RCE Vulnerability Archives

Winsage

March 5, 2025

Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely

A critical remote code execution vulnerability, designated as CVE-2024-43639, has been identified in Microsoft’s Windows Key Distribution Center (KDC) Proxy. This flaw arises from an integer overflow due to a missing validation check for Kerberos response lengths, allowing unauthenticated remote attackers to execute arbitrary code with the privileges of the target service. The vulnerability specifically affects KDC Proxy servers and was addressed in a November 2024 security update by implementing necessary length validation checks. Organizations using remote authentication services reliant on the KDC Proxy, such as RDP Gateway or DirectAccess, are particularly at risk. Immediate patching is advised, and monitoring for potential exploitation attempts is recommended.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

December 11, 2024

Microsoft fixes zero-day security flaw in latest Windows update

Microsoft addressed 71 vulnerabilities in its December Patch Tuesday update, including a critical zero-day flaw. Of these, 59 vulnerabilities affect various versions of Windows, including Windows 10, Windows 11, and Windows Server. CVE-2024-49138 is a high-risk buffer overflow issue that allows privilege escalation and could enable full control over affected systems. Microsoft classified 16 Remote Code Execution (RCE) vulnerabilities as critical, with nine related to the Remote Desktop service. CVE-2024-49112 affects the Lightweight Directory Access Protocol (LDAP) and could allow code injection without user login. CVE-2024-49117 affects Hyper-V, allowing code execution from a guest system on the host system. Additionally, eight security vulnerabilities in Microsoft Office were resolved, including three RCE vulnerabilities. CVE-2024-49063 is the first identified security flaw in Microsoft's open-source AI project, Muzic. The next Patch Tuesday is scheduled for January 14, 2025.

Winsage

December 11, 2024

Microsoft Fixes Zero-Day, Critical RCEs in Patch Tuesday

A Windows zero-day security vulnerability, tracked as CVE-2024-49138 (CVSS 7.8), exists in the Windows Common Log File System (CLFS) Driver, allowing privilege escalation. This vulnerability can be exploited by manipulating log files or corrupting log data, potentially leading to SYSTEM-level privileges on Windows Server. Microsoft’s December 2024 Patch Tuesday update includes 71 patches, bringing the total for the year to 1,020, with 16 classified as critical. Among these, CVE-2024-49112 (CVSS 9.8) is a critical remote code execution (RCE) vulnerability in Windows LDAP, which can compromise Domain Controllers. CVE-2024-49117 (CVSS 8.8) affects Windows Hyper-V, allowing code execution on the host OS from a guest VM. Additionally, CVE-2024-49132 (CVSS 8.1) impacts Windows Remote Desktop Services, enabling RCE through a use-after-free memory condition. Other vulnerabilities include CVE-2024-49093 (CVSS 8.8), an elevation of privilege flaw in Windows Resilient File System (ReFS), and CVE-2024-49063, an RCE issue in the Musik project related to AI-generated music.

Winsage

November 13, 2024

Zero Day Initiative — The November 2024 Security Update Review

Microsoft has addressed a limited number of critical vulnerabilities, including two related to privilege escalation: one associated with VMSwitch that allows low-privileged users on a guest OS to execute code with SYSTEM privileges on the host OS, and another in a cloud service that has been mitigated. The updates include over 50 code execution vulnerabilities, primarily affecting SQL Server, with CVE-2024-49043 requiring urgent attention for updates to OLE DB Driver versions 18 or 19. Several vulnerabilities in Office components were identified, and the Telephony service revealed six remote code execution vulnerabilities, notably an SMBv3 vulnerability that can exploit a malicious SMB client against an affected SMB server in SMB over QUIC configurations. A CVSS 9.9 rated vulnerability in Azure CycleCloud could allow root-level access, and an RCE vulnerability in TouchGeo was also identified. Over two dozen fixes for privilege escalation vulnerabilities were released, including USB Video Class System vulnerabilities requiring physical access and vulnerabilities in Azure Database for PostgreSQL that could grant SuperUser privileges. Two Security Feature Bypass vulnerabilities were addressed, one in Word and another in Windows Defender Application Control. Two spoofing vulnerabilities were identified in Exchange Server and DNS, and four denial-of-service vulnerabilities were reported, including one in Hyper-V that could facilitate cross-VM attacks. The final Patch Tuesday of 2024 is scheduled for December 10.

