patch management Archives

Winsage

June 16, 2025

Microsoft: June Windows Server security updates cause DHCP issues

Microsoft has identified an issue with the June 2025 security updates that causes the Dynamic Host Configuration Protocol (DHCP) service to freeze on certain Windows Server systems. This affects the service's ability to apply renewals of unicast IP addresses, impacting network operations. Microsoft has acknowledged that the DHCP Server service may intermittently stop responding after the update and is working on a resolution. Additionally, other issues affecting Windows Server systems have been addressed, including application failures and authentication problems on domain controllers. Out-of-band updates were previously issued to fix bugs causing Hyper-V virtual machines to restart or freeze, and emergency updates were released for issues with Windows containers on certain Windows Server versions.

Winsage

June 11, 2025

Microsoft fixes unreachable Windows Server domain controllers

Microsoft addressed a significant issue with Windows Server 2025 domain controllers that made some servers unreachable after a restart, affecting applications and services reliant on them. The problem was due to servers loading the standard firewall profile instead of the intended domain firewall profile after a reboot, leading to improper network traffic management. This misconfiguration caused accessibility challenges for services and applications on affected servers. Microsoft released the KB5060842 security update to resolve this issue during the June 2025 Patch Tuesday. A temporary workaround involves manually restarting the network adapter on affected servers using the Restart-NetAdapter * PowerShell command, which must be done after each reboot until the update is installed. Additionally, Microsoft fixed another issue preventing some users from logging into accounts via Windows Hello after the installation of the KB5055523 April 2025 security update.

Tech Optimizer

June 7, 2025

CISA Warns of Rising Play Ransomware Threat to Infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical advisory on December 18, 2023, regarding the rising threat of Play Ransomware, which targets various organizations, particularly critical infrastructure and public sector entities. The advisory details the tactics used by Play Ransomware actors, including exploiting unpatched systems and phishing campaigns, leading to severe consequences like data encryption and high ransom demands. The ransomware can disable antivirus software and exfiltrate sensitive data before encryption. Play Ransomware employs double extortion tactics, threatening to leak stolen data if ransoms are not paid. CISA recommends organizations prioritize patch management, implement multi-factor authentication, train employees to recognize phishing attempts, and maintain regular offline data backups. The advisory calls for collaboration between public and private sectors to combat this threat and emphasizes the importance of information sharing to stay ahead of ransomware tactics.

Winsage

May 28, 2025

Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2

On May 27, Microsoft released an out-of-band update, KB5061977, for Windows 11 version 24H2, elevating the operating system build to 26100.4066. This emergency patch addresses a security vulnerability currently being exploited, likely related to remote code execution or privilege escalation. The update is available through Windows Update, Windows Update for Business, WSUS, and the Microsoft Update Catalog. Organizations are urged to prioritize its installation, especially on publicly accessible or critical systems. The update focuses on security and reliability improvements, with no new features introduced. The issuance of this update outside regular maintenance windows presents challenges for IT administrators, emphasizing the need for proactive patch management strategies.

Winsage

April 28, 2025

Microsoft makes hot patching a paid feature for Windows Server 2025

Hotpatching in Windows Server 2025 allows system administrators to apply security updates without rebooting, enhancing response times to vulnerabilities. Microsoft will introduce a subscription model for this feature starting July 1, 2024, at an initial rate of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Hotpatching emerges as a significant advancement in the realm of Windows Server 2025, allowing system administrators to implement security updates without the need for system reboots. This capability enhances the speed at which organizations can respond to vulnerabilities, aligning with the growing demand for agile IT operations. However, Microsoft has decided to place this feature behind a paywall, introducing a subscription model that will take effect from July 1, 2024, at an initial rate of .50 per core per month. Notably, users operating on Azure will be exempt from this charge, providing a clear incentive for cloud-based deployments. Previously available in Azure Hotpatching is not an entirely new concept; it has been successfully utilized in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. Microsoft has previously offered hot patching capabilities for Windows Server: Azure Edition and version 2022 within the Azure cloud ecosystem. In August 2024, the company unveiled a preview of hot patching for Windows Server 2025 in Azure, followed by an additional preview for deployments managed through the Arc hybrid and multicloud management system in September. This latest preview marks a pivotal moment, as it introduces hot patching for Windows Server 2025 Standard and Datacenter Edition, enabling on-premises applications of this technology for the first time. Microsoft has characterized this feature as a “game changer,” highlighting its potential to redefine patch management for enterprises. Subscription model and patching cycle Under the new subscription model, Microsoft anticipates releasing eight hot patches annually. However, it is important to note that there may be instances where a restart is still required for security purposes. As the transition to the paid version approaches, users currently in the preview phase will be automatically migrated unless they opt out by June 30, 2024. This move has drawn parallels to Microsoft's previous strategies regarding detailed logs, which have sparked concern among security experts. Critics argue that by monetizing essential security features, Microsoft risks compromising the overall security posture for users who may not opt for these additional services. While hotpatching was initially heralded as a cornerstone innovation for Windows Server 2025, its placement behind a paywall raises questions about the balance between enhanced security and cost considerations for organizations. Read also: Windows Server 2025 updates cause problems" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month, with Azure users exempt from this charge. Hotpatching has been previously available in Azure and is now being introduced for on-premises applications in Windows Server 2025 Standard and Datacenter Edition. Microsoft plans to release eight hot patches annually, although some may still require a restart. Users in the preview phase will be automatically migrated to the paid version unless they opt out by June 30, 2024. Critics express concern that monetizing essential security features may compromise overall security for users who do not subscribe.

