race condition Archives

Winsage

May 18, 2026

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse has unveiled a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, codenamed MiniPlasma, which targets the "cldflt.sys" component and could grant SYSTEM privileges on fully patched Windows systems. This vulnerability was initially reported to Microsoft by James Forshaw from Google Project Zero in September 2020. Although Microsoft was believed to have resolved it in December 2020 as part of CVE-2020-17103, further analysis indicates that the flaw remains unaddressed. Chaotic Eclipse demonstrated that the original PoC could still spawn a SYSTEM shell reliably on his machines. The vulnerability is believed to affect all versions of Windows, with confirmation that MiniPlasma opens a "cmd.exe" prompt with SYSTEM privileges on Windows 11 systems with the latest May 2026 updates, though it does not function on the latest Insider Preview Canary version. In December 2025, Microsoft addressed a separate privilege escalation flaw in the same component, identified as CVE-2025-62221, which had a CVSS score of 7.8 and was reportedly being exploited by threat actors.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

April 10, 2026

Windows Zero-Day Published on Github as Microsoft Fails to Act

A security researcher named Chaotic Eclipse published a working exploit for a Windows zero-day vulnerability, called BlueHammer, on GitHub on April 2. The exploit allows attackers to gain SYSTEM-level privileges by exploiting a race condition in Windows Defender’s signature update mechanism. The exploit has gained significant attention, with over 100 forks and nearly 300 stars on GitHub. Will Dormann, a principal vulnerability analyst, confirmed that while BlueHammer is functional, it may not always operate reliably. Microsoft has not issued a patch for this vulnerability. The exploit targets the Windows Defender signature update process, allowing low-privilege attackers to manipulate a file path during operation, leading to access to the Security Account Manager (SAM) database. Currently, only 8 out of 72 cybersecurity vendors on VirusTotal flag the exploit file as malicious, which raises concerns about detection coverage. Microsoft reiterated its commitment to coordinated vulnerability disclosure but did not address the communication issues regarding the BlueHammer report.

Winsage

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. has released security updates addressing at least 77 vulnerabilities across its Windows operating systems and various software applications. Key vulnerabilities include: - CVE-2026-21262: Allows an attacker to elevate privileges on SQL Server 2016 and later, with a CVSS v3 base score of 8.8. - CVE-2026-26127: Affects applications running on .NET, potentially leading to denial of service. - CVE-2026-26113 and CVE-2026-26110: Remote code execution flaws in Microsoft Office exploitable by viewing malicious messages in the Preview Pane. - CVE-2026-24291, CVE-2026-24294, CVE-2026-24289, and CVE-2026-25187: Privilege escalation vulnerabilities rated CVSS 7.8. - CVE-2026-21536: A critical remote code execution bug identified by an AI agent, marking a shift toward AI-driven vulnerability discovery. Additionally, Microsoft previously addressed nine browser vulnerabilities and issued an out-of-band update on March 2 for Windows Server 2022. Adobe has released updates for 80 vulnerabilities across its products, and Mozilla Firefox version 148.0.2 has resolved three high-severity CVEs.

Winsage

November 13, 2025

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox. 1. WatchGuard Firebox Vulnerability (CVE-2025-9242): This vulnerability has a CVSS score of 9.3 and allows unauthenticated attackers to execute arbitrary code through an out-of-bounds write flaw. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. The vulnerability impacts the Mobile User VPN and Branch Office VPN configured with IKEv2. 2. Gladinet Triofox Vulnerability (CVE-2025-12480): This improper access control vulnerability allows threat actors to bypass authentication and upload remote access tools. It has been linked to threat cluster UNC6485 and is the third Triofox issue exploited this year, following CVE-2025-30406 and CVE-2025-11371. 3. Microsoft Windows Vulnerability (CVE-2025-62215): This race condition vulnerability has a CVSS score of 7 and allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM privileges. Federal agencies must address these vulnerabilities by December 3, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog to strengthen their cybersecurity measures.

Winsage

November 12, 2025

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Google has released an emergency update for Chrome users to address a critical security vulnerability. Microsoft has issued a warning about a zero-day vulnerability in the Windows Kernel, identified as CVE-2025-62215, which is actively exploited by attackers to gain system privileges. This vulnerability is a privilege escalation flaw that requires an attacker to exploit a race condition. It affects nearly all assets running Microsoft software and can potentially allow remote code execution without needing an existing foothold. The root causes are linked to improper synchronization and double free issues, leading to kernel heap corruption and the ability for attackers to hijack system execution flow. Users are advised to update their systems immediately.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.

Winsage

November 12, 2025

Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege

Microsoft has identified a critical vulnerability, CVE-2025-62215, affecting the Windows Kernel, which is currently being exploited. This flaw, rated as Important, involves an elevation of privilege issue due to improper synchronization of shared resources, categorized under race condition (CWE-362) and double free (CWE-415). Exploitation requires high complexity and local authorization, allowing attackers to gain SYSTEM privileges for significant control over the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11 (multiple versions), and Windows Server (2019, 2022, and 2025), with patches released on November 12, 2025. Organizations are advised to prioritize swift patching and detection efforts, especially for servers and administrative workstations.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.