Windows Zero-Days Leaked, Now Actively Exploited for SYSTEM Privileges

Three recently disclosed Windows security vulnerabilities are now being actively exploited by threat actors to gain SYSTEM-level or elevated administrator permissions on targeted machines.

The vulnerabilities were recently leaked or disclosed before patches were widely applied, giving attackers a window to weaponize them. Active exploitation has been confirmed in the wild, placing unpatched Windows systems at immediate risk.

Organizations should treat these as priority patches. Domain environments and systems exposed to the internet or running remote access services are at heightened risk given the privilege escalation nature of the flaws. Apply any available mitigations from Microsoft immediately and monitor for indicators of privilege escalation activity.