Microsoft warns attackers can remotely execute malicious code on unpatched Windows systems.
Microsoft confirmed a critical vulnerability in Windows operating systems. Designated CVE-2025-38425, this flaw enables remote code execution. Attackers could gain full control of affected systems without authentication.
Affected versions include Windows 10 versions 21H2 and 22H2, Windows 11 versions 21H2 through 23H2, and Windows Server 2022. The vulnerability resides in the Windows TCP/IP stack. Malicious actors exploit it by sending specially crafted network packets to exposed systems.
Microsoft assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates network-based attacks requiring low complexity, no privileges, and no user interaction. Successful compromise allows complete system access.
Mitigation requires immediate patching. Microsoft released security updates on May 14, 2025 through Windows Update and WSUS. Enterprise administrators should prioritize deploying KB5034449 or later. Unpatchable systems need TCP port 445 blocking at network boundaries.
Evidence suggests active exploitation attempts began May 10. Microsoft's advisory contains technical details and update guidance. Organizations should audit external-facing Windows systems immediately.
Reference: Microsoft Security Update Guide
Comments
Please log in or register to join the discussion