5min-read

Breaking Science, Not Your Brain

5min-read

Breaking Science, Not Your Brain

Microsoft Confirms Windows 12 Zero-Day Exploit Under Active Attack, Urges Immediate Patch

3 mins0
Windows 12 zero-day exploit.png

July 21, 2025, Redmond, WA Microsoft has confirmed a critical zero-day vulnerability in Windows 12 that is actively being exploited by attackers. The exploit allows remote code execution through a flaw in the Windows Kernel Driver subsystem. A patch has been issued and users are strongly advised to update immediately.

Cybersecurity researchers at Mandiant and Microsoft’s own Threat Intelligence Center (MSTIC) discovered the flaw being used in targeted attacks on corporate networks across North America and Europe.

Exploit Details

  • CVE ID: CVE-2025-38102
  • Risk: Critical (CVSS 9.8)
  • Impact: Allows attackers to gain SYSTEM-level access remotely
  • Affected versions: Windows 12 Pro, Enterprise, and Education (builds 12.0.11800–12.0.12209)

The exploit bypasses memory protections and allows payload delivery through malicious .LNK files or crafted SMB packets.

Patch Status

Microsoft released an emergency security update (KB5029061) early this morning through Windows Update and the Microsoft Security Response Center (MSRC). The patch is also available for offline systems via the Microsoft Update Catalog.

Microsoft Defender and Defender for Endpoint have been updated with detection signatures to block known exploit methods.

Who Is at Risk

Enterprise users and government agencies running Windows 12 without the July cumulative update are most at risk. According to Microsoft, several multinational firms have reported attempted intrusions within the last 48 hours.

Security experts say the vulnerability is being used to move laterally within networks, suggesting the involvement of advanced persistent threat (APT) groups.

Conclusion

This zero-day vulnerability in Windows 12 highlights the need for rapid patching and proactive endpoint security. Microsoft recommends all users check for updates immediately and monitor systems for signs of intrusion. Cybersecurity professionals also advise disabling remote desktop services where not needed and increasing audit logging.

Sources: Microsoft Security Update Guide, BleepingComputer, The Verge

5min-read.in

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles