denial-of-service Archives

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.

AppWizard

November 14, 2025

Malicious Android Photo Frame App Gives Hackers Full Device Control Without User Action

A security assessment has revealed that digital photo frames using Uhale technology are vulnerable to a new class of malicious Android applications that can take control of devices without user interaction. The pre-installed Uhale app can silently download and execute malware during device booting or software updates due to insecure connections and improper certificate verification. Attackers can intercept network traffic to execute remote code with a critical CVSS score of 9.4, allowing access to private photos and the potential to create botnets. Many affected devices run outdated Android versions (6.0/6.0.1) with SELinux disabled and rooted by default, facilitating privilege escalation and persistent malware installation. Additionally, the Uhale app's unsecured local network file transfer feature allows attackers on the same network to send malicious files or delete files without user consent. Researchers emphasize the need for improved software security in consumer electronics, urging manufacturers to adopt modern Android builds and enforce security protocols. Users are advised to disconnect or update their devices to mitigate risks.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

October 18, 2025

Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error

A vulnerability has been identified in Microsoft’s Rust-based kernel component for the Graphics Device Interface (GDI) within Windows, which can cause a system-wide crash (BSOD). The issue was discovered during a fuzzing campaign by Check Point, which revealed crashes and potential code execution risks. The vulnerability is linked to an out-of-bounds array access in the win32kbasers.sys driver during the path-to-region conversion in NtGdiSelectClipPath, triggered by a malformed EmfPlusDrawBeziers record. A proof-of-concept demonstrated that embedding a crafted metafile could lead to a BSOD from low-privilege sessions on Windows 11. Microsoft addressed the flaw in OS Build 26100.4202 through an update released on May 28, 2025. Despite being classified as a non-critical denial-of-service issue, this incident highlights the challenges of integrating memory-safe programming languages into operating systems.

Winsage

October 18, 2025

New Windows GDI Rust Kernel Vulnerability Triggers Remote Code Execution

Security researchers identified a vulnerability in the Rust-based Windows kernel component, specifically within the Windows Graphics Device Interface (GDI), which can be triggered remotely and cause system-wide crashes. The flaw was linked to the win32kbase_rs.sys kernel driver, resulting from an out-of-bounds memory access while processing a malformed path in an EmfPlusDrawBeziers record. This vulnerability represents a denial-of-service risk, allowing a malicious actor to crash systems by embedding a harmful metafile in documents or webpages. It affects both x86 and x64 systems running Windows 11 version 24H2, with a single compromised low-privilege account capable of causing widespread crashes. Microsoft released a fix in the May 28, 2025, preview update (KB5058499), which included a new bounds-hardened routine, but initial testing showed that the feature flag for this fix was disabled, delaying full mitigation until July 2025 Patch Tuesday.

Winsage

October 17, 2025

Denial of Fuzzing: Rust in the Windows kernel

Check Point Research (CPR) identified a significant security vulnerability in the Rust-based kernel component of the Graphics Device Interface (GDI) in Windows, reported to Microsoft in January 2025. The issue was resolved in OS Build 26100.4202, part of the KB5058499 update released on May 28, 2025. The vulnerability was discovered during a fuzzing campaign targeting the Windows graphics component through metafiles, revealing multiple security issues including information disclosure and arbitrary code execution. The specific bug was linked to a crash occurring during the execution of a NtGdiSelectClipPath syscall in the win32kbasers.sys driver, triggered by an out-of-bounds memory access when processing malformed metafile records. Microsoft classified the vulnerability as moderate severity and addressed it in a non-security update, implementing substantial changes to the affected kernel module.

Winsage

September 11, 2025

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft addressed 80 vulnerabilities in its software, with eight classified as Critical and 72 as Important. None of these vulnerabilities have been exploited as zero-day threats. The vulnerabilities include 38 related to privilege escalation, 22 concerning remote code execution, 14 linked to information disclosure, and three associated with denial-of-service attacks. Notable vulnerabilities include CVE-2025-55234 (CVSS score: 8.8), which involves privilege escalation in Windows SMB, and CVE-2025-54914 (CVSS score: 10.0), a critical flaw affecting Azure Networking. Other significant vulnerabilities include CVE-2025-55232 (CVSS score: 9.8) in Microsoft HPC Pack and CVE-2025-54918 (CVSS score: 8.8) affecting Windows NTLM. Two additional privilege escalation vulnerabilities in Windows BitLocker were also identified. Microsoft recommends enabling TPM+PIN for BitLocker security and implementing the REVISE mitigation to prevent downgrade attacks. Other vendors, including Adobe, Cisco, and IBM, have also released security patches recently.

Tech Optimizer

August 27, 2025

AI Boosts Ransomware Attacks 70%, Fueling Cybersecurity Arms Race

Ransomware is being enhanced by artificial intelligence, with cybercriminals using generative AI tools to create sophisticated malware. A notable example is PromptLock, identified as the first fully AI-driven ransomware, discovered on August 27, 2025. It utilizes OpenAI’s gpt-oss-20b model to dynamically generate malicious code, complicating detection efforts. ESET's analysis indicates that PromptLock processes operations locally on the victim's device, minimizing external communications and reducing its digital footprint. The first half of 2025 saw a 70% increase in ransomware victims, largely due to AI-enhanced phishing campaigns. Akamai Technologies reported a 37% increase in ransomware incidents in 2024, fueled by generative AI. Governments are beginning to respond with regulations for quicker breach disclosures, and cybersecurity experts emphasize the need for continuous monitoring and adaptive defenses.