New Warning As Microsoft Windows Attacks Confirmed — No Fix Available

ByDavey Winder,

Senior Contributor.

No sooner has Microsoft issued an emergency security update for Windows users following attacks spotted in the wild, so news breaks of another ongoing cyberattack targeting Windows. This one, however, does not have a fix as of yet. Here’s what you need to know about CVE-2025-9491.

Just as you might have thought that things were improving on the security front as far as Windows users were concerned, with new admin protections announced, and another year of free security updates for Windows 10, comes the latest hammer blow: an active and widespread cyber espionage campaign exploiting what is now a critical vulnerability, with no Microsoft security patch to fix it.

A detailed and highly technical analysis from the cybersecurity boffins at Arctic Wolf Labs has confirmed that threat actors affiliated with China are currently exploiting a Windows remote code execution vulnerability, CVE-2025-9491, first reported in March, yes, March, in ongoing attacks.

New Warning As Microsoft Windows Attacks Confirmed — No Fix Available

Related reading

Act Now — Microsoft Issues Emergency Windows Update As Attacks Begin

All Microsoft Windows Users Warned As New Bot Attacks Confirmed

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Bad News For Microsoft Windows 10 Users — Another Security Update Fail

Update Microsoft Windows Server, 10 And 11 Now — Attacks Underway

Warning Issued As Hackers Give Microsoft Windows The Finger: Report