{"id":99653,"date":"2025-07-09T17:50:06","date_gmt":"2025-07-09T13:50:06","guid":{"rendered":"https:\/\/techxmedia.com\/en\/?p=99653"},"modified":"2025-07-09T17:50:07","modified_gmt":"2025-07-09T13:50:07","slug":"high-severity-windows-flaw-revealed-by-security-expert","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/high-severity-windows-flaw-revealed-by-security-expert\/","title":{"rendered":"High-Severity Windows Flaw Revealed by Security Expert"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Positive_Technologies\">Positive Technologies<\/a> has revealed a high-severity vulnerability affecting 37 desktop and server Windows operating systems. The flaw impacts Windows 11, Windows 10, Server 2025, Server 2022, and Server 2019 across various versions and architectures.<\/p>\n\n\n\n<p>The vulnerability, identified as CVE-2025-49689, was discovered by Sergey Tarasov, Specialist at the Positive Technologies Expert Security Center. It affects the NTFS file system driver and was assigned a CVSS 3.1 severity score of 7.8.<\/p>\n\n\n\n<p>The flaw could have enabled privilege escalation if a user opened a malicious virtual hard disk (VHD). This would allow attackers to bypass Windows security and gain full control of the system.<\/p>\n\n\n\n<p>Microsoft was notified under responsible disclosure protocols and released patches in July 2025.<\/p>\n\n\n\n<p>\u2022 Over 1.5 million devices are reportedly exposed<br>\u2022 U.S. and China account for the largest number of affected systems<\/p>\n\n\n\n<p>StatCounter data shows Windows 11\u2019s market share rose from below 30% in 2024 to over 43% by May 2025.<\/p>\n\n\n\n<p>Tarasov explained that attackers often use VHD files in phishing campaigns. Many users treat these files like ordinary archives, increasing the risk of exploitation.<\/p>\n\n\n\n<p>Positive Technologies recommends users install the latest Windows updates. If updates cannot be applied, users should only open VHD files from trusted sources.<\/p>\n\n\n\n<p>The company also advises deploying its tools, including MaxPatrol VM and MaxPatrol EDR, to detect and prevent similar threats.<\/p>\n\n\n\n<p>In 2024, Tarasov helped address another vulnerability, CVE-2024-43629, affecting Windows 10, 11, and Server editions. In 2017, the PT Expert Security Center collaborated with <a href=\"https:\/\/techxmedia.com\/en\/?s=Microsoft+\">Microsoft<\/a> to resolve CVE-2017-0263.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Positive Technologies has revealed a high-severity vulnerability affecting 37 desktop [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":99665,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[1051],"contributor":[9732],"class_list":["post-99653","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-vendors","contributor-news-desk"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2025\/07\/Windows-55.jpg","author_info":{"display_name":"Lubna","author_link":"https:\/\/techxmedia.com\/en\/author\/lubna\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/99653","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=99653"}],"version-history":[{"count":1,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/99653\/revisions"}],"predecessor-version":[{"id":99654,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/99653\/revisions\/99654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/99665"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=99653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=99653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=99653"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=99653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}