Winsage

October 8, 2024

5 CVEs in Microsoft’s October Update to Patch Immediately

Microsoft's October security update has revealed 117 vulnerabilities, including two actively exploited flaws (CVE-2024-43573 and CVE-2024-43572) and three publicly disclosed but unexploited bugs (CVE-2024-6197, CVE-2024-20659, and CVE-2024-43583). Of the total vulnerabilities, 46 allow remote code execution (RCE) and 28 enable privilege escalation. The update is the third largest of the year, following April's 147 and July's 139 disclosed vulnerabilities. CVE-2024-43573 is a spoofing vulnerability in MSHTML, while CVE-2024-43572 is an RCE flaw in the Microsoft Management Console. The three unexploited vulnerabilities include CVE-2024-6197, an RCE in cURL; CVE-2024-20659, a security bypass in Windows Hyper-V; and CVE-2024-43583, an elevation of privilege vulnerability in WinLogon. Additionally, three critical RCE vulnerabilities have been identified: CVE-2024-43468 in Microsoft Configuration Manager, CVE-2024-43582 in the Remote Desktop Protocol (RDP) server, and CVE-2024-43488 in the Visual Studio Code extension for Arduino Remote. CVE-2024-43533 is a high-severity RDP bug that allows arbitrary code execution on client machines.

Winsage

August 14, 2024

Patch Tuesday: 6 Microsoft fixes for flaws already exploited

Microsoft has addressed 102 vulnerabilities in its product suite, with six under active exploitation and four publicly disclosed but not exploited. The most critical vulnerabilities include CVE-2024-38189 (RCE in Microsoft Project, CVSS 8.8), CVE-2024-38178 (Scripting Engine Memory Corruption, CVSS 7.5), and CVE-2024-38193 (Elevation of Privilege, CVSS 7.8). Other vulnerabilities include CVE-2024-38106 and CVE-2024-38107, both leading to privilege escalation. Microsoft has flagged four publicly disclosed vulnerabilities for immediate attention: CVE-2024-38200 (Office Spoofing, CVSS 6.5), CVE-2024-38199 (LPD Service RCE, CVSS 9.8), CVE-2024-21302 (Secure Kernel Mode Elevation, CVSS 6.7), and CVE-2024-38202 (Update Stack Elevation, CVSS 7.3). Adobe has addressed 71 CVEs across its products, with no known exploits reported. SAP released 25 patches, including CVE-2024-41730 (denial of service in BusinessObjects, CVSS 9.8). Intel issued 43 advisories, with nine classified as high-severity flaws affecting various products, including Ethernet Controllers and BIOS Firmware.

Winsage

August 14, 2024

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are exploiting a significant number of vulnerabilities disclosed by Microsoft in its August security update, with six out of 90 vulnerabilities being a primary concern for system administrators. Four of these vulnerabilities were known prior to the announcement and are categorized as zero-days, including CVE-2024-38202, an unpatched elevation of privilege (EoP) vulnerability in the Windows Update Stack. This flaw allows an attacker with basic user privileges to potentially reintroduce mitigated vulnerabilities or bypass features of Virtualization Based Security (VBS). Seven vulnerabilities from the update are rated as critical, while the remaining 79 CVEs are deemed "Important" or of medium severity. Two of the actively exploited vulnerabilities facilitate remote code execution (RCE): CVE-2024-38189 affects Microsoft Project, allowing arbitrary code execution if a user opens a malicious file, and CVE-2024-38178 involves a memory corruption issue in the Windows Scripting Engine, requiring user interaction. Additionally, three other zero-days under active exploitation (CVE-2024-38106, CVE-2024-38107, and CVE-2024-38193) enable privilege elevation to system admin status, with CVE-2024-38106 being particularly concerning due to its presence in the Windows Kernel. The final zero-day, CVE-2024-38213, allows attackers to bypass Windows Mark of the Web security protections, facilitating the infiltration of malicious files and web content into enterprise environments.

Winsage

July 24, 2024

Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack

The attack chain begins with a phishing email containing a malicious link that downloads an LNK file, which then executes an HTA script that decodes a payload. Two types of shellcode injectors are used to inject a final stealer into legitimate processes. The stealer deployed can target various applications and is tailored to specific regions. Implementing Microsoft's latest security updates is crucial to stay protected against the CVE-2024-21412 vulnerability.

Winsage

June 26, 2024

Researchers Released PoC For Windows Bluetooth Service RCE Vulnerability

BLE is used to send large amounts of data in short periods using BLE protocols. Advertising is used by BLE-compatible devices to broadcast data, including device name, manufacturer ID, type, and capabilities. A vulnerability in the Windows Bluetooth Stack allows for an out-of-bounds write when an 8-bit unsigned integer with more than 255 sections in the data is triggered. This vulnerability was fixed in March 2023, and users of affected Windows products are recommended to upgrade to prevent exploitation.