Microsoft has patched a critical vulnerability affecting 17 different versions of its Windows operating systems following a responsible disclosure from Marat Gayanov, a security researcher at Positive Technologies’ Expert Security Center (PT ESC). The flaw, now tracked as CVE-2025-49686, carried a severity score of 7.8 under the CVSS 3.1 standard and could have enabled attackers to disable targeted systems through a denial-of-service (DoS) attack.
The vulnerability, classified as a null pointer dereference, affected a wide range of Windows products including Windows 10, Windows 11, and Windows Server 2025. According to Gayanov, exploiting the issue did not require elevated privileges or complex access. Instead, attackers could simply trick a user into running a malicious application that leveraged a flaw in a driver responsible for inter-device communication. This could crash specific processes and potentially bring down entire systems, limiting access to corporate resources and disrupting business operations.
Microsoft has since released updates for all affected systems, and users are advised to apply the patches immediately. A full list of patched versions is available in Microsoft’s official advisory.
The scale of potential exposure was significant. As of mid-2025, Microsoft products still hold over 70% of the global desktop OS market. Windows 10 accounts for 53% of active users, while Windows 11 is used by roughly 43%. Notably, over 1.5 million Windows 11 systems were found to be vulnerable and remotely accessible online, with the highest concentration of exposed devices located in the U.S. (27%), followed by China (14%), Japan (8%), Germany (4%), and South Korea (4%).
This isn’t the first time Positive Technologies has worked with Microsoft to close security gaps. In late 2024, PT ESC’s Sergey Tarasov uncovered CVE-2024-43629, a privilege escalation flaw that impacted multiple versions of Windows, including Server 2019 through 2025. His findings led to coordinated fixes across multiple platforms. Earlier still, in 2019, the firm identified two critical vulnerabilities in Windows 10 (CVE-2019-0726 and CVE-2019-0697) that could have allowed attackers to intercept sensitive data or gain unauthorized access to systems.
The latest disclosure reinforces the importance of proactive vulnerability management and real-time detection capabilities. For enterprise users, tools like MaxPatrol VM can help monitor systems for malicious activity and ensure timely response to emerging threats.
While Microsoft has resolved the issue, the episode underscores the ongoing risks tied to widely deployed operating systems and the need for continuous vigilance—especially in enterprise environments where operational downtime and data breaches carry real-world consequences.
