privilege escalation

Tech Optimizer
July 7, 2025
The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.
Winsage
June 17, 2025
Microsoft released an emergency update (KB5063159) to address startup failures in certain Surface Hub v1 devices running Windows 10, specifically those encountering Secure Boot Violation errors after installing the June 2025 Windows security update (KB5060533). The issue was limited to Surface Hub v1 systems on Windows 10, version 22H2, and did not affect Surface Hub 2S and 3 devices. Microsoft paused the rollout of the KB5060533 update on June 11, 2025, to prevent further complications. Additionally, the June 2025 Patch Tuesday updates included security patches for 66 vulnerabilities, including critical ones that allowed remote code execution and privilege escalation.
Winsage
June 13, 2025
Microsoft is addressing an issue with Surface Hub v1 devices running Windows 10, version 22H2, where users encounter Secure Boot errors after installing the KB5060533 security update released in June 2025. The error message states: 'Secure Boot Violation. Invalid signature detected. Check Secure Boot Policy in Setup.' This issue is specific to Surface Hub v1 and does not affect Surface Hub 2S and Surface Hub 3 models. Microsoft implemented a mitigation strategy on July 11, 2025, to prevent further startup failures on additional Surface Hub v1 devices. The KB5060533 update aimed to fix issues with Hyper-V virtual machines and was part of a larger rollout addressing 66 vulnerabilities, including critical ones related to WebDAV and Windows SMB. Additionally, an emergency update for Windows 11 (KB5063060) was released to fix an incompatibility with Easy Anti-Cheat causing BSOD errors.
Winsage
June 12, 2025
A critical security vulnerability, designated as CVE-2025-33067, has been identified in the Windows Task Scheduler, allowing attackers to escalate privileges to SYSTEM level access without prior administrative rights. This vulnerability is rated as "Important" with a CVSS score of 8.4 and is due to improper privilege management within the Windows Kernel’s task scheduling component. It affects multiple Windows versions, including Windows 10 (Versions 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and Windows Server 2016-2025. Microsoft released security updates on June 10, 2025, to address this flaw across 27 different Windows configurations. The vulnerability requires local system access, no prior privileges, and no user interaction, making it particularly dangerous. Security researcher Alexander Pudwill discovered and disclosed the vulnerability.
Winsage
June 12, 2025
Microsoft released an emergency update, KB5063060, to address a compatibility issue causing unexpected restarts and blue screen of death (BSOD) errors on Windows 11 systems using Easy Anti-Cheat. This update follows the earlier cumulative update, KB5060842, which led to reports of system reboots linked to IRQLNOTLESSOREQUAL BSODs. The issues were confirmed to affect devices running Easy Anti-Cheat, which is used in popular games like Fortnite and Apex Legends. The update will install automatically for devices with Easy Anti-Cheat, and manual installation options are available for x64 and arm64 systems. Additionally, Microsoft implemented a compatibility hold for Windows 24H2 upgrades on Intel Alder Lake+ and vPro systems due to related blue screen issues. On the same day, Microsoft also released security updates addressing 66 vulnerabilities in Windows 11, including critical flaws in Windows SMB and WebDAV.
Winsage
June 11, 2025
Microsoft announced a revised security update for Windows 11 24H2 systems to address compatibility issues with the initial update released during this month's Patch Tuesday. The revised update is being gradually deployed and includes all June 2025 security enhancements. Microsoft confirmed that the June 2025 security update is available for all other supported versions of Windows. The specific hardware or software configurations affected by the compatibility issue have not been detailed. On the same day, Microsoft rolled out security updates (KB5060842 and KB5060999) addressing 66 vulnerabilities across Windows 11 24H2 and 23H2, including a zero-day vulnerability (CVE-2025-33053) and a Windows SMB privilege escalation flaw. The updates mitigated ten critical vulnerabilities, resolved a Windows Hello sign-in issue, and extended system restore points to 60 days on Windows 11 24H2 devices. Additionally, KB5060999 addressed graphics support issues affecting Remote Desktop connections. Microsoft also released the KB5060533 cumulative update for Windows 10 22H2, restoring seconds to the Calendar flyout and resolving Hyper-V virtual machine issues.
Search