memory corruption Archives

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.

Winsage

November 12, 2025

Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege

Microsoft has identified a critical vulnerability, CVE-2025-62215, affecting the Windows Kernel, which is currently being exploited. This flaw, rated as Important, involves an elevation of privilege issue due to improper synchronization of shared resources, categorized under race condition (CWE-362) and double free (CWE-415). Exploitation requires high complexity and local authorization, allowing attackers to gain SYSTEM privileges for significant control over the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11 (multiple versions), and Windows Server (2019, 2022, and 2025), with patches released on November 12, 2025. Organizations are advised to prioritize swift patching and detection efforts, especially for servers and administrative workstations.

Winsage

November 3, 2025

New Windows Graphics Vulnerabilities Expose Systems to Remote Code Execution Risks

Check Point Research (CPR) identified three vulnerabilities in Microsoft’s Graphics Device Interface (GDI): 1. CVE-2025-30388: Inadequate validation of clipping rectangles in EMF+ files can lead to heap corruption in GdiPlus.dll, allowing potential remote code execution. Microsoft patched this in May 2025 with version 10.0.26100.4061. 2. CVE-2025-53766: A critical flaw in GdiPlus.dll allows remote code execution without user interaction due to unallocated memory writes triggered by malformed EmfPlusDrawRects records. Microsoft addressed this in August 2025 with version 10.0.26100.4946. 3. CVE-2025-47984: This vulnerability, related to an earlier issue, involves improper handling of EMR_STARTDOC records in gdi32full.dll, leading to information disclosure. Microsoft fixed this in July 2025 with version 10.0.26100.4652. Microsoft released patches for these vulnerabilities during its Patch Tuesday updates in May, July, and August of 2025.

Winsage

November 3, 2025

New GDI Flaws Could Enable Remote Code Execution in Windows

A series of vulnerabilities within the Windows Graphics Device Interface (GDI) has been discovered, potentially allowing for remote code execution and information disclosure. These vulnerabilities are linked to malformed enhanced metafile (EMF) and EMF+ records, leading to memory corruption during image rendering. Three specific vulnerabilities were analyzed and included in Microsoft's Patch Tuesday updates released in May, July, and August of 2025. They are cataloged as: - CVE-2025-30388: Rated important and more likely to be exploited. - CVE-2025-53766: Rated critical, enabling remote code execution. - CVE-2025-47984: Rated important, associated with information disclosure. All three involve out-of-bounds memory access triggered by crafted metafiles. Microsoft has released patches for GdiPlus.dll and gdi32full.dll to address these vulnerabilities, including validation checks and corrections in memory handling. These vulnerabilities also affect Microsoft Office for Mac and Android platforms.

Winsage

October 29, 2025

New Windows 11 feature aims to diagnose crashes — will check RAM after BSODs to look for problems

Microsoft is introducing a new memory diagnostic scan for Windows 11, which activates after a Blue Screen of Death (BSOD) incident. This feature is currently available to users in the dev channel through Windows 11 Insider Preview Build 26220.6982 (KB5067109). After a BSOD, users will see a pop-up window that allows them to schedule a memory scan for the next reboot or skip it. The scan aims to address memory corruption issues that can cause system errors and will be selectively triggered for crashes likely related to memory problems.

Winsage

October 27, 2025

Windows will soon prompt for memory scans after BSOD crashes

Microsoft is introducing a feature for Windows 11 that prompts users to conduct a memory scan after a blue screen of death (BSOD) to improve system reliability. When a device encounters a bugcheck, users will receive notifications upon logging in, suggesting a quick memory scan. This feature is not available for ARM64 devices or systems protected by Administrator Protection or BitLocker without Secure Boot. If users choose to run the scan, it will be scheduled for the next reboot, typically taking five minutes or less. Notifications will inform users if any memory issues are detected and resolved. The feature is currently being rolled out to Windows Insiders in the Dev and Beta channels with specific Insider Preview Builds. Additionally, Microsoft is testing new connectivity capabilities for its AI-powered Copilot digital assistant, allowing it to connect with Outlook, Gmail, and third-party services like Google Calendar and Google Drive.

