race condition Archives

Winsage

November 13, 2025

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox. 1. WatchGuard Firebox Vulnerability (CVE-2025-9242): This vulnerability has a CVSS score of 9.3 and allows unauthenticated attackers to execute arbitrary code through an out-of-bounds write flaw. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. The vulnerability impacts the Mobile User VPN and Branch Office VPN configured with IKEv2. 2. Gladinet Triofox Vulnerability (CVE-2025-12480): This improper access control vulnerability allows threat actors to bypass authentication and upload remote access tools. It has been linked to threat cluster UNC6485 and is the third Triofox issue exploited this year, following CVE-2025-30406 and CVE-2025-11371. 3. Microsoft Windows Vulnerability (CVE-2025-62215): This race condition vulnerability has a CVSS score of 7 and allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM privileges. Federal agencies must address these vulnerabilities by December 3, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog to strengthen their cybersecurity measures.

Winsage

November 12, 2025

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Google has released an emergency update for Chrome users to address a critical security vulnerability. Microsoft has issued a warning about a zero-day vulnerability in the Windows Kernel, identified as CVE-2025-62215, which is actively exploited by attackers to gain system privileges. This vulnerability is a privilege escalation flaw that requires an attacker to exploit a race condition. It affects nearly all assets running Microsoft software and can potentially allow remote code execution without needing an existing foothold. The root causes are linked to improper synchronization and double free issues, leading to kernel heap corruption and the ability for attackers to hijack system execution flow. Users are advised to update their systems immediately.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.

Winsage

November 12, 2025

Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege

Microsoft has identified a critical vulnerability, CVE-2025-62215, affecting the Windows Kernel, which is currently being exploited. This flaw, rated as Important, involves an elevation of privilege issue due to improper synchronization of shared resources, categorized under race condition (CWE-362) and double free (CWE-415). Exploitation requires high complexity and local authorization, allowing attackers to gain SYSTEM privileges for significant control over the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11 (multiple versions), and Windows Server (2019, 2022, and 2025), with patches released on November 12, 2025. Organizations are advised to prioritize swift patching and detection efforts, especially for servers and administrative workstations.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day

Microsoft's latest security updates addressed 63 vulnerabilities, including a zero-day exploit designated as CVE-2025-62215, which affects the Windows Kernel and has a CVSS rating of 7.0. This vulnerability could allow attackers to gain system privileges, but details on its exploitation are not disclosed. It involves a race condition that requires additional exploits for full system compromise. A functional exploit for CVE-2025-62215 has been observed in the wild, although no public proof-of-concept exists. The most critical vulnerability this month is CVE-2025-60724, a remote-code execution flaw in the Microsoft Graphics Component with a CVSS rating of 9.8, though it is considered less likely to be exploited. Five other vulnerabilities, including three affecting the Windows Ancillary Function Driver for WinSock, are rated at 7.0 and flagged as having a higher likelihood of exploitation. Kernel-mode driver defects are highlighted as high-risk due to their role in network functionality.

Winsage

November 11, 2025

Update Windows ASAP to Patch Another Zero-Day Vulnerability

Microsoft's November Patch Tuesday release addresses a total of 63 vulnerabilities, including a zero-day flaw (CVE-2025-62215) that allows elevation of privilege through a race condition in the Windows Kernel. The vulnerabilities include 29 elevation of privilege, 2 security feature bypass, 16 remote code execution, 11 information disclosure, 2 denial of service, and 3 spoofing vulnerabilities. Four vulnerabilities are classified as "critical." Windows 11 users will receive updates such as a scrollable Start menu and enhancements to File Explorer and other features. Microsoft has ended support for Windows 10, but Extended Security Updates are available until October 13, 2026, for those who opted in.

Winsage

November 3, 2025

Windows 11 Finally Fixes “Update and Shut Down” Functionality After a Decade

Microsoft has released Windows 11 25H2 Build 26200.7019 (or 26100.7019 for 24H2), which addresses the issue of the "Update and shut down" option not properly shutting down PCs after updates. This problem has persisted since Windows 10, causing users to be returned to the login screen instead of shutting down. The update resolves the underlying issue that may have been caused by a race condition or complications within the Windows Servicing Stack. Many users, particularly laptop owners, have experienced inconvenience due to devices remaining powered on after expected shutdowns, leading to drained batteries.

Winsage

November 2, 2025

“Update and shut down” no longer restarts PC, as Windows 11 25H2 patch addresses a decades-old bug

Windows 11 25H2 Build 26200.7019 and 24H2 Build 26100.7019 have resolved the issue with the “Update and shut down” feature, which previously led to unexpected restarts instead of shutting down. This glitch affected both Windows 10 and 11 due to a faulty toggle introduced by Microsoft. The optional update released in October 2025 (KB5067036) addresses the problem that prevented “Update and shut down” from functioning correctly. Microsoft confirmed that the update rectifies the underlying issue causing the feature to malfunction. The exact cause of the problem remains unclear, but it may be linked to a race condition or complications within the Windows Servicing Stack.