remote code execution vulnerabilities Archives

Winsage

February 14, 2026

Microsoft Fixes Critical Windows 11 Notepad Flaw

Microsoft has released a patch for a significant vulnerability in Notepad on Windows 11 that could allow attackers to execute code by opening a Markdown file and clicking on a malicious link. This vulnerability was due to how Notepad processed links within Markdown files, which could trigger unverified protocols to load remote content. The patch now includes a security warning before such links can be activated. Users are advised to check for updates via Windows Update and the Microsoft Store to ensure Notepad and related components are up to date. Security tips include inspecting URLs before clicking and keeping Microsoft Defender features enabled.

Winsage

February 11, 2026

Patch Tuesday, February 2026 Edition

Microsoft has released updates addressing over 50 vulnerabilities in its Windows operating systems and applications, including six critical zero-day vulnerabilities. 1. CVE-2026-21510: A security feature bypass in Windows Shell that allows execution of malicious content via a single click on a link, affecting all supported Windows versions. 2. CVE-2026-21513: Targets MSHTML, the web browser engine in Windows. 3. CVE-2026-21514: A security feature bypass in Microsoft Word. 4. CVE-2026-21533: Allows local attackers to gain SYSTEM level access in Windows Remote Desktop Services. 5. CVE-2026-21519: An elevation of privilege flaw in the Desktop Window Manager (DWM). 6. CVE-2026-21525: A potential denial-of-service threat in the Windows Remote Access Connection Manager. Additionally, the updates include fixes for remote code execution vulnerabilities affecting GitHub Copilot and various IDEs, specifically CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256, which arise from a command injection flaw. Security experts emphasize the importance of safeguarding developers due to their access to sensitive data and recommend applying least-privilege principles.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

Update Windows ASAP to Patch Another Zero-Day Vulnerability

Microsoft's November Patch Tuesday release addresses a total of 63 vulnerabilities, including a zero-day flaw (CVE-2025-62215) that allows elevation of privilege through a race condition in the Windows Kernel. The vulnerabilities include 29 elevation of privilege, 2 security feature bypass, 16 remote code execution, 11 information disclosure, 2 denial of service, and 3 spoofing vulnerabilities. Four vulnerabilities are classified as "critical." Windows 11 users will receive updates such as a scrollable Start menu and enhancements to File Explorer and other features. Microsoft has ended support for Windows 10, but Extended Security Updates are available until October 13, 2026, for those who opted in.

Winsage

October 30, 2025

Microsoft issues security update addressing critical vulnerability impacting Windows server services

Microsoft has released a security update to address a remote code execution vulnerability in various versions of Windows Server Update Services (WSUS). The Cybersecurity and Infrastructure Security Agency (CISA) has advised organizations to follow Microsoft's guidance to mitigate risks from potential cyberthreats. Scott Gee from the American Hospital Association highlighted the seriousness of the vulnerability, stating it allows attackers to gain complete control over a victim's system.

Winsage

October 15, 2025

Microsoft’s October ‘Patch Tuesday’ Update Fixes Over 170 Flaws

On the second Tuesday of each month, Microsoft releases a significant security update for Windows users, known as "Patch Tuesday." In October, the update addresses over 170 security vulnerabilities, including: - 80 elevation of privilege vulnerabilities - 31 remote code execution vulnerabilities - 28 information disclosure vulnerabilities - 11 security feature bypass vulnerabilities - 11 denial of service vulnerabilities - 10 spoofing vulnerabilities The total number of patches, including those for Azure, Mariner, and earlier disclosed vulnerabilities, exceeds 200. This update includes fixes for eight vulnerabilities classified as "Critical," comprising five remote code execution vulnerabilities and three elevation of privilege vulnerabilities. Additionally, six zero-day vulnerabilities are addressed, with three publicly disclosed and three actively exploited. The exploited vulnerabilities include: 1. CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability 2. CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 3. CVE-2025-47827: Secure Boot bypass in IGEL OS before version 11 The publicly disclosed vulnerabilities are: 1. CVE-2025-0033: AMD RMP Corruption During SNP Initialization 2. CVE-2025-24052: Windows Agere Modem Driver Elevation of Privilege Vulnerability 3. CVE-2025-2884: Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation Microsoft has also ceased support for Windows 10, meaning users not enrolled in Extended Security Updates will not receive future security patches.

Winsage

October 15, 2025

October 2025 Patch Tuesday: Holes in Windows Server Update Service and an ancient modem driver

CVE-2025-59287 is a critical vulnerability in the Windows Server Update Service (WSUS) with a CVSSv3 score of 9.8, allowing for remote code execution (RCE) through deserialization of untrusted data. It is the first RCE vulnerability in WSUS and has been classified as ‘Exploitation More Likely’ by Microsoft. Organizations are urged to prioritize patching and reassess their WSUS server exposure to prevent attackers from deploying malicious updates. Additionally, two RCE vulnerabilities, CVE-2025-59227 and CVE-2025-59234, have been identified in Microsoft Office, which can be exploited through social engineering via the Preview Pane feature, allowing attackers to execute code without the target opening the document. Critical vulnerabilities have also been reported in the Agere modem driver, which has been part of Windows operating systems for nearly two decades, highlighting issues with legacy software in cybersecurity.

Winsage

September 10, 2025

Two Zero-Days Among Patch Tuesday CVEs This Month

Microsoft has released updates addressing 81 vulnerabilities, including two zero-day vulnerabilities. The first zero-day, CVE-2024-21907, involves improper handling of exceptional conditions in Newtonsoft.Json within SQL Server, potentially leading to denial of service. The second zero-day, CVE-2025-55234, is a Windows SMB elevation of privilege vulnerability that can be exploited remotely, allowing attackers with network access to perform replay attacks for privilege escalation and potential code execution. Microsoft has also addressed several other elevation of privilege vulnerabilities, including CVE-2025-54110, CVE-2025-54093, and CVE-2025-54098. The updates include a total of 41 elevation of privilege vulnerabilities and 22 remote code execution flaws, with two elevation of privilege and five remote code execution vulnerabilities rated as critical.

AppWizard

July 9, 2025

Activision pulls Call of Duty game after PC players are hacked

Activision has removed Call of Duty: WWII from the Microsoft Store and Game Pass due to security breaches affecting players. The game is offline while the publisher investigates reports of hacks experienced by PC users. It remains available on Steam and other consoles. Players have reported significant security threats, including a video from streamer Wrioh demonstrating hacking incidents. The version of the game on Microsoft’s platforms reportedly contained an outdated flaw.

Winsage

July 9, 2025

Microsoft Patch Tuesday, July 2025 Edition

Microsoft has released updates addressing 137 vulnerabilities across its Windows operating systems and supported software, with 14 classified as "critical." CVE-2025-49719 is a publicly disclosed information disclosure flaw affecting all SQL Server versions since 2016, posing a supply-chain risk due to its potential exploitation without authentication. SQL Server 2012 has reached its end of life, meaning no future security patches will be available. CVE-2025-47981 is a critical remote code execution vulnerability with a CVSS score of 9.8, affecting Windows clients and Windows Server. Microsoft also addressed four critical remote code execution vulnerabilities in its Office suite, including CVE-2025-49695 and CVE-2025-49696, which can be triggered through the Preview Pane. Other high-severity vulnerabilities include CVE-2025-49740, which could bypass Microsoft Defender SmartScreen, and CVE-2025-47178, allowing attackers to execute arbitrary SQL queries with minimal privileges. Adobe has also released security updates for various software, and users are advised to back up data before installing patches.