Microsoft has confirmed the active exploitation of three new zero-day exploits affecting Windows systems, amidst ongoing security concerns such as the end of support for Windows 10 and an increase in cyberattacks. These vulnerabilities are identified as CVE-2025-21335, CVE-2025-21333, and CVE-2025-21334, specifically targeting Hyper-V.
Microsoft confirms three zero-day exploits targeting Hyper-V
In its latest Patch Tuesday release, Microsoft detailed a substantial update addressing 159 vulnerabilities, including 12 critical issues and a total of eight zero-days, three of which are currently under active exploitation. Tyler Reguly, associate director of security research and development at Fortra, emphasized the need for administrators to reassess their security strategies in light of these vulnerabilities.
These vulnerabilities, affecting Microsoft Windows versions 10, 11, and Server 2025, are categorized as elevation of privileges issues. Kev Breen, senior director of threat research at Immersive Labs, noted that these exploits could allow attackers, who have already gained access through methods such as phishing, to escalate their privileges to SYSTEM level permissions on compromised devices.
Citrix SRA bug prevents Windows updates: Here’s how to fix it
Chris Goettl, vice president of security product management at Ivanti, affirmed that these vulnerabilities require critical prioritization due to their potential impact.
Mike Walters, president and co-founder of Action1, outlined the significant risks posed by these zero-day exploits for organizations using Hyper-V, which is integral to various systems, including data centers and cloud providers. The potential impacts include:
- Accessing and manipulating virtual machines on the host.
- Stealing sensitive data or credentials.
- Moving laterally within the network to target other systems.
- Disrupting critical services by modifying configurations or deploying malicious code.
Given the nature of these vulnerabilities, Walters recommended that Windows users prioritize applying the available security updates. He also advised organizations to enhance their security posture by restricting local access, enforcing strong authentication, and segmenting critical systems.
Featured image credit: Windows/Unsplash
