critical vulnerability Archives

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.

Winsage

February 5, 2025

0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow Attackers To Launch DLL Injection Attacks on Windows

A critical 0-Day vulnerability has been identified in Microsoft Sysinternals tools, allowing attackers to exploit DLL injection techniques to execute harmful code. This vulnerability has been verified and remains unresolved despite being disclosed to Microsoft over 90 days ago. The Sysinternals tools, including Process Explorer, Autoruns, and Bginfo, are widely used for system analysis and troubleshooting but lack integration with the Windows Update system, requiring manual management of security patches. The vulnerability stems from how Sysinternals tools load DLL files, prioritizing untrusted paths over secure system directories. Attackers can place a malicious DLL in the same directory as a legitimate Sysinternals executable, leading to the execution of arbitrary code under the user's privileges. A real-world example demonstrated that an attacker could deploy a Trojan via the Bginfo tool by loading a malicious DLL from a network directory. The vulnerability affects multiple Sysinternals applications, and a comprehensive list is available from the researcher. Microsoft has classified the issue as a "defense-in-depth" enhancement rather than a critical vulnerability, focusing on local execution rather than risks associated with network paths. As of December 2024, the vulnerability remains unpatched, prompting users to take precautionary steps such as avoiding running tools from network locations and verifying DLL integrity.

Winsage

December 24, 2024

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe released out-of-band security updates to address a critical vulnerability in ColdFusion, identified as CVE-2024-53961, which is a path traversal weakness affecting ColdFusion versions 2023 and 2021. This flaw could allow attackers to read arbitrary files on compromised servers. Adobe categorized the flaw with a "Priority 1" severity rating and urged administrators to apply the emergency security patches—ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12—within 72 hours. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the risks associated with path traversal vulnerabilities and previously mandated federal agencies to secure their Adobe ColdFusion servers against other critical vulnerabilities by August 10, 2023. CISA also noted that hackers had been exploiting another ColdFusion vulnerability targeting outdated government servers since June 2023.

Winsage

December 17, 2024

US government warns federal agencies to patch dangerous Windows kernel bug

The US Cybersecurity and Infrastructure Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: 1. Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability (CVE-2024-35250) - Severity score: 7.8. 2. Adobe ColdFusion improper access control vulnerability (CVE-2024-20767) - Severity score: 7.4, affecting ColdFusion versions 2023.6, 2021.12, and earlier. CISA has set a deadline of January 6, 2025, for federal agencies to address these vulnerabilities.

Winsage

December 14, 2024

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Luigi Mangione, 26, was charged with the murder of UnitedHealthcare CEO Brian Thompson and was apprehended in Altoona, Pennsylvania, after evading authorities. He was found with counterfeit identification and a 3D-printed firearm. The U.S. government indicted 14 North Korean nationals for fraudulent IT operations aimed at funding the country's nuclear ambitions, generating an estimated million while stealing sensitive information. Microsoft’s AI Recall Tool faced privacy concerns after capturing sensitive data, prompting the company to postpone its launch and enhance security measures. Cleo file-sharing software warned customers about a vulnerability exploited by cybercriminals using malware named Malichus. The U.S. government imposed sanctions on Chinese hackers accused of hijacking thousands of firewalls, targeting critical infrastructure, and offered a million bounty for information leading to their apprehension.

Winsage

December 14, 2024

New Critical Windows Defender Vulnerability Confirmed By Microsoft

Microsoft confirmed a critical security vulnerability in Windows Defender, designated as CVE-2024-49071, which could allow unauthorized access to sensitive information indexed during global file searches. The vulnerability arose from inadequate restrictions on access to the search index for private documents. Despite the potential risk, there have been no known exploitations of this flaw, and an attacker would need some level of access to exploit it. Microsoft has resolved the issue through backend fixes and advises users that no action is necessary on their part.

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.

Winsage

December 11, 2024

Microsoft closes 2024 with 72 fixes on final Patch Tuesday

Microsoft's Patch Tuesday update addressed 72 vulnerabilities, with CVE-2024-49138 being actively exploited, affecting the Windows Common Log File System Driver and allowing privilege escalation on Windows 10, 11, and Server 2019 and later. The most critical vulnerability, CVE-2024-49112, has a CVSS score of 9.8 but is challenging to exploit, related to the Windows Lightweight Directory Access Protocol (LDAP). Microsoft recommends blocking inbound RPCs from untrusted networks as a workaround. CVE-2024-49093, with a CVSS score of 8.8, poses risks from malicious low-privilege AppContainers. Other significant vulnerabilities include CVE-2024-49088, CVE-2024-49090, and CVE-2024-49114, all related to privilege escalation. Additionally, CVE-2024-49070 and CVE-2024-49122 involve code execution flaws. Adobe released a patch for 167 vulnerabilities, including 91 in Adobe Experience Manager, with one critical flaw. Adobe Connect fixed 22 vulnerabilities, six rated critical, while Adobe Acrobat addressed six vulnerabilities, none exceeding a CVSS score of seven. Adobe Animate had 13 vulnerabilities, all rated 7.8, and InDesign and Substance 3D Modeler each had nine issues, none surpassing a CVSS score of 7.8. Adobe Media Encoder fixed four vulnerabilities, three allowing arbitrary code execution.

Tech Optimizer

November 29, 2024

8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk

Cybersecurity researchers Tal Peleg and Coby Abrams from Varonis have identified a significant security vulnerability in PostgreSQL, designated as CVE-2024-10979, which has a CVSS severity score of 8.8. This vulnerability affects all PostgreSQL versions prior to 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. It allows unprivileged users to manipulate environment variables within the PostgreSQL PL/Perl extension, potentially enabling arbitrary code execution. PostgreSQL's advisory states that this flaw can lead to data theft or system takeover by altering sensitive process environment variables. Users are advised to update to the fixed versions and implement restrictions on allowed extensions and user permissions to mitigate the risk.

Winsage

November 28, 2024

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a critical vulnerability, CVE-2024-9680, in Mozilla products exploited by the Russia-aligned group RomCom. This vulnerability, with a CVSS score of 9.8, affects various versions of Firefox, Thunderbird, and the Tor Browser, allowing code execution within the browser's restricted context. When combined with another Windows vulnerability, CVE-2024-49039, attackers can execute arbitrary code in the context of the logged-in user. The exploit can be triggered simply by visiting a malicious web page, enabling the installation of RomCom's backdoor without user interaction. RomCom has been linked to the exploitation of significant zero-day vulnerabilities, including the earlier use of CVE-2023-36884 via Microsoft Word in June 2023. The newly identified vulnerability was reported to Mozilla on October 8th, 2024, and patched the following day. The vulnerability is a use-after-free bug in Firefox's animation timeline. Further investigation revealed CVE-2024-49039, a privilege escalation bug in Windows, which Microsoft patched on November 12th, 2024. RomCom has targeted various sectors in 2024, including governmental entities in Ukraine, the pharmaceutical sector in the US, and the legal sector in Germany, among others. The compromise chain begins with a fake website that redirects victims to a server hosting the exploit. ESET identified multiple command-and-control servers used by RomCom, employing deceptive naming schemes to obscure their intentions. The exploit utilizes shellcode that executes arbitrary code by manipulating animation objects in Firefox. The vulnerability was patched by Mozilla within a day of its discovery. The RomCom backdoor is capable of executing commands and downloading additional modules onto the victim's machine. Indicators of compromise include specific JavaScript files and DLLs associated with the exploit.