NewApp Digest
search bot

Microsoft Dynamics

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Winsage
November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.
Microsoft fixes 63 vulnerabilities, including 2 zero-days
Winsage
February 11, 2025

Microsoft fixes 63 vulnerabilities, including 2 zero-days

Microsoft's latest Patch Tuesday update addresses 63 vulnerabilities, focusing on high-severity flaws. Two of these are zero-day vulnerabilities: CVE-2025-21391, a privilege escalation flaw in the Windows Storage system with a CVSS score of 7.1, allowing attackers to delete files; and CVE-2025-21418, a heap-based overflow vulnerability in the Windows Ancillary Function Driver for WinSock with a CVSS score of 7.8, enabling attackers to gain system privileges. Nine vulnerabilities are flagged as “more likely” to be exploited, including CVE-2025-21400, a remote-code execution flaw in Microsoft SharePoint Server, and two privilege escalation vulnerabilities in Windows CoreMessaging (CVE-2025-21184 and CVE-2025-21358). The sole critical-severity vulnerability is CVE-2025-21198, a remote-code execution flaw affecting the Linux agent in Microsoft High Performance Compute clusters, requiring network access for exploitation.
Indian Govt Warns Businesses About Major Microsoft Security Issue: What It Says - News18
Winsage
August 13, 2024

Indian Govt Warns Businesses About Major Microsoft Security Issue: What It Says – News18

The Indian Computer Emergency Response Team (CERT-In) has raised concerns about a critical security vulnerability in Microsoft Dynamics 365, which could allow remote attackers to gain elevated privileges due to weak authentication protocols. Microsoft has been notified and issued a patch to address the vulnerability, particularly affecting the Dynamics 365 Field Service (on-premises) v7 series. Businesses using this version are urged to implement the necessary updates promptly.
Search