remote code execution vulnerabilities Archives

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.

Winsage

November 13, 2024

Zero Day Initiative — The November 2024 Security Update Review

Microsoft has addressed a limited number of critical vulnerabilities, including two related to privilege escalation: one associated with VMSwitch that allows low-privileged users on a guest OS to execute code with SYSTEM privileges on the host OS, and another in a cloud service that has been mitigated. The updates include over 50 code execution vulnerabilities, primarily affecting SQL Server, with CVE-2024-49043 requiring urgent attention for updates to OLE DB Driver versions 18 or 19. Several vulnerabilities in Office components were identified, and the Telephony service revealed six remote code execution vulnerabilities, notably an SMBv3 vulnerability that can exploit a malicious SMB client against an affected SMB server in SMB over QUIC configurations. A CVSS 9.9 rated vulnerability in Azure CycleCloud could allow root-level access, and an RCE vulnerability in TouchGeo was also identified. Over two dozen fixes for privilege escalation vulnerabilities were released, including USB Video Class System vulnerabilities requiring physical access and vulnerabilities in Azure Database for PostgreSQL that could grant SuperUser privileges. Two Security Feature Bypass vulnerabilities were addressed, one in Word and another in Windows Defender Application Control. Two spoofing vulnerabilities were identified in Exchange Server and DNS, and four denial-of-service vulnerabilities were reported, including one in Hyper-V that could facilitate cross-VM attacks. The final Patch Tuesday of 2024 is scheduled for December 10.

Winsage

November 13, 2024

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

On November 2024 Patch Tuesday, Microsoft addressed 91 vulnerabilities, including four critical zero-day flaws, two of which are actively exploited. The vulnerabilities are categorized as follows: 26 Elevation of Privilege, 2 Security Feature Bypass, 52 Remote Code Execution, 1 Information Disclosure, 4 Denial of Service, and 3 Spoofing. The two actively exploited vulnerabilities are: 1. CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability, which allows remote attackers to expose NTLM hashes with minimal user interaction. 2. CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability, enabling an attacker to execute a specially crafted application that elevates privileges. Three additional vulnerabilities were publicly disclosed but not exploited: 1. CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability. 2. CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability. Other companies, including Adobe, Cisco, Citrix, Dell, D-Link, Google, Ivanti, SAP, Schneider Electric, and Siemens, also released updates addressing various vulnerabilities in November 2024.

AppWizard

August 19, 2024

Google Play will no longer pay to discover vulnerabilities in popular Android apps

Google is winding down the Google Play Security Reward Program (GPSRP), effective August 31st, due to a decrease in actionable vulnerabilities reported by the security research community. The program, launched in late 2017, incentivized researchers to disclose vulnerabilities in popular Android applications, initially focusing on a limited number of developers and later expanding to all apps on the Google Play Store with at least 100 million installations. Maximum rewards were increased over time, reaching up to 0,000 for remote code execution vulnerabilities. The program contributed to enhanced security on the Play Store, helping over 300,000 developers fix more than one million apps by 2019. Google cited overall improvements in the security landscape of Android as the reason for discontinuing the program. Reports submitted before the end date will be triaged by September 15th, with final reward decisions made by September 30th.

Winsage

August 15, 2024

August 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft's August 2024 Patch Tuesday addressed 85 vulnerabilities, including six zero-day exploits. The vulnerabilities are categorized as CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, CVE-2024-38178, CVE-2024-38107, and CVE-2024-38106. Six vulnerabilities are classified as Critical, while the remaining 79 are rated Important or Moderate. The predominant risk types include elevation of privilege (37%) and remote code execution (35%). Windows products received 43 patches, with 21 for the Extended Security Update (ESU) and 8 for Microsoft Office. Notable zero-day vulnerabilities include: - CVE-2024-38189 in Microsoft Project (CVSS 8.8) allows remote code execution. - CVE-2024-38193 in Windows Ancillary Function Driver for WinSock (CVSS 7.8) allows privilege escalation. - CVE-2024-38107 in Windows Power Dependency Coordinator (CVSS 7.8) allows privilege escalation. - CVE-2024-38178 in the Scripting Engine (CVSS 7.5) allows remote code execution. - CVE-2024-38106 in the Windows kernel (CVSS 7.0) allows privilege escalation. - CVE-2024-38213 in Windows Mark of the Web Security (CVSS 6.5) allows security warning bypass. Critical vulnerabilities include: - CVE-2024-38063 (CVSS 9.8) in Windows TCP/IP allows remote code execution. - CVE-2024-38140 (CVSS 9.8) in Windows Reliable Multicast Transport Driver allows remote code execution. - CVE-2024-38109 (CVSS 9.1) in Azure Health Bot allows privilege escalation. - CVE-2024-38159 and CVE-2024-38160 (both CVSS 9.1) in Windows Network Virtualization allow remote code execution. - CVE-2023-40547 (CVSS 8.8) impacts Secure Boot. Additional vulnerabilities with existing proof of concept include: - CVE-2024-38199 (CVSS 9.8) in Windows Line Printer Daemon allows remote code execution. - CVE-2024-38202 (CVSS 7.3) in Windows Update Stack allows privilege escalation. - CVE-2024-21302 (CVSS 6.7) in Windows Secure Kernel Mode allows privilege escalation.

Winsage

July 10, 2024

Microsoft Releases Large Update To Overcome Windows Security Vulnerabilities

Microsoft has unveiled major updates to fix security loopholes in the Windows ecosystem. The company issued a warning about attackers exploiting Windows Hyper-V privileges escalation bugs, which can allow them to gain SYSTEM privileges. The updates include fixes for over 140 vulnerabilities, with five rated as critical by Microsoft. Security experts recommend prioritizing addressing the critical remote code execution vulnerability in Microsoft Office SharePoint.

AppWizard

April 30, 2024

Google now pays up to $450,000 for RCE bugs in some Android apps

Google has increased the bounty for discovering remote code execution vulnerabilities in Android apps from ,000 to 0,000.