remote code execution Archives

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Tech Optimizer

January 12, 2026

Trend Micro releases critical security fixes for Apex Central RCE

Trend Micro has addressed a security vulnerability in its Apex Central platform, identified as CVE-2025-69258, which allowed unauthenticated DLL injection and remote code execution. The company released Critical Patch Build 7190 to fix this vulnerability and two others, CVE-2025-69259 and CVE-2025-69260. Organizations are urged to implement the patch immediately, as temporary mitigations are deemed insufficient for long-term security. Apex Central is a self-hosted platform for managing Trend Micro's security products.

Winsage

December 19, 2025

Microsoft patches bug causing multiple Message Queuing errors

Microsoft released an out-of-band update (KB5074976) on December 19 to address Message Queuing (MSMQ) errors caused by December 2025 security updates. These updates have led to operational disruptions in business applications and IIS websites, particularly on systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016, which received updates KB5071546, KB5071544, and KB5071543. Users reported issues such as inactive MSMQ queues, IIS sites generating "insufficient resources" error messages, and applications unable to write messages to queues. The problems stem from modifications in the MSMQ security model, which altered permissions for the system folder C:WindowsSystem32msmqstorage, requiring MSMQ users to have write access typically reserved for administrators. Systems with full administrative rights do not experience these issues. Microsoft is investigating the matter but has not provided a timeline for a resolution.

Winsage

December 17, 2025

Microsoft: December security updates cause Message Queuing failures

Microsoft has acknowledged a significant issue with the December 2025 security updates that disrupts Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. The problem is prevalent among systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016 with security updates KB5071546, KB5071544, and KB5071543. Users are experiencing inactive MSMQ queues, IIS sites failing with "insufficient resources" errors, applications unable to write to queues, and misleading error messages about "insufficient disk space or memory." The root cause is changes to the MSMQ security model that altered permissions on the C:WindowsSystem32MSMQstorage folder, requiring MSMQ users to have write access to a directory typically reserved for administrators. Devices with users logged in as administrators are not affected. Microsoft is investigating the issue but has not provided a timeline for resolution. Rolling back the updates is a potential solution for administrators, though it carries security risks. This follows a warning from Microsoft in April 2023 about a critical vulnerability in the MSMQ service.

Winsage

December 15, 2025

Windows patch causes multiple Message Queuing errors

Microsoft has acknowledged issues related to the December 2025 security updates affecting Message Queuing (MSMQ) functionality on Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems. The updates KB5071546, KB5071544, and KB5071543 have caused problems such as inactive MSMQ queues, IIS sites showing “insufficient resources” errors, and applications unable to write messages to queues. These issues stem from modifications in the MSMQ security model, which now requires users to have write access to the C:WindowsSystem32msmqstorage folder, a privilege typically reserved for administrators. Systems with full administrative rights do not experience these problems, but this workaround is impractical for many enterprises. Microsoft is investigating the situation without a specified timeline for a resolution. Administrators may consider rolling back the updates, which poses its own security risks. In April 2023, Microsoft had warned about a critical vulnerability in MSMQ (CVE-2023-21554) that risked remote code execution attacks.

Winsage

December 12, 2025

Windows Defender Firewall Service Vulnerability

On December 9, 2025, Microsoft addressed a vulnerability identified as CVE-2025-62468, which allowed an authenticated local attacker to access sensitive memory within the Windows Defender Firewall Service due to an out-of-bounds read in the service's memory handling routines. This flaw could expose heap or process memory, potentially revealing sensitive information. The vulnerability requires local authenticated access, raising concerns for both home users and system administrators. Microsoft classified the vulnerability as important, emphasizing the need for prompt action. Users are advised to update their systems through Windows Update to mitigate the risk. There is no confirmed public exploit for this vulnerability, and it does not allow remote code execution, but it can lead to information disclosure.

Winsage

December 11, 2025

December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices

Microsoft has released a security update addressing 57 vulnerabilities, including three critical zero-day exploits. The update targets vulnerabilities in Windows 10, Windows 11, Windows Server, Office, and related services. Specific vulnerabilities fixed include: - CVE-2025-62221: A privilege escalation vulnerability in the Windows Cloud Files Mini Filter Driver. - CVE-2025-64671: A remote code execution vulnerability affecting GitHub Copilot for JetBrains. - CVE-2025-54100: A remote code execution issue within Windows PowerShell. PowerShell now provides warnings when the Invoke-WebRequest command fetches web pages without safe parameters to prevent unintended script execution. Users can apply the latest updates by checking Windows Update in Settings, downloading, and installing the updates, and ensuring their system is up to date.

Winsage

December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.

Winsage

December 10, 2025

Microsoft Patch Tuesday, December 2025 Edition

Microsoft released a significant update addressing 56 security vulnerabilities across its Windows operating systems and supported software. This update includes a patch for a zero-day exploit, CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later versions. Throughout 2025, Microsoft has patched a total of 1,129 vulnerabilities, marking an 11.9% increase from the previous year. Three vulnerabilities were classified as critical: CVE-2025-62554 and CVE-2025-62557 related to Microsoft Office, and CVE-2025-62562 related to Microsoft Outlook. Several non-critical privilege escalation vulnerabilities were identified as likely to be exploited, including CVE-2025-62458, CVE-2025-62470, CVE-2025-62472, CVE-2025-59516, and CVE-2025-59517. Another vulnerability, CVE-2025-64671, was found in the Github Copilot Plugin for Jetbrains, allowing remote code execution. Additionally, CVE-2025-54100 is a remote code execution bug in Windows Powershell affecting Windows Server 2008 and later.

Winsage

December 9, 2025

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update, addressing 57 security vulnerabilities, including three critical zero-day flaws. This update is intended for Windows 10 Enterprise LTSC users and those in the ESU program. Users can install it by navigating to Settings, selecting Windows Update, and performing a manual 'Check for Updates'. The update will automatically install and prompt for a restart. After installation, Windows 10 will be upgraded to build 19045.6691, and Windows 10 Enterprise LTSC 2021 will move to build 19044.6691. The update focuses on security enhancements and bug fixes, including a remote code execution vulnerability in PowerShell (CVE-2025-54100). PowerShell 5.1 will now issue a warning when using the "Invoke-WebRequest" command to alert users about potential script execution risks. Users are advised to use the -UseBasicParsing command line argument to prevent embedded scripts from executing. Microsoft has confirmed there are no known issues with this update.