Microsoft Warns: Active Ransomware Attacks Target Windows Vulnerability (CVE-2025-29824
Microsoft has granted a serious vulnerability in the Windows operating system. This zero-day weak point is already actively exploited by the Ransomexx-Ransomware Group to blackmail users.
Windows 11 update already available
The weak point under the identifier CVE-2025-29824 is managed, the Windows Common Log File System and enables attackers to obtain system rights on attacked computers with relatively little effort and without interaction by users. You then have the device completely under your control.
The gap is based on a so-called use-ferry-free weak point, which can be exploited by local attackers with low user rights. Microsoft has already provided security updates for Windows 11 as part of yesterday’s patch day, but patches for Windows 10 are still pending. These should follow “as soon as possible” divided The company with.
According to Microsoft’s attacks against companies from the areas of IT and real estate in the United States, the financial sector in Venezuela, a Spanish software company and retail in Saudi Arabia were directed. Systems with Windows 11 in version 24H2 were affected by the weak point, but were not the goal of the attacks observed so far.
Microsoft urgently calls on all users to install the available security updates as quickly as possible. The criminal group behind the attacks is observed by Microsoft under the name Storm-2460 and is better known as Ransomexx. This began its actions with the installation of the pipemagic malware, a backdoor that was used to bring the exploit to systems and then the actual ransomware and blackmail writing with the title! Read_MEXX2! to place on the affected computers.
Well-known group
Pipemagic has already been used for targeted attacks in the past, including another Windows security gap (CVE-2025-24983). The 2022 malice program was discovered by Kaspersky, which already came across a similar attack chain when analyzing Nokoyawa Ransomware attacks.
The Ransomexx group has been active since 2018 and became particularly aggressive under a new name from June 2020. Well -known victims include Gigabyte, Konica Minolta, the Texas Transport Authority TXDOT, the Brazilian judiciary and the Montreal public transport company.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
1 thought on “Microsoft Warns: Active Ransomware Attacks Target Windows Vulnerability (CVE-2025-29824”