Cybersecurity firm ESET has announced that Microsoft has finally patched a long-standing security vulnerability in the Windows NT kernel subsystem, which had been actively exploited by hackers since March 2023. This flaw, initially reported by ESET researchers, was only addressed in this month’s Patch Tuesday.
Designated as CVE-2025-24983, the vulnerability has been assigned a severity score of 7.0 by Microsoft. The two-year delay in releasing a fix appears to be due to the perceived complexity of exploitation, though it remains unclear whether the remediation process itself was equally challenging, leading to the prolonged response time.
ESET first identified the vulnerability in March 2023 when the PipeMagic backdoor was observed leveraging the flaw to execute attacks on Windows 10 systems. Following this discovery, the researchers promptly reported the issue to Microsoft, which subsequently confirmed its existence. Microsoft’s threat intelligence team later acknowledged that the vulnerability had indeed been exploited by malicious actors.
#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in Windows Kernel to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines. 1/4 pic.twitter.com/qCOgYiltfs
— ESET Research (@ESETresearch) March 11, 2025
Exploiting this flaw enables attackers to escalate privileges from a low-level local account to system-level access, facilitating a range of malicious activities. However, Microsoft has stated that the exploitation process is complex and requires attackers to overcome multiple competitive conditions before successfully leveraging the vulnerability.
According to researchers, this flaw is classified as a “Use-after-Free” (UaF) vulnerability, which is linked to improper memory management during software execution. Such flaws can result in application crashes, execution of arbitrary code—including remote code execution—privilege escalation, or data corruption. The PipeMagic backdoor, which exploits this vulnerability, is capable of data exfiltration and enabling remote access to compromised devices.
Notably, this vulnerability does not affect newer operating systems such as Windows 11 and Windows Server 2019. Instead, the primary targets are older versions, including Windows 10 v1809 and Windows Server 2016, as well as legacy systems.
Relateed Posts:
- Microsoft Patch Tuesday (March 2025) Addresses 67 Vulnerabilities, Including Seven Zero-Day Flaws
- CVE-2025-26865: Apache OFBiz Vulnerability Could Lead to Remote Code Execution
