code execution Archives

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Tech Optimizer

January 12, 2026

Trend Micro releases critical security fixes for Apex Central RCE

Trend Micro has addressed a security vulnerability in its Apex Central platform, identified as CVE-2025-69258, which allowed unauthenticated DLL injection and remote code execution. The company released Critical Patch Build 7190 to fix this vulnerability and two others, CVE-2025-69259 and CVE-2025-69260. Organizations are urged to implement the patch immediately, as temporary mitigations are deemed insufficient for long-term security. Apex Central is a self-hosted platform for managing Trend Micro's security products.

Winsage

December 19, 2025

Microsoft patches bug causing multiple Message Queuing errors

Microsoft released an out-of-band update (KB5074976) on December 19 to address Message Queuing (MSMQ) errors caused by December 2025 security updates. These updates have led to operational disruptions in business applications and IIS websites, particularly on systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016, which received updates KB5071546, KB5071544, and KB5071543. Users reported issues such as inactive MSMQ queues, IIS sites generating "insufficient resources" error messages, and applications unable to write messages to queues. The problems stem from modifications in the MSMQ security model, which altered permissions for the system folder C:WindowsSystem32msmqstorage, requiring MSMQ users to have write access typically reserved for administrators. Systems with full administrative rights do not experience these issues. Microsoft is investigating the matter but has not provided a timeline for a resolution.

Winsage

December 17, 2025

Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges

Microsoft has identified a significant out-of-bounds vulnerability (CVE-2025-55681) in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. This vulnerability is found in the dwmcore.dll component and affects all versions of Windows 10, Windows 11, and various Windows Server editions (2016, 2019, 2022, and 2025). The flaw originates from the CBrushRenderingGraphBuilder::AddEffectBrush function, enabling attackers with local access to exploit improper buffer handling without user interaction. The vulnerability has a CVSS v3.1 score of 7.8, indicating high severity. Microsoft has released security patches, and organizations are advised to apply them promptly while implementing strict access controls until the patches are installed.

Winsage

December 17, 2025

Microsoft: December security updates cause Message Queuing failures

Microsoft has acknowledged a significant issue with the December 2025 security updates that disrupts Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. The problem is prevalent among systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016 with security updates KB5071546, KB5071544, and KB5071543. Users are experiencing inactive MSMQ queues, IIS sites failing with "insufficient resources" errors, applications unable to write to queues, and misleading error messages about "insufficient disk space or memory." The root cause is changes to the MSMQ security model that altered permissions on the C:WindowsSystem32MSMQstorage folder, requiring MSMQ users to have write access to a directory typically reserved for administrators. Devices with users logged in as administrators are not affected. Microsoft is investigating the issue but has not provided a timeline for resolution. Rolling back the updates is a potential solution for administrators, though it carries security risks. This follows a warning from Microsoft in April 2023 about a critical vulnerability in the MSMQ service.

Winsage

December 15, 2025

Windows patch causes multiple Message Queuing errors

Microsoft has acknowledged issues related to the December 2025 security updates affecting Message Queuing (MSMQ) functionality on Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems. The updates KB5071546, KB5071544, and KB5071543 have caused problems such as inactive MSMQ queues, IIS sites showing “insufficient resources” errors, and applications unable to write messages to queues. These issues stem from modifications in the MSMQ security model, which now requires users to have write access to the C:WindowsSystem32msmqstorage folder, a privilege typically reserved for administrators. Systems with full administrative rights do not experience these problems, but this workaround is impractical for many enterprises. Microsoft is investigating the situation without a specified timeline for a resolution. Administrators may consider rolling back the updates, which poses its own security risks. In April 2023, Microsoft had warned about a critical vulnerability in MSMQ (CVE-2023-21554) that risked remote code execution attacks.

Winsage

December 12, 2025

Windows Defender Firewall Service Vulnerability

On December 9, 2025, Microsoft addressed a vulnerability identified as CVE-2025-62468, which allowed an authenticated local attacker to access sensitive memory within the Windows Defender Firewall Service due to an out-of-bounds read in the service's memory handling routines. This flaw could expose heap or process memory, potentially revealing sensitive information. The vulnerability requires local authenticated access, raising concerns for both home users and system administrators. Microsoft classified the vulnerability as important, emphasizing the need for prompt action. Users are advised to update their systems through Windows Update to mitigate the risk. There is no confirmed public exploit for this vulnerability, and it does not allow remote code execution, but it can lead to information disclosure.

Winsage

December 11, 2025

December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices

Microsoft has released a security update addressing 57 vulnerabilities, including three critical zero-day exploits. The update targets vulnerabilities in Windows 10, Windows 11, Windows Server, Office, and related services. Specific vulnerabilities fixed include: - CVE-2025-62221: A privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver. - CVE-2025-64671: A remote code execution vulnerability affecting GitHub Copilot for JetBrains. - CVE-2025-54100: A remote code execution issue within Windows PowerShell. PowerShell now provides warnings when the Invoke-WebRequest command fetches web pages without safe parameters to prevent unintended script execution. Users can apply the latest updates by checking Windows Update in Settings, downloading, and installing the updates, and ensuring their system is up to date.

Winsage

December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.