code execution Archives

Winsage

August 15, 2025

Microsoft patches more than 100 Windows security flaws – update your PC now

Microsoft's August Patch Tuesday update addresses 107 vulnerabilities in Windows, including 13 critical ones. It affects all current versions of Windows, including Windows 10, Windows 11, and Windows Server. The update fixes security issues in components like File Explorer, Remote Desktop, and Hyper-V, as well as bugs in Microsoft Office, Edge, and Teams. Nine critical vulnerabilities involve remote code execution. One vulnerability, CVE-2025-53779, is a zero-day flaw in the Windows Kerberos authentication system that could grant domain administrator privileges if exploited. The update also introduces new features, including a revamped error screen called the Black Screen of Death and Quick Machine Recovery for troubleshooting boot failures. Users can check for the update in the Windows Update section of Settings.

Winsage

August 14, 2025

Microsoft fixed 100+ security flaws in Windows and Office this month

Microsoft has addressed 67 vulnerabilities in its supported Windows versions, including Windows 10, Windows 11, and Windows Server. Users on Windows 7 and Windows 8.1 have not received updates for some time. Upgrading to Windows 11 24H2 is recommended for continued protection. Two critical remote code execution (RCE) vulnerabilities are CVE-2025-53766, affecting the Graphics Device Interface API, and CVE-2025-50165, impacting the Windows Graphics Component. Both can be exploited by visiting a specially crafted website. Three critical vulnerabilities in Hyper-V include CVE-2025-48807, which allows code execution from a guest system to the host; CVE-2025-53781, which poses a data leak risk; and CVE-2025-49707, a spoofing vulnerability. Additionally, 12 vulnerabilities in the Routing and Remote Access Service (RRAS) have been addressed, with half classified as RCE vulnerabilities and the other half as data leaks. CVE-2025-53779, affecting Kerberos for Windows Server 2025, could allow an attacker to gain administrator rights under specific conditions, but is classified as medium risk.

Winsage

August 13, 2025

Microsoft’s Patch Tuesday gives sys admins a baker’s dozen

Microsoft's August Patch Tuesday addressed 111 vulnerabilities, including 12 classified as critical. A known elevation of privilege flaw in the Windows Kerberos protocol, CVE-2025-53779, has a CVSS score of 7.2 and requires authenticated access for exploitation. Two critical remote code execution (RCE) vulnerabilities, CVE-2025-50165 and CVE-2025-53766, both rated 9.8, were identified in the Windows Graphics Device Interface. SharePoint has a critical RCE bug, CVE-2025-49712, with a severity score of 8.8. Other critical flaws include vulnerabilities in Microsoft Message Queuing, Office, Hyper-V, and Azure Stack Hub. Adobe released fixes for 68 CVEs, including eight critical RCE bugs in InCopy and critical issues in other products like Commerce, InDesign, and Substance 3D applications. SAP issued 15 security notes, including three critical vulnerabilities rated at 9.9 related to code injection in SAP S/4HANA. Intel released 34 advisories addressing 66 vulnerabilities, including high-severity issues in Xeon 6 processors and Intel Ethernet Drivers. Google updated Android to fix several flaws, including two actively exploited Qualcomm vulnerabilities.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

Winsage

August 13, 2025

Microsoft Vulnerabilities Exposed by Check Point Research

Check Point Research identified six new vulnerabilities in Microsoft Windows, including one classified as critical. These vulnerabilities could lead to system crashes, arbitrary code execution, or expose sensitive data. Check Point reported these issues to Microsoft, resulting in patches released on August 12th. One significant vulnerability is in a Rust-based Windows kernel component, which can cause total system crashes. Two other vulnerabilities, CVE-2025-30388 and CVE-2025-53766, allow for arbitrary code execution when users interact with specially crafted files. Additionally, CVE-2025-47984 can leak memory contents over the network, posing risks of sensitive information exposure. Check Point's security solutions already protect its customers from these threats, and users are encouraged to apply the August Patch Tuesday updates promptly.

Winsage

August 12, 2025

Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws

A series of vulnerabilities have been identified across various Microsoft platforms, categorized by severity. Critical Vulnerabilities: - CVE-2025-49707: Azure Virtual Machines Spoofing Vulnerability - CVE-2025-53781: Azure Virtual Machines Information Disclosure Vulnerability - CVE-2025-53793: Azure Stack Hub Information Disclosure Vulnerability - CVE-2025-50176: DirectX Graphics Kernel Remote Code Execution Vulnerability - CVE-2025-50165: Windows Graphics Component Remote Code Execution Vulnerability Important Vulnerabilities: - CVE-2025-53729: Microsoft Azure File Sync Elevation of Privilege Vulnerability - CVE-2025-53152: Desktop Windows Manager Remote Code Execution Vulnerability - CVE-2025-53732: Microsoft Office Remote Code Execution Vulnerability - CVE-2025-53740: Microsoft Office Remote Code Execution Vulnerability - CVE-2025-53738: Microsoft Word Remote Code Execution Vulnerability Windows Operating System Vulnerabilities: - CVE-2025-50170: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - CVE-2025-53131: Windows Media Remote Code Execution Vulnerability - CVE-2025-50158: Windows NTFS Information Disclosure Vulnerability

Winsage

August 6, 2025

Microsoft brings OpenAI’s smallest open model to Windows users

Microsoft has integrated OpenAI’s GPT model, gpt-oss-20b, into its Windows AI Foundry platform, allowing Windows 11 users to access advanced AI capabilities from their desktops. The model is optimized for agentic tasks and is compatible with consumer PCs and laptops with a minimum of 16GB of VRAM. gpt-oss-20b is a text-only model with a 53% hallucination rate on OpenAI’s PersonQA benchmark. Microsoft plans to extend its availability to macOS and other devices, and both gpt-oss-20b and its predecessor will be accessible through Microsoft’s Azure AI Foundry and Amazon’s AWS.

Winsage

August 6, 2025

Microsoft makes OpenAI’s new open model available on Windows

OpenAI has released a new, free, and open GPT model called gpt-oss-20b, which can run on personal computers. Microsoft is facilitating its integration for Windows users through the Windows AI Foundry, with plans to extend support to macOS. The model requires a PC or laptop with at least 16GB of VRAM and is optimized for code execution and tool utilization. Microsoft has pre-optimized the model for local inference, indicating potential future support for more devices. This is the first instance of an OpenAI model running locally on Windows, coinciding with Amazon's adoption of the new open-weight GPT-OSS models for its cloud services.

Winsage

August 4, 2025

North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections

Security researchers at Genians Security Center discovered a new variant of the RoKRAT malware linked to the North Korean APT37 threat group. This malware uses steganography to hide malicious payloads within JPEG files, allowing it to evade traditional antivirus detection. It is typically distributed through malicious shortcut files within ZIP archives, often disguised as legitimate documents. The malware employs a two-stage encrypted shellcode injection method, utilizing PowerShell and batch scripts to execute its payloads in memory. It collects system information, documents, and screenshots, exfiltrating data via compromised cloud APIs. The command and control accounts associated with the malware are linked to Russian email services. Variants of RoKRAT have evolved to include different injection methods and reference specific PDB paths. Indicators of compromise include various MD5 hashes associated with the malware.

Tech Optimizer

August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.