memory corruption Archives

Tech Optimizer

May 29, 2026

This compact antivirus protection package is now less than £25 — Norton 360 has everything you need to secure your devices against malware, ransomware, and hacking

Norton 360 Standard is currently available for £25, down from its regular price of £70 for the first year. It protects up to three devices from threats like malware and ransomware and includes features such as cloud backup, a VPN, and a password manager. It has a Scam Protection feature that identifies scams in messages and deepfake videos, and an AI Genie for user support. Norton 360 is consistently ranked among the top three antivirus solutions and has received high marks from AV-Comparatives and AV-TEST. It secures internet traffic on public Wi-Fi networks and offers 10GB of cloud backup to protect important files. The deal auto-renews at the standard price after the first year.

Tech Optimizer

May 21, 2026

PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection

PostgreSQL has released versions 18.4, 17.10, 16.14, 15.18, and 14.23 to address 11 security vulnerabilities and over 60 bugs. The vulnerabilities affect PostgreSQL versions 14 through 18 and include issues such as remote code execution, SQL injection, and denial-of-service risks. Specific vulnerabilities include: - CVE-2026-6472: Missing authorization in CREATE TYPE allows query hijacking. - CVE-2026-6473: Integer wraparound leads to out-of-bounds writes and server crashes. - CVE-2026-6474: Format string issue leaks server memory. - CVE-2026-6475: Symlink attack allows overwriting arbitrary files. - CVE-2026-6476: SQL injection allows execution of arbitrary SQL as superuser. - CVE-2026-6477: Memory buffer overwrite via libpq lo_* functions. - CVE-2026-6478: Timing attack exposes MD5-hashed passwords. - CVE-2026-6479: SSL/GSS recursion flaw allows denial-of-service. - CVE-2026-6575: Buffer over-read leaks memory data (PostgreSQL 18 only). - CVE-2026-6637: Refint module enables stack overflow and SQL injection, leading to possible RCE. - CVE-2026-6638: SQL injection in REFRESH PUBLICATION via table names. Organizations are advised to upgrade to the latest versions, avoid MD5 password authentication, restrict privileges, audit extensions, and monitor for abnormal activity. PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 20, 2026

Critical PostgreSQL Flaws Enable Code Execution and SQL Injection

On May 14, 2026, PostgreSQL released critical security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 Common Vulnerabilities and Exposures (CVEs) related to stack buffer overflows, SQL injection, memory disclosure, and denial-of-service vulnerabilities. The most critical vulnerability, CVE-2026-6637, has a CVSS score of 8.8 and allows remote, unprivileged database users to execute arbitrary code. Other notable vulnerabilities include CVE-2026-6473, which affects memory allocation leading to potential memory corruption, and CVE-2026-6475, which allows overwriting sensitive OS-level files. Additional vulnerabilities include SQL injection flaws and authentication issues, with various CVSS scores ranging from 3.7 to 7.5. The updates can be implemented without a database dump, and PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 20, 2026

PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability

A proof-of-concept exploit has been developed for CVE-2026-2005, a remote code execution vulnerability in the pgcrypto extension of PostgreSQL. This vulnerability, stemming from legacy code, allows attackers to trigger a heap-based buffer overflow through specially crafted PGP messages, enabling arbitrary memory read and write operations. Successful exploitation can escalate privileges to PostgreSQL superuser status and execute commands on the operating system. The exploit targets PostgreSQL instances compiled from a specific vulnerable commit and circumvents protections like Address Space Layout Randomization (ASLR). It involves corrupting heap memory structures, leading to a controlled pointer leak that reveals the heap layout. Security researcher Varik Matevosyan has published the PoC on GitHub, demonstrating the exploitation process. The exploit requires a compatible PostgreSQL binary and utilizes Python-based tools for interaction. Organizations are advised to review their PostgreSQL deployments, disable unnecessary extensions, and apply security updates to mitigate risks.

Tech Optimizer

May 19, 2026

Critical PostgreSQL Vulnerabilities Enables Code Execution and SQL Injections

The PostgreSQL Global Development Group has released security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 vulnerabilities, including critical issues related to arbitrary code execution and SQL injection flaws. All supported branches from 14 through 18 are affected by vulnerabilities, necessitating updates. Database administrators can perform in-place upgrades without needing a dump/restore. Key vulnerabilities include: - CVE-2026-6637: Stack buffer overflow in the refint module allowing arbitrary code execution. - CVE-2026-6472: Privilege bypass and arbitrary SQL execution. - CVE-2026-6473: Potential remote code execution and memory corruption. - CVE-2026-6474: Server memory information leak. - CVE-2026-6475: Arbitrary file overwrite vulnerability. - CVE-2026-6476: SQL injection with superuser execution. - CVE-2026-6477: Client-side code execution risk. - CVE-2026-6478: MD5 credential timing leak. - CVE-2026-6479: SSL/GSS denial-of-service flaw. - CVE-2026-6575: Limited memory disclosure issue. - CVE-2026-6638: SQL injection in logical replication. Organizations using PostgreSQL 14 should upgrade to version 14.23 and plan migration to a newer version before the end-of-life on November 12, 2026. The updates are urgent for deployments exposed to the internet or in multi-tenant environments.

Winsage

April 27, 2026

Using Windows or Microsoft Office? India issues high-severity cyber alert, how to stay safe

India’s cybersecurity agency, CERT-In, has issued an advisory regarding high-severity vulnerabilities in various Microsoft products, including multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. These vulnerabilities can allow attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. They arise from issues such as improper input validation, memory corruption, insufficient access control, and inadequate memory object handling. Exploitation can occur remotely or locally, sometimes requiring user interaction. CERT-In advises users and organizations to apply the latest security updates from Microsoft to mitigate these risks.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.

Winsage

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. has released security updates addressing at least 77 vulnerabilities across its Windows operating systems and various software applications. Key vulnerabilities include: - CVE-2026-21262: Allows an attacker to elevate privileges on SQL Server 2016 and later, with a CVSS v3 base score of 8.8. - CVE-2026-26127: Affects applications running on .NET, potentially leading to denial of service. - CVE-2026-26113 and CVE-2026-26110: Remote code execution flaws in Microsoft Office exploitable by viewing malicious messages in the Preview Pane. - CVE-2026-24291, CVE-2026-24294, CVE-2026-24289, and CVE-2026-25187: Privilege escalation vulnerabilities rated CVSS 7.8. - CVE-2026-21536: A critical remote code execution bug identified by an AI agent, marking a shift toward AI-driven vulnerability discovery. Additionally, Microsoft previously addressed nine browser vulnerabilities and issued an out-of-band update on March 2 for Windows Server 2022. Adobe has released updates for 80 vulnerabilities across its products, and Mozilla Firefox version 148.0.2 has resolved three high-severity CVEs.

Winsage

January 15, 2026

Microsoft updates Windows DLL that triggered security alerts

Microsoft has resolved an issue where third-party security applications mistakenly flagged the WinSqlite3.dll component of the Windows operating system as vulnerable. This issue affected various systems, including Windows 10, Windows 11, and Windows Server 2012 through 2025. The flagged vulnerability was linked to a memory corruption issue (CVE-2025-6965). Microsoft released an update to the WinSqlite3.dll component in updates from June 2025 and later, advising users to install the latest updates for their devices. WinSqlite3.dll is a core component of Windows, distinct from sqlite3.dll, which is not part of the operating system. Microsoft had previously addressed other false positive issues affecting its Defender for Endpoint platform.

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.