Researchers at ESET have discovered a critical security vulnerability (CVE-2025-24983) affecting older versions of Windows, allowing hackers to execute malicious code on compromised systems through a zero-day exploit. This type of attack requires that the target device is already infected with a backdoor, ultimately raising significant security concerns.
ESET researcher Filip Jurčacko explained that the flaw arises from improper memory usage during software operation, enabling attackers to run their code and potentially inflict extensive damage. The affected systems include outdated versions of Windows 10, particularly those before build 1809, as well as Windows 8.1 and Windows Server 2016, which is still receiving updates until January 2027.
In light of the potential risks, IT experts are urging users, especially those with Windows 10, to upgrade to newer operating systems. Free support for Windows 10 is set to end in October, which means no more free security updates will be available. Users who do not opt for Microsoft’s paid extended update service will be at an increased risk of cyberattacks.
For further information and guidance on the vulnerability and the Mitigation patch, Microsoft has provided a detailed guide.
Related links: