CVE-2025-26633 - Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Project:Microsoft
Product:Windows
Date Added:2025-03-11Due Date:2025-04-01
Vulnerability Name
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Description
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633
https://nvd.nist.gov/vuln/detail/CVE-2025-26633
Related News Articles
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcherApril 8, 2025
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows FlawsApril 5, 2025
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWispApril 1, 2025
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC MalwareMarch 26, 2025
EncryptHub linked to MMC zero-day attacks on Windows systemsMarch 26, 2025