Microsoft has confirmed that three new zero-day exploits are actively being used in cyberattacks, adding further challenges to Windows users’ security. These vulnerabilities are part of a larger security update released during the latest Patch Tuesday, which addresses 159 total vulnerabilities. Among these, 12 are critical, and eight are zero-day vulnerabilities, with three already known to be actively exploited. The affected vulnerabilities, identified as CVE-2025-21335, CVE-2025-21333, and CVE-2025-21334, target Hyper-V, a crucial technology embedded in modern Windows 11 systems.
These vulnerabilities are classified as “privilege escalation” flaws, meaning attackers who have already gained some level of access to a system—likely through methods such as phishing—can exploit these weaknesses to gain full SYSTEM-level control over the infected device. This enables attackers to perform a wide range of malicious activities. These types of attacks are often used by nation-state actors and ransomware groups, making it essential for users to act quickly and patch these vulnerabilities.
The affected vulnerabilities impact several versions of Windows, including Windows 10, 11, and Server 2025. Security experts like Chris Goettl from Ivanti stress the importance of treating these vulnerabilities as critical, particularly because the exploitation of these flaws could have severe consequences for both individual users and large organizations. Environments that rely on Hyper-V, such as data centers, cloud providers, and enterprise IT infrastructures, are especially vulnerable to these threats.
The potential impact of these zero-day exploits is significant. Mike Walters from Action1 noted that attackers could gain the ability to manipulate virtual machines, steal sensitive data or credentials, move laterally across networks to target other systems, and disrupt critical services. These risks pose a serious threat to organizations that rely on virtualized infrastructures for their operations, potentially leading to data breaches and system outages.
Given the ongoing exploitation of these vulnerabilities, security experts are urging Windows users to prioritize applying the latest security patches. Walters further recommends strengthening security measures by restricting local access, enforcing strong authentication, and segmenting critical systems. With active exploitation underway, it’s crucial for organizations and individuals to address these vulnerabilities immediately to prevent further damage.