Vulnerabilities

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.

Microsoft vulnerability

Microsoft warned Tuesday of six actively exploited Windows security defects, highlighting ongoing struggles with zero-day attacks across its flagship operating system.

Redmond’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and raised eyebrows when it marked a half-dozen flaws in the actively exploited category.

Here’s the raw data on the six newly patched zero-days:

CVE-2024-38178 — A memory corruption vulnerability in the Windows Scripting Engine allows remote code execution attacks if an authenticated client is tricked into clicking a link in order for an unauthenticated attacker to initiate remote code execution. According to Microsoft, successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.  CVSS 7.5/10.

This zero-day was reported by Ahn Lab and the South Korea’s National Cyber Security Center, suggesting it was used in a nation-state APT compromise. Microsoft did not release IOCs (indicators of compromise) or any other data to help defenders hunt for signs of infections.  

CVE-2024-38189 — A remote code execution flaw in Microsoft Project is being exploited via maliciously rigged Microsoft Office Project files on a system where the ‘Block macros from running in Office files from the Internet policy’ is disabled and ‘VBA Macro Notification Settings’ are not enabled allowing the attacker to perform remote code execution. CVSS 8.8/10.

Advertisement. Scroll to continue reading.

CVE-2024-38107 — A privilege escalation flaw in the Windows Power Dependency Coordinator is rated “important” with a CVSS severity score of 7.8/10. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said, without providing any IOCs or additional exploit telemetry.

CVE-2024-38106 – Exploitation has been detected targeting this Windows kernel elevation of privilege flaw that carries a CVSS severity score of 7.0/10. “Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”  This zero-day was reported anonymously to Microsoft.

CVE-2024-38213 — Microsoft describes this as a Windows Mark of the Web security feature bypass being exploited in active attacks. “An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.”  

CVE-2024-38193 –  An elevation of privilege security defect in the Windows Ancillary Function Driver for WinSock is being exploited in the wild. Technical details and IOCs are not available.  “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said.

Microsoft also urged Windows sysadmins to pay urgent attention to a batch of critical-severity issues that expose users to remote code execution, privilege escalation, cross-site scripting and security feature bypass attacks.

These include a major flaw in the Windows Reliable Multicast Transport Driver (RMCAST) that brings remote code execution risks (CVSS 9.8/10); a severe Windows TCP/IP remote code execution flaw with a CVSS severity score of 9.8/10; two separate remote code execution issues in Windows Network Virtualization; and an information disclosure issue in the Azure Health Bot (CVSS 9.1).

Related: Windows Update Flaws Allow Undetectable Downgrade Attacks

Related: Adobe Calls Attention to Massive Batch of Code Execution Flaws

Related: Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Related: Recent Adobe Commerce Vulnerability Exploited in Wild

Related: Adobe Issues Critical Product Patches, Warns of Code Execution Risks

Related Content

Vulnerabilities

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.

Cybercrime

Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.

Mobile & Wireless

The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers.

Vulnerabilities

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Vulnerabilities

The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges.

Network Security

Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.

Cybercrime

Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation.

Vulnerabilities

Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version