remote code execution Archives

Winsage

August 15, 2025

Microsoft patches more than 100 Windows security flaws – update your PC now

Microsoft's August Patch Tuesday update addresses 107 vulnerabilities in Windows, including 13 critical ones. It affects all current versions of Windows, including Windows 10, Windows 11, and Windows Server. The update fixes security issues in components like File Explorer, Remote Desktop, and Hyper-V, as well as bugs in Microsoft Office, Edge, and Teams. Nine critical vulnerabilities involve remote code execution. One vulnerability, CVE-2025-53779, is a zero-day flaw in the Windows Kerberos authentication system that could grant domain administrator privileges if exploited. The update also introduces new features, including a revamped error screen called the Black Screen of Death and Quick Machine Recovery for troubleshooting boot failures. Users can check for the update in the Windows Update section of Settings.

Winsage

August 14, 2025

Microsoft fixed 100+ security flaws in Windows and Office this month

Microsoft has addressed 67 vulnerabilities in its supported Windows versions, including Windows 10, Windows 11, and Windows Server. Users on Windows 7 and Windows 8.1 have not received updates for some time. Upgrading to Windows 11 24H2 is recommended for continued protection. Two critical remote code execution (RCE) vulnerabilities are CVE-2025-53766, affecting the Graphics Device Interface API, and CVE-2025-50165, impacting the Windows Graphics Component. Both can be exploited by visiting a specially crafted website. Three critical vulnerabilities in Hyper-V include CVE-2025-48807, which allows code execution from a guest system to the host; CVE-2025-53781, which poses a data leak risk; and CVE-2025-49707, a spoofing vulnerability. Additionally, 12 vulnerabilities in the Routing and Remote Access Service (RRAS) have been addressed, with half classified as RCE vulnerabilities and the other half as data leaks. CVE-2025-53779, affecting Kerberos for Windows Server 2025, could allow an attacker to gain administrator rights under specific conditions, but is classified as medium risk.

Winsage

August 13, 2025

Microsoft’s Patch Tuesday gives sys admins a baker’s dozen

Microsoft's August Patch Tuesday addressed 111 vulnerabilities, including 12 classified as critical. A known elevation of privilege flaw in the Windows Kerberos protocol, CVE-2025-53779, has a CVSS score of 7.2 and requires authenticated access for exploitation. Two critical remote code execution (RCE) vulnerabilities, CVE-2025-50165 and CVE-2025-53766, both rated 9.8, were identified in the Windows Graphics Device Interface. SharePoint has a critical RCE bug, CVE-2025-49712, with a severity score of 8.8. Other critical flaws include vulnerabilities in Microsoft Message Queuing, Office, Hyper-V, and Azure Stack Hub. Adobe released fixes for 68 CVEs, including eight critical RCE bugs in InCopy and critical issues in other products like Commerce, InDesign, and Substance 3D applications. SAP issued 15 security notes, including three critical vulnerabilities rated at 9.9 related to code injection in SAP S/4HANA. Intel released 34 advisories addressing 66 vulnerabilities, including high-severity issues in Xeon 6 processors and Intel Ethernet Drivers. Google updated Android to fix several flaws, including two actively exploited Qualcomm vulnerabilities.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

Winsage

August 13, 2025

Microsoft Vulnerabilities Exposed by Check Point Research

Check Point Research identified six new vulnerabilities in Microsoft Windows, including one classified as critical. These vulnerabilities could lead to system crashes, arbitrary code execution, or expose sensitive data. Check Point reported these issues to Microsoft, resulting in patches released on August 12th. One significant vulnerability is in a Rust-based Windows kernel component, which can cause total system crashes. Two other vulnerabilities, CVE-2025-30388 and CVE-2025-53766, allow for arbitrary code execution when users interact with specially crafted files. Additionally, CVE-2025-47984 can leak memory contents over the network, posing risks of sensitive information exposure. Check Point's security solutions already protect its customers from these threats, and users are encouraged to apply the August Patch Tuesday updates promptly.

Winsage

August 12, 2025

Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws

A series of vulnerabilities have been identified across various Microsoft platforms, categorized by severity. Critical Vulnerabilities: - CVE-2025-49707: Azure Virtual Machines Spoofing Vulnerability - CVE-2025-53781: Azure Virtual Machines Information Disclosure Vulnerability - CVE-2025-53793: Azure Stack Hub Information Disclosure Vulnerability - CVE-2025-50176: DirectX Graphics Kernel Remote Code Execution Vulnerability - CVE-2025-50165: Windows Graphics Component Remote Code Execution Vulnerability Important Vulnerabilities: - CVE-2025-53729: Microsoft Azure File Sync Elevation of Privilege Vulnerability - CVE-2025-53152: Desktop Windows Manager Remote Code Execution Vulnerability - CVE-2025-53732: Microsoft Office Remote Code Execution Vulnerability - CVE-2025-53740: Microsoft Office Remote Code Execution Vulnerability - CVE-2025-53738: Microsoft Word Remote Code Execution Vulnerability Windows Operating System Vulnerabilities: - CVE-2025-50170: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - CVE-2025-53131: Windows Media Remote Code Execution Vulnerability - CVE-2025-50158: Windows NTFS Information Disclosure Vulnerability

Tech Optimizer

August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.

AppWizard

July 10, 2025

Activision pulls game after PC hacking reports

Activision has removed Call of Duty: WWII from the Microsoft Store and PC Game Pass due to reports of hackers exploiting a critical vulnerability in the game's PC versions. Players experienced hijacked computers during gameplay, with evidence of remote code execution attacks. An outdated and insecure build of the game was uploaded to Microsoft’s services, despite having been patched on other platforms. The game is still accessible via Steam and console versions. Activision has not reinstated access to the game and is investigating the security breach.

Winsage

July 10, 2025

If you haven’t upgraded to Windows 11 24H2 yet, Microsoft’s giving you a good reason to do so

Microsoft has rolled out version 24H2 of Windows 11, enhancing its security framework by updating the scripting engine from JScript to JScript9Legacy. This upgrade improves performance for applications and web pages using JScript and reduces the likelihood of security breaches, particularly from cross-site scripting (XSS) and web-based attacks. The new engine features enhanced management of JavaScript objects and stricter execution policies, increasing resilience against malicious scripts. Windows 11 24H2 has a more robust security posture than its predecessor, 23H2, and the upgrade will become compulsory. Windows 11 25H2 is expected to include similar security improvements.

AppWizard

July 10, 2025

Call of Duty: WWII pulled from PC Game Pass after hackers hijack players’ PCs

Activision has removed Call of Duty: WWII from the Microsoft Store and PC Game Pass due to reports of player hacks linked to a critical security vulnerability that allowed hackers to gain remote access to players' computers. This issue arose shortly after the game's introduction to Microsoft’s Game Pass in late June 2025, with players experiencing computer freezes, unexpected command prompts, shutdowns, and direct messages from hackers. The vulnerability, known as Remote Code Execution (RCE), was present in the outdated version on the Microsoft Store, while the Steam version had been patched. Activision has not provided details on the removal or a timeline for the game's return, and players are advised against downloading it from any platform until security concerns are addressed.