advisory Archives

Winsage

December 28, 2024

Microsoft Warns Millions Of Windows Users—Do Not Install This Update On Your PC

Microsoft has issued a warning for Windows users about the installation process for Windows 11 24H2, indicating that a mistake during installation could prevent devices from receiving future Windows security updates. Users installing Windows 11 24H2 with the October or November 2024 security updates via USB or external drives may disrupt Windows Update functionality, as the version is shipped without these specific patches. The issue occurs only when installation media includes these updates; devices receiving updates through the standard Windows Update process are not affected. Microsoft suggests using the Media Creation Tool to create new installation media if users encounter issues with cumulative updates after installing Windows 11 24H2. The company acknowledges that the situation affects only a small number of PCs, though the number of affected users may be higher than initially thought. Microsoft is working on a permanent solution and advises users to use the December 2024 security update to avoid complications with media-based installations.

Winsage

December 27, 2024

Microsoft warns Windows 11 install media bug blocks future security updates

Microsoft has issued a caution regarding the installation of Windows 11 version 24H2 using physical media, specifically if the media contains security updates from October 8 to November 12, 2024. In such cases, the operating system may not accept future security updates. This issue does not affect systems receiving updates through Windows Update or the Microsoft Update Catalog, nor does it impact installations using the December 2024 security update. Microsoft recommends creating new installation media that includes the December 2024 security update to ensure future updates can be received. Users who have already installed version 24H2 with the October or November updates should apply the December 2024 security update to restore their system's ability to accept future updates. Microsoft is working on a permanent solution to this issue. Users have also reported challenges with the Disk Cleanup tool and speaker volume spikes since the launch of version 24H2. Maintaining an updated version of Windows 11 is essential for security, stability, and performance, as updates address vulnerabilities and fix bugs.

Winsage

December 27, 2024

Microsoft Warns Windows Users—Do Not Update Your PC This Way

Microsoft has issued an advisory for Windows users regarding potential issues when updating to Windows 11 version 24H2 using external media. If users create installation media that includes the October or November 2024 security updates, their devices may end up in a state where they cannot accept further Windows security updates. This problem does not affect devices that receive updates through the standard Windows Update process. The issue is reported to impact only a small number of users, and Microsoft recommends using the Media Creation Tool to create new media and reinstall the operating system if users encounter update problems.

Winsage

December 24, 2024

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe released out-of-band security updates to address a critical vulnerability in ColdFusion, identified as CVE-2024-53961, which is a path traversal weakness affecting ColdFusion versions 2023 and 2021. This flaw could allow attackers to read arbitrary files on compromised servers. Adobe categorized the flaw with a "Priority 1" severity rating and urged administrators to apply the emergency security patches—ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12—within 72 hours. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the risks associated with path traversal vulnerabilities and previously mandated federal agencies to secure their Adobe ColdFusion servers against other critical vulnerabilities by August 10, 2023. CISA also noted that hackers had been exploiting another ColdFusion vulnerability targeting outdated government servers since June 2023.

Winsage

December 16, 2024

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

The Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. federal agencies about a critical Windows kernel vulnerability, CVE-2024-35250, which allows local attackers to elevate their privileges to SYSTEM level. This vulnerability is linked to the Microsoft Kernel Streaming Service (MSKSSRV.SYS) and was exploited during the Pwn2Own Vancouver 2024 competition. Microsoft issued a patch for this vulnerability in June 2024, but proof-of-concept exploit code appeared on GitHub four months later. CISA has also flagged a critical Adobe ColdFusion vulnerability, CVE-2024-20767, which allows unauthenticated remote attackers to access sensitive files. Over 145,000 ColdFusion servers are exposed to the Internet. Both vulnerabilities are listed in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must secure their networks by January 6 under the Binding Operational Directive (BOD) 22-01.

