security flaws Archives

Winsage

July 8, 2025

Microsoft Deprecates PowerShell 2.0 in Windows 11 Over Security Flaws

Microsoft has rolled out Windows 11 Insider Preview Build 27891 to the Canary Channel, which includes the removal of Windows PowerShell 2.0. The update features several critical system fixes, including: - Correction of the “Reset this PC” feature under Settings > System > Recovery. - Resolution of an issue affecting the taskbar's acrylic material effect. - Fix for Windows Update downloads that stalled at 2%. - Correction of character rendering problems for languages like Vietnamese and Arabic. Enhancements in File Explorer include a dropdown menu in the address bar that shows the complete folder path. Stability improvements in Settings aim to prevent crashes when accessing microphone properties or Bluetooth settings, although a new known issue may cause crashes in Settings > System > Power & Battery. Task Manager now features updated CPU utility calculations. The Microsoft Store has been updated to allow users to install apps and games directly from the top featured sections. Known issues include potential loss of Windows Hello PIN on Copilot+ PCs, graphical distortion for Remote Desktop users on Arm64 PCs, and incomplete localization of some features. Transitioning out of the Canary Channel requires a clean installation of Windows 11.

AppWizard

July 7, 2025

Call Of Duty: WWII’s Game Pass PC Version Was Pulled, Reportedly After Hacking Issues

Activision has taken the PC version of Call of Duty: WWII offline shortly after its release on Game Pass due to reports of hacking incidents, specifically Remote Code Execution (RCE) attacks that compromised players' PCs. The decision follows a history of cheating issues in the Call of Duty franchise, particularly in multiplayer modes. Activision announced the game's removal on Twitter on July 4, 2025, while investigations are ongoing, but no timeline for its return has been provided. Meanwhile, other Call of Duty titles like Black Ops 6 and Warzone continue to operate, and Call of Duty: Black Ops 7 is set to launch later this year.

Winsage

April 24, 2025

Windows 11’s crucial new ‘inetpub’ folder is laughably easy to hack

A new folder named "inetpub" appeared on many Windows PCs after an April update, initially thought to be a glitch. Microsoft later stated that this folder was introduced to enhance Windows security by addressing the CVE-2025-21204 vulnerability. However, security researcher Kevin Beaumont revealed that the inetpub folder could allow attackers to bypass critical security updates. Beaumont proposed creating a junction point in the C: directory to prevent the inetpub folder's creation, which would also block the installation of the April update and subsequent security updates, leaving PCs vulnerable. This situation could lead to error messages and failed update rollbacks, with attackers able to exploit these issues without elevated privileges. Beaumont has informed Microsoft about the problem, but a response has not yet been received.

AppWizard

April 18, 2025

Perplexity’s Android App Is Infested With Security Flaws, Report Finds

Perplexity has launched a promotional campaign called “Ask like a millionaire,” offering a million-dollar prize to users who download its app, refer friends, and engage with it during the Super Bowl. However, the Android app is facing scrutiny due to significant security vulnerabilities, including issues that could lead to data theft and account takeovers. A report from Appknox reveals that the app's API can be accessed without restriction, and the code contains hardcoded secrets, making it easy for attackers to create counterfeit versions of the app. The app is also vulnerable to task hijacking, which could allow unauthorized access to sensitive data. Perplexity, founded in 2022, has raised 0 million in venture capital and has over 10 million downloads. The company is exploring partnerships with smartphone manufacturers and has faced criticism for alleged copyright infringement. Security experts advise users to consider removing the app until the issues are resolved.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 4, 2025

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, which now includes several significant security flaws: - CVE-2023-20118: A command injection vulnerability in Cisco Small Business RV Series Routers with a CVSS score of 6.5, allowing authenticated remote attackers to execute arbitrary commands. Cisco will not provide a fix for this issue. - CVE-2022-43939: An authorization bypass vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2022-43769: A special element injection vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2018-8639: An elevation of privilege vulnerability in Microsoft Windows with a CVSS score of 7.8, allowing an attacker to run arbitrary code in kernel mode. - CVE-2024-4885: An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold with a CVSS score of 9.8, allowing command execution with iisapppoolnmconsole privileges. CISA has mandated that federal agencies address these vulnerabilities by March 24, 2025, under Binding Operational Directive (BOD) 22-01, and advises private organizations to review the KEV catalog for necessary actions.

Winsage

February 18, 2025

Microsoft is pushing a security update to Windows 11 that breaks File Explorer

The KB5051987 patch for Windows 11 is a mandatory security update aimed at addressing vulnerabilities in the operating system. Many users have reported significant issues with File Explorer after installing this update, including it becoming unresponsive and unusual navigation behavior. There are also glitches affecting the Taskbar, and some users have experienced failed installations of the update. Users have the option to manually uninstall the patch, but this may expose their systems to security risks.

Tech Optimizer

February 14, 2025

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have identified a SQL injection vulnerability, CVE-2025-1094, in PostgreSQL's interactive terminal tool, psql. This vulnerability is linked to another vulnerability, CVE-2024-12356, related to remote code execution in BeyondTrust's products. CVE-2025-1094 arises from a flawed assumption about the security of escaped untrusted input and allows attackers to inject malicious SQL statements due to the processing of invalid UTF-8 characters. It has a CVSS 3.1 base score of 8.1, indicating high severity, and can lead to arbitrary code execution through psql's meta-command functionality. The vulnerability affects all supported PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Users are advised to upgrade to these patched versions to mitigate risks. A Metasploit module targeting this vulnerability has been developed, emphasizing the urgency for organizations to implement patches.

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.

AppWizard

February 3, 2025

Google blocked over 2.5 million suspicious Android apps from the Play Store last year

In 2024, Google blocked over 2.3 million potentially harmful Android applications and banned 158,000 developer accounts for policy violations. The increase in blocked applications was due to new AI-powered threat detection systems, which assisted in 92% of human reviews for harmful apps. Google prevented 1.3 million existing applications from obtaining excessive permissions that could compromise user data. Upgrades to Google’s Play Protect antivirus app enhanced its ability to scan over 200 billion apps daily for malware. Additionally, a security upgrade for Android phones improved user control over app access to photos and videos. Despite these advancements, some security flaws and trojans still emerged, highlighting the need for user vigilance when downloading apps.