CVE-2025-26633: The Actively Exploited Zero-day Vulnerability
CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console (MMC) , gives attackers the keys to bypass security features and unleash malicious code on unsuspecting systems by convincing a victim to click on a malicious link or open a malicious file. The weakness stems from the console’s failure to sanitize user input properly. Russian threat actors are spearheading an aggressive campaign to exploit the zero-day vulnerability, Trend Research has spotlighted the notorious Russian hacking group, EncryptHub (also known as Water Gamayun and Larva-208) as the mastermind behind this.
If you are using Vulnerability Manager Plus or Endpoint Central with the Vulnerability Management add-on, you can check for the presence of this vulnerability in your managed systems. Navigate to the Software Vulnerabilities section under Threats and use the Search by CVE ID search bar to look for CVE-2025-26633. If this vulnerability is detected in any of your systems, you will be able to view details about all the affected systems.
Microsoft released patches for this zero-day vulnerability earlier this month as part of its Patch Tuesday Updates.
To resolve this zero-day issue, here are the supported patches:
Patch ID | Patch Name | Description |
40827 | Windows6.1-kb5053627-x64-2008R2.msu | 2025-03 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5053627) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40828 | Windows6.0-kb5053995-x64-2008.msu | 2025-03 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5053995) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40829 | Windows6.0-kb5053995-x86-2008.msu | 2025-03 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5053995) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40830 | Windows10.0-kb5053596-x64-1809.msu | 2025-03 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5053596) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40831 | Windows10.0-kb5053596-x64-2019.msu | 2025-03 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5053596) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40832 | Windows10.0-kb5053596-x86-1809.msu | 2025-03 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5053596) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40833 | Windows10.0-kb5053594-x86-1607.msu | 2025-03 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5053594) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40834 | Windows10.0-kb5053594-x64-1607.msu | 2025-03 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5053594) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40835 | Windows10.0-kb5053594-x64-2016.msu | 2025-03 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5053594) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40837 | Windows10.0-kb5053618-x64-1507.msu | 2025-03 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5053618) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40838 | Windows11.0-kb5053598-arm64-24H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 24H2 for arm64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40839 | Windows11.0-kb5053598-x64-2025.msu | 2025-03 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40840 | Windows11.0-kb5053598-x64-24H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5053598) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40842 | Windows10.0-kb5053603-x64-2022.msu | 2025-03 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5053603) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40843 | Windows11.0-kb5053602-arm64-23H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 23H2 for arm64-based Systems (KB5053602) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40844 | Windows11.0-kb5053602-arm64-22H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5053602) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40845 | Windows11.0-kb5053602-x64-23H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5053602) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40846 | Windows11.0-kb5053602-x64-22H2_win11.msu | 2025-03 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5053602) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40847 | Windows10.0-kb5053606-x86-21H2.msu | 2025-03 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40848 | Windows10.0-kb5053606-x86-22H2.msu | 2025-03 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40849 | Windows10.0-kb5053606-x64-21H2.msu | 2025-03 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40850 | Windows10.0-kb5053606-x64-22H2.msu | 2025-03 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5053606) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-26633) |
40851 | Windows6.1-kb5053620-x64-2008R2.msu | 2025-03 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5053620) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40852 | Windows6.0-kb5053888-x86-2008.msu | 2025-03 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5053888) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40853 | Windows6.0-kb5053888-x64-2008.msu | 2025-03 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5053888) (ESU) (CVE-2025-24991) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40854 | Windows8.1-kb5053887-x64-2012R2.msu | 2025-03 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5053887) (ESU) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
40855 | Windows8-rt-kb5053886-x64-2012.msu | 2025-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5053886) (ESU) (CVE-2025-24991) (CVE-2025-24984) (CVE-2025-24985) (CVE-2025-24993) (CVE-2025-24983) (CVE-2025-26633) |
Using Patch Manager Plus, Vulnerability Manager Plus or Endpoint Central, you can deploy these patches. If any patches are missing from your managed systems, go to the Missing Patches section, search for the necessary Patch IDs in the Patch ID column, filter them, and deploy them immediately to protect your systems from exploitation by this zero-day vulnerability.