Winsage

December 11, 2024

December Patch Tuesday arrives bearing 71 gifts

Microsoft released a comprehensive update on Tuesday that includes 71 patches addressing vulnerabilities across ten product families. Among these, 17 vulnerabilities affecting Windows are classified as Critical, with a CVSS base score of 8.1 or higher. Ten of these vulnerabilities are related to Remote Desktop Services. CVE-2024-49138, which affects the Windows Common Log File system driver, is currently exploited in the wild, and Microsoft expects six additional CVEs may be targeted in the next 30 days. The update includes advisory notes on two Edge CVEs and a Defense-in-Depth update for Microsoft Project. The total number of CVEs addressed is 71, with 1 publicly disclosed and 1 exploit detected. The severity breakdown includes 17 Critical and 54 Important vulnerabilities. The impact categories are as follows: 31 for Remote Code Execution, 27 for Elevation of Privilege, 7 for Information Disclosure, 5 for Denial of Service, and 1 for Spoofing. There is 1 CVE with a CVSS base score of 9.0 or greater and 27 with a score of 8.0 or greater. CVE-2024-49112 is highlighted as the only vulnerability this month with a CVSS base score exceeding 9.0, rated at 9.8, affecting all supported versions of Windows 10, 11, and Server versions since 2008. CVE-2024-49138 is an Important-severity elevation of privilege issue impacting all supported client and server versions of Windows. CVE-2024-49117 is a Critical-severity RCE that could enable cross-VM attacks, while CVE-2024-49114 introduces a new vulnerability category termed False File Immutability. Microsoft has addressed a total of 1,015 CVEs through its Patch Tuesday process in 2023, the highest annual count since 2020. December 2023 recorded the lowest patch count in five years, with only 33 patches released. For users of Sophos protections, a detailed table outlines the CVEs and corresponding detection capabilities.

Winsage

December 10, 2024

Microsoft NTLM Zero-Day to Remain Unpatched Until April

Microsoft has issued new guidance to help organizations defend against NTLM relay attacks following the discovery of a zero-day vulnerability affecting all versions of Windows Workstation and Server, from Windows 7 to Windows 11. This vulnerability allows attackers to capture NTLM credentials by tricking users into opening a malicious file. Microsoft has classified the vulnerability as having moderate severity and expects a fix to be rolled out in April. This is the second NTLM credential leak zero-day reported to Microsoft by ACROS Security since October. Microsoft has updated its guidance on enabling Extended Protection for Authentication (EPA) by default on LDAP, AD CS, and Exchange Server to mitigate NTLM-related vulnerabilities.

Winsage

December 9, 2024

Critical Windows Zero-Day Vulnerability Exploited in the Wild

Microsoft has addressed a zero-day vulnerability, CVE-2024-38193, exploited by the North Korean hacker group Lazarus APT. Discovered in June 2024, the flaw affected the Windows Ancillary Function Driver (AFD.sys) and posed a risk to Windows users globally. The vulnerability involved a race condition between two functions, leading to a use-after-free scenario that could be exploited. The Lazarus group used this vulnerability to gain elevated privileges through a rootkit called FudModule, designed to evade detection. The vulnerability has a CVSS score of 7.8, indicating high risk, and could grant attackers complete control over affected devices. Microsoft included a fix in its August 2024 Patch Tuesday update. Independent researcher Nephster published proof-of-concept code on GitHub, increasing risks for unpatched systems.

AppWizard

December 7, 2024

FBI warns users to encrypt text messages for cybersecurity. Here’s how to do it

The FBI has advised smartphone users to encrypt text messages, especially when communicating between Apple and Android devices, due to a cyber espionage campaign linked to hackers from the People's Republic of China. These hackers have targeted telecommunications infrastructure and stolen sensitive customer call records. Standard text messages between Apple and Android devices lack encryption, while messages between two devices of the same platform are secure. Users are encouraged to use secure messaging apps like WhatsApp and Signal, which provide end-to-end encryption. To use WhatsApp, users must download the app, accept terms, verify their phone number, and set up their profile. For Signal, users follow a similar process of downloading the app, verifying their phone number, creating a PIN, and setting up their profile. Both apps require Wi-Fi or cellular data for operation.

AppWizard

December 4, 2024

Americans urged to use encrypted messaging apps after cyberattack: Officials

U.S. officials recommend citizens use encrypted messaging applications due to recent cyberattacks on major telecommunications companies, including AT&T and Verizon. Microsoft identified a hacking campaign called "Salt Typhoon" as a significant intelligence breach, which remains unresolved. The attacks are believed to be conducted by Chinese entities targeting American citizens, though Chinese officials have not commented on the allegations.