federal agencies Archives

Winsage

January 26, 2026

Your BitLocker-secured Windows PC isn’t so secure after all – unless you do this

Microsoft's BitLocker encrypts personal files on Windows hard drives to protect against unauthorized access in case of loss or theft. The BitLocker recovery key is essential for decrypting data, but Microsoft has confirmed it will comply with valid legal requests for access to these keys if they are stored in the cloud. This was highlighted during an FBI investigation in Guam, where Microsoft provided recovery keys related to a COVID unemployment fraud case. Microsoft receives about 20 requests for BitLocker keys annually, but many cannot be fulfilled if users do not store their keys in the cloud. The Guam case is the first known instance of Microsoft providing encryption keys to law enforcement, contrasting with a previous request from the FBI in 2013 that was declined. Users can choose to store their keys locally or in Microsoft's cloud, but storing them in the cloud carries risks of unauthorized access. For optimal security, it is recommended to save the recovery key on a USB stick or external drive, encrypting the file if necessary, and avoiding cloud storage. Users should check their BitLocker settings in Windows 11 or 10 to manage their recovery keys and consider removing any keys stored in the cloud.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

December 10, 2025

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include two critical vulnerabilities: 1. CVE-2025-6218 (CVSS score of 7.8) - RARLAB WinRAR Path Traversal Vulnerability, which allows attackers to execute arbitrary code by manipulating file paths within a malicious archive or webpage. 2. CVE-2025-62221 (CVSS score of 7.8) - Microsoft Windows Use After Free Vulnerability, which enables an authorized attacker to elevate their privileges locally to SYSTEM. Federal agencies are required to address these vulnerabilities by December 30, 2025, in accordance with Binding Operational Directive (BOD) 22-01.

AppWizard

November 25, 2025

CISA alert draws attention to spyware’s targeting of messaging apps

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the increasing threat of spyware targeting messaging applications, particularly on Android devices like Samsung. Cybercriminals are using social engineering techniques, including sending harmless-looking image files via WhatsApp, to install malicious software. Russian hackers have been reported to compromise Signal accounts. The alert highlights a focus on high-value individuals, including government officials and civil society members in the U.S., Middle East, and Europe. CISA has a history of issuing such alerts and provides cybersecurity guidance, including a "must-patch" list for federal agencies. Users are advised to be vigilant and follow mobile security guidelines, as threat groups are also using malicious QR codes and zero-click exploits to compromise devices.

Winsage

November 13, 2025

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox. 1. WatchGuard Firebox Vulnerability (CVE-2025-9242): This vulnerability has a CVSS score of 9.3 and allows unauthenticated attackers to execute arbitrary code through an out-of-bounds write flaw. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. The vulnerability impacts the Mobile User VPN and Branch Office VPN configured with IKEv2. 2. Gladinet Triofox Vulnerability (CVE-2025-12480): This improper access control vulnerability allows threat actors to bypass authentication and upload remote access tools. It has been linked to threat cluster UNC6485 and is the third Triofox issue exploited this year, following CVE-2025-30406 and CVE-2025-11371. 3. Microsoft Windows Vulnerability (CVE-2025-62215): This race condition vulnerability has a CVSS score of 7 and allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM privileges. Federal agencies must address these vulnerabilities by December 3, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog to strengthen their cybersecurity measures.

Winsage

October 28, 2025

Google probes exploitation of critical Windows service CVE

The Google Threat Intelligence Group (GTIG) is investigating cyberattacks linked to a hacker exploiting a vulnerability in the Windows Server Update Service (WSUS), specifically CVE-2025-59287. The threat actor, UNC6512, has targeted multiple organizations, gaining access to systems, conducting reconnaissance, and exfiltrating data. Despite a Microsoft patch released earlier, it has been ineffective. Researchers from HawkTrace and Eye Security have identified suspicious activities related to the vulnerability, with Eye Security noting at least two adversaries exploiting it. Palo Alto Networks Unit 42 confirmed the use of malicious PowerShell commands for exploitation. Shadowserver reported around 2,800 instances exposed to this flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and is urging users to implement the patch. CISA has found no evidence of federal agency impacts but encourages reporting of suspicious activities.

Winsage

October 28, 2025

CISA orders feds to patch actively exploited Windows Server WSUS flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated U.S. government agencies to address a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, which allows for remote code execution (RCE) on affected servers. Microsoft has released out-of-band security updates for this vulnerability, and IT administrators are urged to implement these updates immediately. For those unable to do so, CISA recommends disabling the WSUS Server role on vulnerable systems. Active exploitation attempts targeting WSUS instances have been detected, and CISA has also added a second vulnerability affecting Adobe Commerce to its Known Exploited Vulnerabilities catalog. U.S. Federal Civilian Executive Branch agencies are required to patch their systems by November 14th, 2023, under the Binding Operational Directive 22-01. CISA emphasizes the need for organizations to address these vulnerabilities to mitigate risks of unauthorized remote code execution.

Winsage

October 26, 2025

Microsoft Issues 2 Emergency Windows Updates—What You Do Now

Microsoft has ended support for Windows 10, prompting users to transition to Windows 11, which has faced significant challenges, including a problematic October security update that caused issues with localhost connections and rendered peripherals inoperable. Microsoft released emergency update KB5070773 to address these problems, and users are advised to install it immediately to avoid recovery mode issues. Following this update, Windows 11 version 25H2 will upgrade to Build 26200.6901, and version 24H2 will upgrade to 26100.6901. Additionally, a second emergency update addresses a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Service (WSUS) across several Windows Server versions, with a deadline of November 14 for federal agencies to implement necessary updates.