InDesign Archives

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

August 13, 2025

Microsoft’s Patch Tuesday gives sys admins a baker’s dozen

Microsoft's August Patch Tuesday addressed 111 vulnerabilities, including 12 classified as critical. A known elevation of privilege flaw in the Windows Kerberos protocol, CVE-2025-53779, has a CVSS score of 7.2 and requires authenticated access for exploitation. Two critical remote code execution (RCE) vulnerabilities, CVE-2025-50165 and CVE-2025-53766, both rated 9.8, were identified in the Windows Graphics Device Interface. SharePoint has a critical RCE bug, CVE-2025-49712, with a severity score of 8.8. Other critical flaws include vulnerabilities in Microsoft Message Queuing, Office, Hyper-V, and Azure Stack Hub. Adobe released fixes for 68 CVEs, including eight critical RCE bugs in InCopy and critical issues in other products like Commerce, InDesign, and Substance 3D applications. SAP issued 15 security notes, including three critical vulnerabilities rated at 9.9 related to code injection in SAP S/4HANA. Intel released 34 advisories addressing 66 vulnerabilities, including high-severity issues in Xeon 6 processors and Intel Ethernet Drivers. Google updated Android to fix several flaws, including two actively exploited Qualcomm vulnerabilities.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.

Winsage

May 27, 2025

Windows on Arm vs Intel: Which laptop platform is right for you?

The Windows laptop market has shifted towards devices powered by Qualcomm Snapdragon processors, moving away from traditional Intel and AMD architectures. This initiative, known as Windows on Arm, has produced notable products like the Asus ZenBook A14 and Dell XPS 13, which are praised for their performance in AI applications and impressive battery life. These devices can run Intel-based applications through an emulation layer called Prism, which translates x86-64 code into ARM64 instructions, allowing compatibility with non-native software. While they perform well for office tasks and some creative applications, limitations exist in gaming and high-demand software due to the need for specific drivers and graphics performance. Currently, the market features three Windows on Arm processors: Snapdragon X Elite, X Plus, and X. Pricing for these laptops often exceeds ,000, making Intel and AMD options more appealing for budget-conscious consumers.

Winsage

March 12, 2025

Zero Day Initiative — The March 2025 Security Update Review

In March 2025, Adobe released seven bulletins addressing 37 Common Vulnerabilities and Exposures (CVEs) across its software products, including Acrobat Reader, Illustrator, InDesign, and Substance 3D applications. Six vulnerabilities were reported through the Zero Day Initiative program. The Acrobat Reader patch resolves multiple Critical-rated code execution vulnerabilities, while Illustrator and InDesign patches also address critical issues. The Substance 3D Sampler patch fixes seven vulnerabilities, with some classified as Critical, and the other Substance 3D applications also received updates for code execution vulnerabilities. None of the vulnerabilities were publicly known or under active attack at the time of release. Microsoft released an update addressing 56 new CVEs across its products, totaling 67 when including third-party vulnerabilities. Six are rated as Critical, and 50 as Important. Notable vulnerabilities include CVE-2025-26633, a security feature bypass in the Microsoft Management Console, and critical remote code execution vulnerabilities CVE-2025-24993 and CVE-2025-24985 linked to Windows NTFS and Fast FAT file systems. CVE-2025-24984 and CVE-2025-24991 involve information disclosure vulnerabilities, with one requiring physical access and the other needing a specially crafted VHD. Immediate attention and deployment of patches for these vulnerabilities are essential.

Winsage

February 23, 2025

WinApps: Virtualized Windows Apps On Linux, Plus Windowing

Linux users can now run the latest version of Photoshop on Linux machines with access to a dedicated mobile GPU, thanks to innovative open-source solutions. This is achieved through the WinApps project, which integrates a virtual machine into the Linux desktop using Remote Desktop Protocol, allowing Windows applications to run alongside native Linux programs. The setup requires significant effort, particularly in recognizing the GPU, but it enables heavy-duty applications to function effectively on machines like the HP Envy 16 with an Intel i7-12700H processor and 32GB of RAM. While WinApps offers substantial benefits for users relying on Adobe Creative Cloud and Microsoft Office 365, it is best suited for casual use due to potential bugs and performance issues. The development of WinApps reflects the contributions of various open-source teams, including those at Red Hat, and suggests future enhancements may improve accessibility for users.

Winsage

February 12, 2025

Microsoft takes it easy on February’s Patch Tuesday

Microsoft released a total of 63 patches in February, including six previously released ones. Two vulnerabilities, CVE-2025-21418 (CVSS 7.8) and CVE-2025-21391 (CVSS 7.1), are actively exploited and require local access and authentication for exploitation. CVE-2025-21418 affects the Windows Ancillary Function Driver for Winsock, allowing attackers to gain SYSTEM-level privileges on Windows 10, 11, and various Windows Server versions. CVE-2025-21391 affects Windows Storage, enabling local attackers to delete files under certain conditions. Two publicly known vulnerabilities, CVE-2025-21194 (CVSS 7.1) and CVE-2025-21377 (CVSS 6.5), have not yet been exploited. CVE-2025-21194 exposes PCs to potential hypervisor and secure kernel compromises, while CVE-2025-21377 risks leaking a user's NTLMv2 hash with minimal user interaction. CVE-2025-21198, rated at CVSS 9.0, allows remote code execution in high-performance computing infrastructures, requiring network access to a targeted HPC cluster. Excel users should address five patches rated at 7.8, particularly CVE-2025-21381, which has potential for remote code execution through local attack vectors. As of February 11, administrators must configure the StrongCertificateBindingEnforcement registry key on domain controllers to avoid transitioning to Full Enforcement mode by February 2025. CVE-2025-21177 (CVSS 8.7) has been fully mitigated by Microsoft. Adobe released 45 updates, with 31 addressing vulnerabilities in Adobe Commerce, and critical patches for InDesign and Illustrator. SAP issued 21 patches affecting NetWeaver and addressing cross-site scripting issues. Fortinet released security updates for various products, including a critical authentication bypass vulnerability in FortiOS and FortiProxy (CVSS 9.6).

Winsage

February 11, 2025

Zero Day Initiative — The February 2025 Security Update Review

Adobe released seven bulletins in February 2025, addressing 45 CVEs across products such as InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. The updates include: - InDesign: Seven bugs fixed, four rated Critical. - Illustrator: Three critical bugs allowing arbitrary code execution when opening malicious files. - Substance 3D Stager: One DoS bug fixed. - InCopy: One critical-rated code execution vulnerability patched. - Substance 3D Designer: One critical-rated code execution vulnerability patched. - Photoshop Elements: One important-rated privilege escalation vulnerability addressed. None of the patched vulnerabilities were publicly known or under active attack at the time of release. Microsoft released patches for 57 new CVEs affecting Windows, Office, Azure, Visual Studio, and Remote Desktop Services, totaling 67 CVEs including third-party submissions. The severity ratings are: - 3 rated Critical - 53 rated Important - 1 rated Moderate Two vulnerabilities are publicly known, and two are under active attack. Notable vulnerabilities include: - CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability allowing file deletion and privilege escalation. - CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability requiring authenticated user interaction. - CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability allowing unauthenticated remote code execution. - CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability exploitable through the Preview Pane requiring user interaction.