Tech Optimizer

March 31, 2025

Traditional EDR can’t keep up with modern cyber threats

By 2025, the global cost of cybercrime is projected to reach .5 trillion annually. Many organizations continue to use outdated Endpoint Detection and Response (EDR) solutions, which are increasingly ineffective against sophisticated cyber threats. EDR was introduced in 2013 but has struggled to keep pace with evolving attack techniques. Traditional EDR is reactive, responding to incidents after they occur, and relies on known Indicators of Compromise (IoCs), which limits its effectiveness. Real-world examples of traditional EDR failures include a misconfigured update to CrowdStrike’s Falcon EDR causing an IT outage, the Akira ransomware exploiting an unsecured webcam, the Medibank breach despite multiple alerts from EDR, and the BlackCat ransomware attack on Henry Schein. These incidents highlight the inadequacy of traditional EDR in preventing modern threats. The next phase of endpoint security is Preemptive Endpoint Protection (PEP), which actively prevents attacks rather than just detecting and responding to them. PEP utilizes proactive strategies like Automated Moving Target Defense (AMTD) and Adaptive Exposure Management (AEM), and research indicates that organizations using proactive security save 30% more on breach costs compared to those relying solely on reactive measures.

Winsage

March 12, 2025

CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

CISA has identified a critical vulnerability in Microsoft Windows Management Console (MMC), designated as CVE-2025-26633, which allows remote attackers to execute arbitrary code due to improper input sanitization. This vulnerability is included in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must address it by April 2, 2025, as per Binding Operational Directive 22-01. Microsoft has released an out-of-band patch on March 10, 2025, to improve input validation in mmc.exe. Organizations are advised to prioritize patching, restrict MMC access, and monitor for exploitation.

Tech Optimizer

February 7, 2025

What is Managed Endpoint Protection?

Managed Endpoint Protection involves outsourcing endpoint security for devices like laptops, desktops, and servers to specialized providers. These services offer continuous monitoring, automated responses, and compliance checks, utilizing advanced analytics and real-time threat intelligence. Key features include continuous monitoring, automated threat containment, vulnerability management, forensic analysis, compliance tools, and threat hunting. Managed services address various threats such as ransomware, phishing, zero-day exploits, credential theft, insider threats, DDoS attacks, and data exfiltration. Benefits include 24/7 expert coverage, access to specialized threat intelligence, faster incident response, reduced operational complexity, predictable pricing, and improved compliance. Challenges include the rapidly evolving threat landscape, skills shortage, budget constraints, and ensuring real-time visibility. Best practices for implementation involve maintaining asset inventories, defining roles, fine-tuning detection thresholds, conducting regular drills, and integrating with broader security measures. When choosing a provider, factors to consider include technical expertise, service level agreements, integration capabilities, pricing, compliance, and ongoing support. SentinelOne offers an autonomous cybersecurity platform that enhances endpoint security through superior visibility, automated responses, and customizable features.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast's global revenue for 2024 is projected to reach USD 950 million, with a growth rate of 4% compared to the previous year. The company has over 435 million active users globally, with 60% of its revenue coming from Europe and North America. Avast controls 6.5% of the global antivirus market and ranks among the top five providers in the cybersecurity industry. Its VPN services, using AES-256-bit encryption, saw a 12% increase in subscriptions. Additionally, 80% of Avast's products integrate AI and machine learning, and mobile security products account for 20% of its total revenue. Avast has raised USD 100 million in funding, bringing its valuation to USD 2,865.9 million, and partnerships with major tech companies contribute 10% of its total revenue. The company employs more than 1,800 individuals and has around 9 million weekly active users. Avast prevents nearly 1.5 billion attacks each month and has users in 59 countries. A total of 859 companies utilize Avast for organizational cybersecurity solutions, and the software is available in 45 different languages. Avast offers a 30-day free trial and has a highly accurate antivirus solution, with a 94.2% offline detection rate and a 99.5% online detection rate. Avast is compatible with Windows, macOS, Android, and iOS, and provides a 30-day money-back guarantee. The software features include real-time protection, Wi-Fi Inspector, CyberCapture, and email shield. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) per year. In Q1 2024, social engineering attacks were identified as the biggest threat, with scams increasing by 61% on mobile and 23% on desktop. Avast's global risk ratio was 31%, with a total of 3.52 billion blocked attacks. The company secured the fourth position in the antivirus market, with 8% paid users and 18% free users. As of July 2024, avast.com had 14.1 million visits, with the United States contributing 20.1% of the traffic. Male users made up 62.93% of visitors, and the highest percentage of users were aged 25 to 34. Organic search generated the highest traffic rate, accounting for 45.9%, while YouTube was the leading source of social media referrals.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast has a user base exceeding 435 million globally and employs over 1,800 individuals. The company’s projected global revenue for 2024 is USD 950 million, with approximately 60% generated from Europe and North America. Avast commands 6.5% of the global antivirus market and has raised USD 100 million in funding, elevating its valuation to USD 2,865.9 million. The software prevents nearly 1.5 billion attacks each month and operates in 59 countries. It is available in 45 languages and competes with brands like Symantec and McAfee. Avast's antivirus solution has a 94.2% offline detection rate and a 99.5% online detection rate. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) annually. In Q1 2024, Avast blocked 3.52 billion attacks, with social engineering attacks being the predominant threat. The website avast.com recorded 14.1 million visits in July 2024, with the United States accounting for 20.1% of total traffic. Organic search generated 45.9% of total visits, and YouTube was the leading social media referral source.