Patching Archives

Winsage

July 10, 2025

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Microsoft released patches for 130 vulnerabilities in the July 2025 Patch Tuesday update. Notable vulnerabilities include CVE-2025-49719, an uninitialized memory disclosure in Microsoft SQL Server, and CVE-2025-47981, a wormable remote code execution flaw in Windows. CVE-2025-49719 is assessed as having "unproven" exploit code, while CVE-2025-47981 has a high likelihood of exploitation within 30 days. Other vulnerabilities include CVE-2025-49717, a buffer overflow in SQL Server, and CVE-2025-49704, which allows code injection in SharePoint. Additionally, updates address vulnerabilities in Windows Routing and Remote Access Service (RRAS) and Microsoft Edge, including CVE-2025-6554, which has been actively exploited. Administrators are advised to prioritize patching internet-facing assets and consider additional mitigations for RRAS vulnerabilities.

Winsage

July 9, 2025

Microsoft Patch Tuesday, July 2025 Edition

Microsoft has released updates addressing 137 vulnerabilities across its Windows operating systems and supported software, with 14 classified as "critical." CVE-2025-49719 is a publicly disclosed information disclosure flaw affecting all SQL Server versions since 2016, posing a supply-chain risk due to its potential exploitation without authentication. SQL Server 2012 has reached its end of life, meaning no future security patches will be available. CVE-2025-47981 is a critical remote code execution vulnerability with a CVSS score of 9.8, affecting Windows clients and Windows Server. Microsoft also addressed four critical remote code execution vulnerabilities in its Office suite, including CVE-2025-49695 and CVE-2025-49696, which can be triggered through the Preview Pane. Other high-severity vulnerabilities include CVE-2025-49740, which could bypass Microsoft Defender SmartScreen, and CVE-2025-47178, allowing attackers to execute arbitrary SQL queries with minimal privileges. Adobe has also released security updates for various software, and users are advised to back up data before installing patches.

Winsage

July 9, 2025

Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited

Microsoft addressed a total of 130 vulnerabilities in its latest Patch Tuesday initiative. A significant vulnerability in SQL Server, identified as CVE-2025-49719, has a CVSS score of 7.5 and is due to improper input validation, potentially allowing unauthorized access to sensitive data. It affects SQL Server versions from 2016 to 2022. Another critical vulnerability, CVE-2025-47981, has a CVSS score of 9.8 and allows unauthenticated remote code execution without user interaction. This vulnerability poses a high risk due to its low attack complexity and potential for lateral movement within networks. Additionally, the update includes 16 vulnerabilities affecting Microsoft Office, with four categorized as more likely to be exploited.

Tech Optimizer

July 5, 2025

Protecting OT Systems Without Disrupting Production

Manufacturers are increasingly integrating IT systems with operational technology (OT), leading to heightened cyber threats such as ransomware, supply chain breaches, and attacks from nation-state actors. To enhance cyber resilience, it is crucial to segment IT and OT networks to prevent breaches on the IT side from affecting critical OT systems. Effective segmentation involves placing OT systems behind firewalls, restricting protocols, and using unidirectional gateways. Many manufacturing plants struggle with aging and undocumented devices, making security and monitoring challenging. Asset visibility tools can help map connected devices, enabling better inventory management and risk assessment. Attackers often use "living-off-the-land" techniques to navigate networks undetected, necessitating defenses that include behavioral analytics and application whitelisting. Incident response plans tailored for OT environments are essential, as production interruptions can have severe consequences. These plans should include scenarios like ransomware attacks and require regular testing and backups. For legacy systems that cannot be patched, isolation and monitoring are critical, along with virtual patching to block known exploits. Weak credentials pose a significant risk, so implementing role-based access control and multi-factor authentication is necessary. Security monitoring tools like SIEM and XDR should be used to consolidate data from IT and OT environments, providing alerts for potential attacks. Overall, cyber resilience in manufacturing focuses on minimizing risks and ensuring recovery without disrupting operations.

Tech Optimizer

July 5, 2025

Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks

A security vulnerability identified as CVE-2025-1735 in the PHP pgsql extension has been disclosed, classified with moderate severity. It arises from inadequate error checking during input data escaping, specifically the failure to pass error parameters to the PQescapeStringConn() function and not verifying NULL values from PQescapeIdentifier(). This flaw affects PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, allowing potential SQL injection attacks and application crashes due to null pointer dereferences. The vulnerability is linked to a recent PostgreSQL vulnerability (CVE-2025-1094) related to invalid multibyte character handling. Developers are urged to upgrade to patched releases to mitigate risks.

Tech Optimizer

July 5, 2025

Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks

Critical security vulnerabilities in PHP, identified as CVE-2025-1735 and CVE-2025-6491, pose risks for SQL injection attacks and denial of service (DoS) conditions. These vulnerabilities affect PHP versions below 8.1.33, 8.2.29, 8.3.23, and 8.4.10. CVE-2025-1735 relates to the PostgreSQL extension, where insufficient error checking during string escaping can lead to SQL injection vulnerabilities and application crashes. This flaw is associated with PostgreSQL's CVE-2025-1094. CVE-2025-6491 affects the SOAP extension, causing segmentation faults when a SoapVar instance has a namespace prefix exceeding 2GB, which can lead to application termination. This issue is linked to limitations in libxml2 versions prior to 2.13. Patches are available for all affected PHP versions to mitigate these vulnerabilities. CVE-2025-1735 has a CVSS score of 9.1 (Critical), while CVE-2025-6491 has a CVSS score of 5.9 (Moderate).

Winsage

June 18, 2025

Jim Rossman: More questions about the end of Windows 10 and third-party patching

The conclusion of Microsoft support for Windows 10 has prompted users to reconsider their operating systems and the future of their digital environments.

Winsage

June 16, 2025

Microsoft: June Windows Server security updates cause DHCP issues

Microsoft has identified an issue with the June 2025 security updates that causes the Dynamic Host Configuration Protocol (DHCP) service to freeze on certain Windows Server systems. This affects the service's ability to apply renewals of unicast IP addresses, impacting network operations. Microsoft has acknowledged that the DHCP Server service may intermittently stop responding after the update and is working on a resolution. Additionally, other issues affecting Windows Server systems have been addressed, including application failures and authentication problems on domain controllers. Out-of-band updates were previously issued to fix bugs causing Hyper-V virtual machines to restart or freeze, and emergency updates were released for issues with Windows containers on certain Windows Server versions.

Winsage

June 11, 2025

Microsoft Windows Secure Boot Bypass Confirmed

The second Tuesday of each month is when Microsoft releases monthly security updates for Windows. A significant zero-day vulnerability, CVE-2025-3052, has been identified, affecting all Windows users and allowing a Secure Boot bypass. This vulnerability could compromise system integrity by enabling malware to infiltrate Windows PCs and servers. CVE-2025-3052 is classified as a memory corruption issue within a module signed with Microsoft’s third-party UEFI certificate and can execute unsigned code during the boot process, potentially allowing attackers to install bootkits.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.