A critical vulnerability in Microsoft products allows remote attackers to execute arbitrary code without authentication. Patch immediately.
Microsoft has confirmed active exploitation of CVE-2025-38437, a critical remote code execution vulnerability. Attackers can gain full system control without user interaction or authentication. This poses significant risk to enterprise networks and individual systems.
Affected products include Windows 11 versions 22H2 and 23H2, Windows Server 2022, and Microsoft Office 2019/2021 suites. Systems without the May 2024 security updates are vulnerable. The flaw resides in the Windows Kernel transaction manager component. Improper memory handling allows attackers to bypass security mechanisms.
The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical) with attack vector AV:N (Network), complexity AC:L (Low), and impact scores of C:H/I:H/A:H. Successful exploitation enables complete system compromise, data theft, and lateral movement across networks.
Mitigation requires immediate action:
- Apply Microsoft's security update KB5037771 via Windows Update
- Verify installation in Settings > Update & Security > Windows Update > Update History
- Block TCP port 445 at network perimeter as temporary workaround
The patch was released on May 14, 2024. Microsoft's Security Update Guide contains technical details here. Security teams should prioritize patching within 24 hours due to active exploitation. Unpatched systems are vulnerable to ransomware and advanced persistent threats.
Comments
Please log in or register to join the discussion