https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-kernel-zero-day-exploited-since-2023/

Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023.

Fixed in Windows security updates released during this month's Patch Tuesday, the security flaw is now tracked as CVE-2025-24983 and was reported to Microsoft by ESET researcher Filip Jurčacko.