Winsage

October 25, 2025

Announcing Windows 11 Insider Preview Build 26220.6982 (Dev Channel)

Windows 11 Insider Preview Build 26220.6982 (KB5067109) has been released to the Dev Channel, introducing new features, improvements, and fixes. Key features include: - Copy & Search: Users can search for text copied to the clipboard by clicking a paste gleam that appears in the search box. - Voice Typing: A new setting allows users to set a delay before a voice command is executed, with options ranging from 0.1 to 3.0 seconds. - Proactive Memory Diagnostics: A notification prompts users to run a memory scan after an unexpected restart, with the scan scheduled for the next reboot. Improvements include revamped Device Cards in Settings for better clarity, an enhanced About section, and a scrollbar for search results in Settings. The Start menu flyout now aligns in size with the Windows Search flyout. Fixes address various issues across general functionality, the taskbar, input methods, File Explorer, widgets, administrator protection, and Task Manager. Known issues include problems with keyboard functionality for some users, the Start menu not opening on click, and display issues in dark mode. Windows Insiders in the Dev Channel receive updates based on Windows 11, version 25H2, with features rolled out gradually. Users are encouraged to keep the toggle ON in Settings > Windows Update to receive features promptly.

Winsage

October 18, 2025

New Windows GDI Rust Kernel Vulnerability Triggers Remote Code Execution

Security researchers identified a vulnerability in the Rust-based Windows kernel component, specifically within the Windows Graphics Device Interface (GDI), which can be triggered remotely and cause system-wide crashes. The flaw was linked to the win32kbase_rs.sys kernel driver, resulting from an out-of-bounds memory access while processing a malformed path in an EmfPlusDrawBeziers record. This vulnerability represents a denial-of-service risk, allowing a malicious actor to crash systems by embedding a harmful metafile in documents or webpages. It affects both x86 and x64 systems running Windows 11 version 24H2, with a single compromised low-privilege account capable of causing widespread crashes. Microsoft released a fix in the May 28, 2025, preview update (KB5058499), which included a new bounds-hardened routine, but initial testing showed that the feature flag for this fix was disabled, delaying full mitigation until July 2025 Patch Tuesday.

Winsage

October 17, 2025

Denial of Fuzzing: Rust in the Windows kernel

Check Point Research (CPR) identified a significant security vulnerability in the Rust-based kernel component of the Graphics Device Interface (GDI) in Windows, reported to Microsoft in January 2025. The issue was resolved in OS Build 26100.4202, part of the KB5058499 update released on May 28, 2025. The vulnerability was discovered during a fuzzing campaign targeting the Windows graphics component through metafiles, revealing multiple security issues including information disclosure and arbitrary code execution. The specific bug was linked to a crash occurring during the execution of a NtGdiSelectClipPath syscall in the win32kbasers.sys driver, triggered by an out-of-bounds memory access when processing malformed metafile records. Microsoft classified the vulnerability as moderate severity and addressed it in a non-security update, implementing substantial changes to the affected kernel module.

Winsage

October 7, 2025

U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, adding critical flaws from Oracle, Mozilla, Microsoft Windows, and the Linux Kernel. The newly added vulnerabilities include: - CVE-2010-3765: Mozilla Multiple Products Remote Code Execution Vulnerability - CVE-2010-3962: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - CVE-2011-3402: Microsoft Windows Remote Code Execution Vulnerability - CVE-2013-3918: Microsoft Windows Out-of-Bounds Write Vulnerability - CVE-2021-22555: Linux Kernel Heap Out-of-Bounds Write Vulnerability - CVE-2021-43226: Microsoft Windows Privilege Escalation Vulnerability - CVE-2025-61882: Oracle E-Business Suite Unspecified Vulnerability CVE-2025-61882 has a CVSS score of 9.8 and allows unauthenticated remote attackers to control the Oracle Concurrent Processing component, affecting versions 12.2.3 to 12.2.14 of the Oracle E-Business Suite. It was exploited by the Cl0p ransomware group, and Oracle has released an emergency patch. CVE-2013-3918 was previously used in the 2009 Aurora attack and later by the EQUATION group against government entities in Afghanistan. Federal agencies must address these vulnerabilities by October 27, 2025, as per Binding Operational Directive (BOD) 22-01, which also recommends private organizations review the KEV catalog.