Thought Leadership
Researchers from IT security company ESET have uncovered a serious security vulnerability (CVE-2025-24983) in older versions of Windows. The vulnerability allowed hackers to execute malicious code on affected computers using a zero-day exploit.
However, such an attack was only possible if the target device was already infected with a backdoor. Microsoft closed the gap immediately.
“The vulnerability is related to improper memory usage during software operation,” explains Filip Jurčacko, the ESET researcher who discovered the exploit. “This allowed hackers to execute their own code on compromised computers and cause devastating damage.”
These Windows versions were affected
Users of outdated Windows 10 versions were particularly at risk, especially before build 1809. Windows 8.1, which has not been supported by Microsoft for some time, was also affected. As the vulnerability was also present in Windows Server 2016, companies could also be targeted by attackers.
Microsoft will continue to provide Windows Server 2016 with updates until January 2027, but the risk for users of insecure, unpatched systems remains high.
Experts advise switching quickly
To protect against future security vulnerabilities, IT experts recommend switching to an up-to-date operating system. Windows 10 users in particular should take action: Free support ends in October, after which there will be no more free security updates. Users who do not use Microsoft’s paid extended update service run the risk of falling victim to cyber attacks. Alternatively, users should consider switching to a more secure operating system.
Further information:
Microsoft provides a guide that provides users of affected systems with helpful information on the vulnerability and the patch.
(vp/ESET Deutschland GmbH)
