buffer overflow Archives

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 12, 2025

Microsoft Releases November 2025 Patch Tuesday Updates

Microsoft has rolled out its November 2025 Patch Tuesday updates for Windows 11, addressing 63 vulnerabilities across various platforms, including Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, and SQL Server. The update includes four critical and 59 important vulnerabilities, with one currently being exploited. Key vulnerabilities fixed include: - CVE-2025-62215: A privilege escalation vulnerability in the Windows Kernel. - CVE-2025-60724: A critical heap-based buffer overflow in the Microsoft Graphics Component (GDI+) enabling remote code execution, rated CVSS 9.8. - CVE-2025-60704: A high-severity vulnerability in Windows Kerberos, rated CVSS 7.5. - CVE-2025-62220: A heap-based buffer overflow in the Windows Subsystem for Linux GUI (WSLg), rated CVSS 8.8. - CVE-2025-60719: An untrusted pointer dereference in the Windows Ancillary Function Driver for WinSock. The update enhances features for Windows 11 versions 25H2 and 24H2, improving Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ devices. The taskbar has been updated with a new battery icon, and the Start Menu has been redesigned to include a scrollable All section. A preview of the Administrator Protection feature has been introduced to prevent unauthorized changes. Additionally, Microsoft released KB5068781 for Windows 10 Extended Security Updates, fixing an incorrect “end of support” message and addressing the same 63 vulnerabilities. Organizations are advised to conduct thorough testing before deploying the patches and to back up systems to mitigate potential issues.

TrendTechie

October 18, 2025

Ради игр с торрентов геймеры сверлили Xbox и вставляли пинцет в Nintendo Wii. Самые необычные способы пиратства на консолях

Many methods of console piracy have emerged over time, often exploiting unintentional vulnerabilities in licensed games. For example, the PSP was easily hacked due to flaws in games like Grand Theft Auto: Liberty City Stories and Medal of Honor: Heroes, which allowed users to manipulate save files to gain access to the system. A debug code in Alien: Resurrection for the PS1 enabled users to swap discs without turning off the console. Various makeshift tools have been used for hacking, such as a paperclip to exploit the Nintendo Switch and tweezers to access dormant memory sections in the Wii. The Nintendo 3DS was hacked using a magnet to trick the lid sensor, allowing access to developer mode. The Xbox 360 faced significant modding due to its firmware modification capabilities. A notable method involved drilling into the drive to bypass rewrite protection, known as the "Kamikaze Hack." While piracy methods have evolved, modern consoles have become increasingly secure, with fewer successful hacks reported in recent years. The appeal of piracy has diminished as subscription services and sales provide easier access to games.

Winsage

October 8, 2025

CISA Warns of Active Exploits in Critical Windows Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a significant vulnerability in Microsoft Windows, identified as CVE-2021-43226. This flaw allows attackers to elevate their privileges to SYSTEM level, threatening enterprise networks. It exists within the Common Log File System (CLFS) driver, enabling local, privileged attackers to bypass security measures and gain unauthorized control over systems running various Windows versions, including Windows 10, 11, and Server 2016, 2019, and 2022, as well as legacy systems like Windows 7 SP1 and Server 2008 R2 SP1. The vulnerability arises from improper validation of user-supplied data, leading to buffer overflow and arbitrary code execution without user interaction. It has a CVSS score of 7.8, indicating high severity, and proof-of-concept exploit code is already circulating in underground forums. CISA has set a remediation deadline of October 27, 2025, mandating federal agencies and critical infrastructure operators to implement patches. Recommendations for mitigation include immediate patching, strengthening endpoint controls, implementing layered defenses, continuous monitoring, regular vulnerability management, and maintaining a robust incident response program.

Winsage

September 9, 2025

Patch Tuesday September 2025 Fixes Risky Kernel Flaws

In September 2025, Microsoft released security updates addressing three significant vulnerabilities in the Windows kernel among a total of 86 CVEs. The notable vulnerabilities include: 1. CVE-2025-54110: An Elevation of Privilege vulnerability rated 8.8, involving an integer overflow in the Windows kernel that could allow an attacker to escalate privileges locally. Discovered by an anonymous researcher on Mastodon. 2. CVE-2025-53804: An information disclosure vulnerability rated 5.5, allowing exposure of specific memory addresses within kernel space, reported by Lewis Lee. 3. CVE-2025-53803: A vulnerability allowing disclosure of memory addresses through error messages, credited to Lewis Lee and three other researchers. Other high-risk vulnerabilities addressed include: 1. CVE-2025-54918: A Windows NTLM Elevation of Privilege vulnerability rated 8.8, remotely exploitable due to improper authentication, discovered by Brian De Houwer. 2. CVE-2025-55234: An 8.8-rated Windows SMB Elevation of Privilege/Improper Authentication issue. 3. CVE-2025-54916: A Windows NTFS Remote Code Execution vulnerability rated 7.8. 4. CVE-2025-54098: A Windows Hyper-V Elevation of Privilege vulnerability rated 7.8. 5. CVE-2025-54093: A Windows TCP/IP Driver Elevation of Privilege vulnerability rated 7.0. Additionally, other IT vendors like Adobe, SAP, and Ivanti released critical updates on the same day.

Winsage

August 13, 2025

Microsoft’s Patch Tuesday gives sys admins a baker’s dozen

Microsoft's August Patch Tuesday addressed 111 vulnerabilities, including 12 classified as critical. A known elevation of privilege flaw in the Windows Kerberos protocol, CVE-2025-53779, has a CVSS score of 7.2 and requires authenticated access for exploitation. Two critical remote code execution (RCE) vulnerabilities, CVE-2025-50165 and CVE-2025-53766, both rated 9.8, were identified in the Windows Graphics Device Interface. SharePoint has a critical RCE bug, CVE-2025-49712, with a severity score of 8.8. Other critical flaws include vulnerabilities in Microsoft Message Queuing, Office, Hyper-V, and Azure Stack Hub. Adobe released fixes for 68 CVEs, including eight critical RCE bugs in InCopy and critical issues in other products like Commerce, InDesign, and Substance 3D applications. SAP issued 15 security notes, including three critical vulnerabilities rated at 9.9 related to code injection in SAP S/4HANA. Intel released 34 advisories addressing 66 vulnerabilities, including high-severity issues in Xeon 6 processors and Intel Ethernet Drivers. Google updated Android to fix several flaws, including two actively exploited Qualcomm vulnerabilities.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

Winsage

July 10, 2025

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Microsoft released patches for 130 vulnerabilities in the July 2025 Patch Tuesday update. Notable vulnerabilities include CVE-2025-49719, an uninitialized memory disclosure in Microsoft SQL Server, and CVE-2025-47981, a wormable remote code execution flaw in Windows. CVE-2025-49719 is assessed as having "unproven" exploit code, while CVE-2025-47981 has a high likelihood of exploitation within 30 days. Other vulnerabilities include CVE-2025-49717, a buffer overflow in SQL Server, and CVE-2025-49704, which allows code injection in SharePoint. Additionally, updates address vulnerabilities in Windows Routing and Remote Access Service (RRAS) and Microsoft Edge, including CVE-2025-6554, which has been actively exploited. Administrators are advised to prioritize patching internet-facing assets and consider additional mitigations for RRAS vulnerabilities.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.