attacks are underway.
As if Windows users didn’t have enough to worry about when it comes to security issues, from the upcoming end of security support for Windows 10 to an increase in Russian cyberattacks, now Microsoft has confirmed that they are three surprising new zero-day exploits. used in ongoing cyber attacks. Here’s what you need to know.
All Windows users have been warned about three zero-day attacks that are already underway
Microsoft has released its latest Patch Tuesday roundup of security patches, and this month, it’s a big one: 159 vulnerabilities, 12 of which are critical and include no less than eight zero days; three of which are already known to be in active use according to Microsoft. “This is definitely one of those months where administrators need to step back, take a deep breath and define their plan of attack,” said Tyler Reguly, associate director of security research and development at Fortra.
Although, as is usually the case with actively exploited zero-day vulnerabilities, there is precious little technical information available about these exploits. The three vulnerabilities are classified as CVE-2025-21335, CVE-2025-21333, and CVE-2025-21334, affecting Hyper-V, which, as Kev Breen, senior director of threat research at Immersive Labs, said, ” is heavily embedded in modern Windows 11 operating systems and is used for a variety of security tasks, including device protection and guarding credentials.” These are listed as elevation of privilege issues, “meaning that if an attacker has already gained access to a host through something like a phishing attack, they can use these vulnerabilities to gain SYSTEM-level permissions on infected device”. With such techniques often seen being used by nation-state and ransomware operators, Breen warned that these should be at the top of the list for remediation this month.
Chris Goettl, vice president of security product management at Ivanti, said the vulnerabilities affect versions of Microsoft Windows 10, 11 and Server 2025, and “risk-based prioritization warrants treating these vulnerabilities as critical.”
I’ve reached out to Microsoft for a statement.
Potential impacts of the Windows Zero-Day Trio
Mike Walters, president and co-founder of Action1, warned of the potential impact of these zero-day exploits on Windows users, explaining that organizations that rely on Hyper-V, including data centers, cloud providers, IT environments of enterprises and development platforms are at risk. Those potential impacts include, Walters said:
- Accessing and manipulating virtual machines on the host.
- Theft of sensitive data or credentials.
- Lateral movement within the network to target other systems.
- Disruption of critical services by modifying configurations or deploying malicious code.
All of this means that Windows users should take this month’s Patch Tuesday as seriously as any other, if not more so, given the nature of these zero-day exploits. Given the continued exploitation, Walters recommended that applying the available security update should be a priority. Organizations must also strengthen their security posture, Walters concluded, “restrict local access, implement strong authentication and segment critical systems,” he said.
