July 9, 2025, Moscow:
Sergey Tarasov, Specialist at the Positive Technologies Expert Security Center, discovered a high-severity vulnerability affecting 37 desktop and server Windows operating systems, including Windows 11, Windows 10, Server 2025, Server 2022, and Server 2019 of various versions and architectures.
The flaw in the NTFS file system driver could have led to privilege escalation on a user’s computer if they opened a malicious virtual hard disk.
Identified as CVE-2025-49689, the vulnerability was assigned a severity score of 7.8 on the CVSS 3.1 scale. Microsoft was notified under the responsible disclosure policy and released patches in July 2025.
Among all the products that contained the vulnerability, Windows 11 is one of the most popular operating systems globally.
According to the web analytics platform StatCounter, its market share grew from less than 30% in 2024 to over 43% by May 2025.
Open-source data estimates that more than 1.5 million devices are exposed to this vulnerability, affecting both corporate and home users. The largest number of affected devices are in the U.S. (26%) and China (14%).
The flaw in the NTFS file system could have allowed attackers to bypass Windows security measures. A victim only had to open a specially crafted virtual disk for an attacker to exploit the vulnerability and gain full control of the system.
To stay protected, users are strongly advised to install the latest updates. If updating is not possible, Positive Technologies recommends only opening virtual hard disks (VHD) from trusted sources.
Sergey Tarasov, Head of the PT Expert Security Center Vulnerability Analysis Group, explained:”This vulnerability is particularly dangerous as attackers often use VHD files in phishing campaigns. Users tend to open them like regular archives, unaware of the risks”.
Positive Technologies has consistently helped enhance the security of Microsoft systems. In 2024, Sergey Tarasov helped fix CVE-2024-43629, a vulnerability that affected Windows 10, Windows 11, and Windows Server versions 2025, 2022, and 2019. In 2017, the PT Expert Security Center collaborated with Microsoft to address CVE-2017-0263 in Windows 10 and earlier versions.
To detect attacks exploiting similar vulnerabilities, Positive Technologies recommends using a vulnerability management system like MaxPatrol VM. We also advise using MaxPatrol EDR, which supports all major operating systems, including Windows.
Read More:
Apple thanks «Positive Technologies» for discovering a vulnerability in its Shortcuts app
Positive Technologies identifies key cyberthreats for financial companies in 2025–2026
Positive Technologies begins accepting applications for the Positive Hack Camp
