patch management Archives

Tech Optimizer

December 12, 2025

The digital impersonators: How cybercriminals hijack your brand to launch malvertising attacks

Brand trust is highly valued by consumers, leading cybercriminals to exploit it through malvertising, which embeds malicious code in legitimate ads. Malvertising can redirect users to phishing sites or download malware. Cybercriminals create fake ads that mimic trusted brands, targeting high-traffic moments and using real-time bidding to distribute these ads on reputable sites. The process involves setting up fake accounts, creating convincing ads, purchasing ad space, and delivering malware through exploit kits. The consequences include identity theft and financial loss for consumers, and reputational damage for brands. To protect against these threats, organizations should implement regular software updates, continuous employee training, protective tools, and consider partnering with managed service providers for enhanced security measures.

Winsage

November 18, 2025

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft released an emergency out-of-band update, KB5072653, on November 17, 2025, to address installation issues related to the November extended security updates for Windows 10. This update specifically targets the error code 0x800f0922 that prevented users from successfully installing the ESU update. To install this update, devices must be running Windows 10 version 22H2 and have the October 2025 KB5066791 cumulative update installed. Users can check for updates via Windows Update, where KB5072653 will be included. Microsoft plans to release a new Scan Cab with updated metadata to improve compliance update checks for organizations using WSUS and SCCM.

Winsage

November 18, 2025

Microsoft fixes Windows 10 update flaw

Jack Bicer, the director of vulnerability research at Action1, advises IT leaders to ensure the latest servicing stack update (SSU) is installed before reapplying a patch after Microsoft’s patch release on November 17. He recommends troubleshooting steps for system file corruption, including: 1. Temporarily disabling non-Microsoft services and startup applications through a Clean Boot. 2. Manually installing the update by downloading the .msu package for KB5068781 from the Microsoft Update Catalog and using the command wusa.exe .msu /quiet /norestart. 3. Verifying the build number with the winver command, targeting build numbers 19045.6575 (22H2) or 19044.6575 (21H2).

Winsage

November 16, 2025

Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors

Microsoft has acknowledged an issue with the installation of the Windows 10 KB5068781 extended security update, which is causing 0x800f0922 errors on devices using corporate licensing. This update, released on November 11, is the first extended security update for Windows 10. Reports indicate that the update fails to apply after installation on some devices, despite users having the necessary ESU licenses. Microsoft is investigating the issue, which appears to affect devices activated through Windows subscription activation via the Microsoft 365 Admin Center. There is currently no estimated time for a resolution or any workarounds provided. Additionally, some Windows 10 devices are not recognized as needing the KB5068781 update, even when properly licensed.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

Microsoft releases KB5068781 — The first Windows 10 extended security update

Microsoft has released the KB5068781 update, which is the first extended security update for Windows 10 since the operating system reached its end of support last month. This update follows the final cumulative update on October 14, which ended bug fixes and free security updates for Windows 10. Extended security updates (ESU) are available for consumers and business customers for up to three years, depending on the account type. Consumers can enroll in the ESU program through payment, Microsoft reward points, or Windows Backup synchronization. In the European Economic Area, additional options include free access with a Microsoft account or payment for a local account. Business customers can utilize the ESU program for three years at a total cost of 0 per device. A bug has affected some devices' enrollment in the ESU program, prompting Microsoft to issue an emergency fix. Users can install the update via Settings and Windows Update. The update is mandatory and will automatically install, requiring a device restart. After installation, Windows 10 ESU will be upgraded to build 19045.6575, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6575. The update primarily addresses a bug that incorrectly indicated Windows 10 LTSC devices had reached their end of support. It also includes security updates that fix 63 vulnerabilities, including one actively exploited elevation-of-privilege vulnerability, with no known issues reported.

Winsage

November 8, 2025

Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday

Users operating Windows 10 are encouraged to enroll in the Extended Security Updates (ESU) program following the end of support for the operating system on October 14, 2025. The ESU program allows continued access to security updates for users unable to transition to Windows 11. To obtain extended security updates for an additional year, users can pay a fee, back up their Windows settings to their Microsoft account, or redeem 1,000 Microsoft reward points. In the European Economic Area, users can receive ESU for free by logging into Windows 10 with a Microsoft account or can opt to pay to continue using a local account. Enterprise customers can utilize the ESU program for a total of three years at a cumulative cost of per device. Users must be operating Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition, and ensure all available updates are installed to qualify for ESU. Enrollment can be completed through the Windows Update settings. Microsoft frequently addresses security vulnerabilities, including a recent one tracked as CVE-2025-24990, which was exploited to gain administrative privileges on devices. Successful enrollment in the ESU program will provide updates until October 13, 2026. Organizations must acquire licenses through Microsoft Volume Licensing or Cloud Solution Provider partners, and each device must be activated with a unique ESU key. Windows 10 devices accessing Windows 365 Enterprise Cloud PCs can also benefit from free enrollment in the ESU program.

Winsage

October 30, 2025

What Windows 10 EOS Means for Security

Microsoft will cease support for most versions of Windows 10 on October 14, 2025, while offering temporary Extended Security Updates (ESU) for version 22H2. Approximately 40% to 45% of Windows users globally still rely on Windows 10. The end of support raises cybersecurity concerns as Microsoft will stop issuing updates for vulnerabilities and bugs. Organizations using Windows 10 need to devise migration plans to Windows 11, but the transition can be costly and time-consuming, especially for those dependent on legacy software. Delaying migration poses risks such as regulatory violations, increased IT burdens, escalating ESU costs, and exposure to cyber threats. Organizations should prioritize migrating critical systems, review application support, and evaluate ongoing costs for legacy systems. Bitdefender offers security solutions for Windows 10 environments, including risk management, application control, cloud security, and monitoring services.

Winsage

October 24, 2025

Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability

Microsoft released an emergency patch on October 23, 2025, to address a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS). The vulnerability, rated critical with a CVSS score of 9.8, allows unauthorized attackers to execute arbitrary code over the network through unsafe deserialization of untrusted data. Although WSUS is not enabled by default, organizations using it are at risk if unpatched. The CVE's temporal score was updated to 8.8 after proof-of-concept exploit code was confirmed. The patch is available through various Microsoft update channels but requires a server reboot. Temporary workarounds include disabling the WSUS server role or blocking specific inbound traffic. Affected versions include Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2022 (23H2 Edition), and 2025, each with corresponding patch KB numbers.