Ddos 
Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits, platform-specific weaknesses, and mismanaged updates. With over 9,700 vulnerabilities reported in the first quarter alone, the landscape remains fraught with dangers for both organizations and consumers.
“We are seeing increasing rates of attacks targeting older operating system versions,” Kaspersky states. “This is mainly driven by two factors: users not installing updates promptly, and the ongoing rollout of new OS versions that include improved protections.”
Linux vulnerabilities continue to be rooted in fundamental coding errors. According to the report, CWE-476 (Null Pointer Dereference), CWE-416 (Use After Free), and CWE-125 (Out-of-Bounds Read) topped the Linux kernel charts. These vulnerabilities are difficult to exploit due to protective measures like Kernel Address Space Layout Randomization (KASLR), but they remain critical if weaponized.
“Exploiting vulnerabilities in these CWEs often demands complex read-and-write capabilities from attackers,” Kaspersky explains.
On the Windows front, vulnerabilities in Microsoft Office remain a primary attack vector. Notably, CVE-2017-11882 and CVE-2018-0802—both tied to the aging Equation Editor component—are still actively exploited.
“Even though office suite applications are now widely available as cloud services, vulnerable local versions remain popular with users.”
Recent flaws like CVE-2024-35250, affecting the ks.sys driver, and CVE-2023-38831 in WinRAR also featured heavily, underscoring the enduring risk of privilege escalation exploits.
The report also tracked vulnerabilities exploited by advanced persistent threat (APT) actors in Q1. Among the most abused were:
- CVE-2025-0282 / 0283 / 21887 – all affecting Ivanti Connect Secure
- CVE-2024-3400 – impacting Palo Alto Networks PAN-OS
- CVE-2023-48788 – tied to Fortinet products
“Most attacker techniques are designed to gain access to the victim’s local network. As a result, the most commonly targeted vulnerabilities are typically found in perimeter devices.”
Two especially dangerous vulnerabilities highlighted in the report include:
- ZDI-CAN-25373: A zero-day in Windows LNK file rendering. “Attackers add extra characters… followed by malicious commands that can compromise the system.”
- CVE-2025-21333: A buffer overflow in the Hyper-V driver vkrnlintvsp.sys, exploitable even within Windows Sandbox, allowing “arbitrary read/write operations” and sandbox escape.
Another sneaky flaw, CVE-2025-24071, involves NTLM hash leakage via .library-ms files. When indexed, Windows initiates background authentication, inadvertently revealing NetNTLM hashes to attackers.
While zero-days steal headlines, the real threat often comes from delay: unpatched systems, ignored updates, and under-resourced patch management programs.
“The number of vulnerabilities registered in the first quarter of 2025 might appear misleading,” the report warns. “Security research findings or vulnerability descriptions are sometimes published well after the vulnerabilities are initially discovered.”
Kaspersky recommends organizations adopt continuous infrastructure monitoring, automated patch management, and robust endpoint protection solutions.
Related Posts:
- Meta’s Q1 2025 Report: Dismantling Covert Influence Campaigns from China, Iran, and Romania
- Alphabet Q1 2025: Revenue Surges, Gemini 2.5 Launched
- NVIDIA Q1 Revenue Soars to $44.1 Billion Amid AI Boom, Blackwell Adoption
- Critical Array Networks Vulnerability Added to KEV Catalog
- Microsoft Deprecates Aging VPN Protocols PPTP and L2TP in Future Windows Server Versions
Donate