remote code execution vulnerabilities Archives

Winsage

May 14, 2025

Microsoft Scripting Engine 0-Day Vulnerability Enables Remote Code Execution Over Network

Microsoft has identified a memory corruption vulnerability in its Scripting Engine, designated as CVE-2025-30397. This vulnerability allows unauthorized remote code execution and is classified as “Important” under CWE-843 (Type Confusion). It was disclosed in the May 2025 Patch Tuesday updates and arises from improper handling of resource types. Exploitation occurs when a user clicks a specially crafted URL in Microsoft Edge's Internet Explorer Mode, potentially compromising system confidentiality, integrity, and availability. Although the attack complexity is high, successful exploitation has been confirmed in the wild. Microsoft has issued patches for all supported Windows versions, and users are advised to apply these updates and consider disabling Internet Explorer Mode to reduce risk.

Winsage

March 19, 2025

Hitachi Energy’s upgrade to Windows 11 on 89% of desktops

Hitachi Energy has migrated over 40,000 desktops to Windows 11 across 12 countries, starting with a pilot of 500 devices in November 2023 and full rollout beginning in March 2024, expected to complete by October 2024. The company assessed 45,335 devices, with 43,568 suitable for upgrade, and found 2,330 out of 3,034 applications compatible with Windows 11, achieving a 76% compatibility rate. Approximately 40,600 devices, nearly 90%, successfully transitioned to Windows 11, while the rest were upgraded to Windows 10. The migration utilized ManagementStudio integrated with various platforms for efficiency, with nearly 10,000 devices upgraded in May 2024. A pilot program tested the new OS with selected users to identify issues before broader deployment. Transitioning is crucial as Windows 10 approaches end-of-support, with Microsoft addressing numerous vulnerabilities in its updates.

Winsage

March 12, 2025

Zero Day Initiative — The March 2025 Security Update Review

In March 2025, Adobe released seven bulletins addressing 37 Common Vulnerabilities and Exposures (CVEs) across its software products, including Acrobat Reader, Illustrator, InDesign, and Substance 3D applications. Six vulnerabilities were reported through the Zero Day Initiative program. The Acrobat Reader patch resolves multiple Critical-rated code execution vulnerabilities, while Illustrator and InDesign patches also address critical issues. The Substance 3D Sampler patch fixes seven vulnerabilities, with some classified as Critical, and the other Substance 3D applications also received updates for code execution vulnerabilities. None of the vulnerabilities were publicly known or under active attack at the time of release. Microsoft released an update addressing 56 new CVEs across its products, totaling 67 when including third-party vulnerabilities. Six are rated as Critical, and 50 as Important. Notable vulnerabilities include CVE-2025-26633, a security feature bypass in the Microsoft Management Console, and critical remote code execution vulnerabilities CVE-2025-24993 and CVE-2025-24985 linked to Windows NTFS and Fast FAT file systems. CVE-2025-24984 and CVE-2025-24991 involve information disclosure vulnerabilities, with one requiring physical access and the other needing a specially crafted VHD. Immediate attention and deployment of patches for these vulnerabilities are essential.

Winsage

March 11, 2025

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Microsoft released security updates on March 2025 Patch Tuesday, addressing 57 vulnerabilities, including six classified as critical related to remote code execution. The vulnerabilities are categorized as follows: 23 Elevation of Privilege, 3 Security Feature Bypass, 23 Remote Code Execution, 4 Information Disclosure, 1 Denial of Service, and 3 Spoofing. The updates specifically address six actively exploited zero-day vulnerabilities and one publicly disclosed zero-day vulnerability. The zero-day vulnerabilities include: 1. CVE-2025-24983 - Elevation of Privilege in Windows Win32 Kernel Subsystem. 2. CVE-2025-24984 - Information Disclosure in Windows NTFS. 3. CVE-2025-24985 - Remote Code Execution in Windows Fast FAT File System Driver. 4. CVE-2025-24991 - Information Disclosure in Windows NTFS. 5. CVE-2025-24993 - Remote Code Execution in Windows NTFS. 6. CVE-2025-26633 - Security Feature Bypass in Microsoft Management Console. The publicly disclosed zero-day is: - CVE-2025-26630 - Remote Code Execution in Microsoft Access. A comprehensive list of resolved vulnerabilities includes various CVE IDs and their respective titles and severities, with several vulnerabilities affecting Microsoft Office products, Windows components, and Azure services.

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.

Winsage

November 13, 2024

Zero Day Initiative — The November 2024 Security Update Review

Microsoft has addressed a limited number of critical vulnerabilities, including two related to privilege escalation: one associated with VMSwitch that allows low-privileged users on a guest OS to execute code with SYSTEM privileges on the host OS, and another in a cloud service that has been mitigated. The updates include over 50 code execution vulnerabilities, primarily affecting SQL Server, with CVE-2024-49043 requiring urgent attention for updates to OLE DB Driver versions 18 or 19. Several vulnerabilities in Office components were identified, and the Telephony service revealed six remote code execution vulnerabilities, notably an SMBv3 vulnerability that can exploit a malicious SMB client against an affected SMB server in SMB over QUIC configurations. A CVSS 9.9 rated vulnerability in Azure CycleCloud could allow root-level access, and an RCE vulnerability in TouchGeo was also identified. Over two dozen fixes for privilege escalation vulnerabilities were released, including USB Video Class System vulnerabilities requiring physical access and vulnerabilities in Azure Database for PostgreSQL that could grant SuperUser privileges. Two Security Feature Bypass vulnerabilities were addressed, one in Word and another in Windows Defender Application Control. Two spoofing vulnerabilities were identified in Exchange Server and DNS, and four denial-of-service vulnerabilities were reported, including one in Hyper-V that could facilitate cross-VM attacks. The final Patch Tuesday of 2024 is scheduled for December 10.

Winsage

November 13, 2024

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

On November 2024 Patch Tuesday, Microsoft addressed 91 vulnerabilities, including four critical zero-day flaws, two of which are actively exploited. The vulnerabilities are categorized as follows: 26 Elevation of Privilege, 2 Security Feature Bypass, 52 Remote Code Execution, 1 Information Disclosure, 4 Denial of Service, and 3 Spoofing. The two actively exploited vulnerabilities are: 1. CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability, which allows remote attackers to expose NTLM hashes with minimal user interaction. 2. CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability, enabling an attacker to execute a specially crafted application that elevates privileges. Three additional vulnerabilities were publicly disclosed but not exploited: 1. CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability. 2. CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability. Other companies, including Adobe, Cisco, Citrix, Dell, D-Link, Google, Ivanti, SAP, Schneider Electric, and Siemens, also released updates addressing various vulnerabilities in November 2024.