We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

code execution

Windows 11 24H2 standardizes its scripting engine
Winsage
July 11, 2025

Windows 11 24H2 standardizes its scripting engine

Microsoft has announced that starting with Windows 11 version 24H2, the JScript9Legacy engine will be enabled by default for all scripting processes that previously relied on the classic JScript engine. This new engine offers improved protection against threats like cross-site scripting (XSS) and enhances performance. Users will not need to take any action, as existing scripts will continue to function normally. In case of compatibility issues, organizations can revert to the previous engine temporarily. The transition marks the retirement of JScript, which has been part of Windows since 1996, as it is now considered outdated and vulnerable. Microsoft has decided to discontinue support for JScript due to the retirement of Internet Explorer and the adoption of the Edge browser. This update applies only to Windows 11 version 24H2 and later, while older versions will still use the original JScript engine.
Windows 11 now uses JScript9Legacy engine for improved security
Winsage
July 11, 2025

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft has replaced the default scripting engine JScript with JScript9Legacy in Windows 11, version 24H2 and beyond to enhance security against web threats, particularly cross-site scripting (XSS) vulnerabilities. JScript, which has been in use since 1996, has become outdated and non-compliant with modern security standards. JScript9Legacy is designed to meet legacy scripting needs while improving security and compatibility. The transition to JScript9Legacy will occur automatically for users, and existing scripts should continue to function without disruption. If compatibility issues arise, users can revert to the previous engine with support from Microsoft.
Activision pulls game after PC hacking reports
AppWizard
July 10, 2025

Activision pulls game after PC hacking reports

Activision has removed Call of Duty: WWII from the Microsoft Store and PC Game Pass due to reports of hackers exploiting a critical vulnerability in the game's PC versions. Players experienced hijacked computers during gameplay, with evidence of remote code execution attacks. An outdated and insecure build of the game was uploaded to Microsoft’s services, despite having been patched on other platforms. The game is still accessible via Steam and console versions. Activision has not reinstated access to the game and is investigating the security breach.
If you haven't upgraded to Windows 11 24H2 yet, Microsoft's giving you a good reason to do so
Winsage
July 10, 2025

If you haven’t upgraded to Windows 11 24H2 yet, Microsoft’s giving you a good reason to do so

Microsoft has rolled out version 24H2 of Windows 11, enhancing its security framework by updating the scripting engine from JScript to JScript9Legacy. This upgrade improves performance for applications and web pages using JScript and reduces the likelihood of security breaches, particularly from cross-site scripting (XSS) and web-based attacks. The new engine features enhanced management of JavaScript objects and stricter execution policies, increasing resilience against malicious scripts. Windows 11 24H2 has a more robust security posture than its predecessor, 23H2, and the upgrade will become compulsory. Windows 11 25H2 is expected to include similar security improvements.
Call of Duty: WWII pulled from PC Game Pass after hackers hijack players’ PCs
AppWizard
July 10, 2025

Call of Duty: WWII pulled from PC Game Pass after hackers hijack players’ PCs

Activision has removed Call of Duty: WWII from the Microsoft Store and PC Game Pass due to reports of player hacks linked to a critical security vulnerability that allowed hackers to gain remote access to players' computers. This issue arose shortly after the game's introduction to Microsoft’s Game Pass in late June 2025, with players experiencing computer freezes, unexpected command prompts, shutdowns, and direct messages from hackers. The vulnerability, known as Remote Code Execution (RCE), was present in the outdated version on the Microsoft Store, while the Steam version had been patched. Activision has not provided details on the removal or a timeline for the game's return, and players are advised against downloading it from any platform until security concerns are addressed.
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
Winsage
July 10, 2025

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Microsoft released patches for 130 vulnerabilities in the July 2025 Patch Tuesday update. Notable vulnerabilities include CVE-2025-49719, an uninitialized memory disclosure in Microsoft SQL Server, and CVE-2025-47981, a wormable remote code execution flaw in Windows. CVE-2025-49719 is assessed as having "unproven" exploit code, while CVE-2025-47981 has a high likelihood of exploitation within 30 days. Other vulnerabilities include CVE-2025-49717, a buffer overflow in SQL Server, and CVE-2025-49704, which allows code injection in SharePoint. Additionally, updates address vulnerabilities in Windows Routing and Remote Access Service (RRAS) and Microsoft Edge, including CVE-2025-6554, which has been actively exploited. Administrators are advised to prioritize patching internet-facing assets and consider additional mitigations for RRAS vulnerabilities.
Activision pulls Call of Duty game after PC players are hacked
AppWizard
July 9, 2025

Activision pulls Call of Duty game after PC players are hacked

Activision has removed Call of Duty: WWII from the Microsoft Store and Game Pass due to security breaches affecting players. The game is offline while the publisher investigates reports of hacks experienced by PC users. It remains available on Steam and other consoles. Players have reported significant security threats, including a video from streamer Wrioh demonstrating hacking incidents. The version of the game on Microsoft’s platforms reportedly contained an outdated flaw.
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
Winsage
July 9, 2025

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

A series of vulnerabilities have been identified affecting AMD and Microsoft products, with several classified as critical. For AMD: - CVE-2025-36357: A critical transient scheduler attack in the L1 Data Queue. - CVE-2025-36350: A critical transient scheduler attack in the Store Queue. For Microsoft Office: - CVE-2025-49697: A critical remote code execution vulnerability. - CVE-2025-49695: A critical remote code execution vulnerability. - CVE-2025-49696: A critical remote code execution vulnerability. - CVE-2025-49702: A critical vulnerability requiring urgent remediation. Additional important vulnerabilities in Microsoft components include: - CVE-2025-47988: A remote code execution vulnerability in the Azure Monitor Agent. - CVE-2025-49690: An elevation of privilege vulnerability in the Capability Access Management Service. - CVE-2025-48816: An elevation of privilege vulnerability in the HID Class Driver. - CVE-2025-47178: A remote code execution vulnerability in Microsoft Configuration Manager. In the Windows ecosystem: - CVE-2025-49685: An elevation of privilege vulnerability in the Windows Search Component. - CVE-2025-49666: A remote code execution vulnerability in the Windows Kernel. - CVE-2025-49688: A remote code execution vulnerability in the Windows Routing and Remote Access Service.
Zero Day Initiative — The July 2025 Security Update Review
Winsage
July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.
Search