security flaws Archives

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 4, 2025

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, which now includes several significant security flaws: - CVE-2023-20118: A command injection vulnerability in Cisco Small Business RV Series Routers with a CVSS score of 6.5, allowing authenticated remote attackers to execute arbitrary commands. Cisco will not provide a fix for this issue. - CVE-2022-43939: An authorization bypass vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2022-43769: A special element injection vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2018-8639: An elevation of privilege vulnerability in Microsoft Windows with a CVSS score of 7.8, allowing an attacker to run arbitrary code in kernel mode. - CVE-2024-4885: An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold with a CVSS score of 9.8, allowing command execution with iisapppoolnmconsole privileges. CISA has mandated that federal agencies address these vulnerabilities by March 24, 2025, under Binding Operational Directive (BOD) 22-01, and advises private organizations to review the KEV catalog for necessary actions.

Winsage

February 18, 2025

Microsoft is pushing a security update to Windows 11 that breaks File Explorer

The KB5051987 patch for Windows 11 is a mandatory security update aimed at addressing vulnerabilities in the operating system. Many users have reported significant issues with File Explorer after installing this update, including it becoming unresponsive and unusual navigation behavior. There are also glitches affecting the Taskbar, and some users have experienced failed installations of the update. Users have the option to manually uninstall the patch, but this may expose their systems to security risks.

Tech Optimizer

February 14, 2025

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have identified a SQL injection vulnerability, CVE-2025-1094, in PostgreSQL's interactive terminal tool, psql. This vulnerability is linked to another vulnerability, CVE-2024-12356, related to remote code execution in BeyondTrust's products. CVE-2025-1094 arises from a flawed assumption about the security of escaped untrusted input and allows attackers to inject malicious SQL statements due to the processing of invalid UTF-8 characters. It has a CVSS 3.1 base score of 8.1, indicating high severity, and can lead to arbitrary code execution through psql's meta-command functionality. The vulnerability affects all supported PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Users are advised to upgrade to these patched versions to mitigate risks. A Metasploit module targeting this vulnerability has been developed, emphasizing the urgency for organizations to implement patches.

Winsage

February 13, 2025

February’s Patch Tuesday Fixes Dozens Of Windows Security Flaws And Most Are Critical

Microsoft has released a patch addressing 63 vulnerabilities, following a previous update that fixed 159 flaws. The vulnerabilities are categorized by severity: critical, important, moderate, and low. Three critical vulnerabilities requiring user action are: - CVE-2025-21376: Affects Windows LDAP, allowing remote control of systems using Active Directory. - CVE-2025-21379: Pertains to potential Man-in-the-Middle attacks, enabling attackers to manipulate communications and steal data. - CVE-2025-21381: Can be exploited by tricking users into downloading malicious files, allowing arbitrary code execution. Two zero-day vulnerabilities already under exploitation are: - CVE-2025-21391: Allows attackers to bypass access controls and delete files. - CVE-2025-21418: Enables attackers to gain system privileges for configuration and user management. Other notable vulnerabilities include: - CVE-2025-21194: A hypervisor vulnerability that could compromise the kernel. - CVE-2025-21377: Could expose NTLM hashes, allowing impersonation of users. - CVE-2025-21198: Affects Microsoft's HPC systems, allowing complete control through a malicious web request, with a high CVSS score of 9.0. Users are advised to update Windows to safeguard their systems.

AppWizard

February 3, 2025

Google blocked over 2.5 million suspicious Android apps from the Play Store last year

In 2024, Google blocked over 2.3 million potentially harmful Android applications and banned 158,000 developer accounts for policy violations. The increase in blocked applications was due to new AI-powered threat detection systems, which assisted in 92% of human reviews for harmful apps. Google prevented 1.3 million existing applications from obtaining excessive permissions that could compromise user data. Upgrades to Google’s Play Protect antivirus app enhanced its ability to scan over 200 billion apps daily for malware. Additionally, a security upgrade for Android phones improved user control over app access to photos and videos. Despite these advancements, some security flaws and trojans still emerged, highlighting the need for user vigilance when downloading apps.

Winsage

December 16, 2024

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

The Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. federal agencies about a critical Windows kernel vulnerability, CVE-2024-35250, which allows local attackers to elevate their privileges to SYSTEM level. This vulnerability is linked to the Microsoft Kernel Streaming Service (MSKSSRV.SYS) and was exploited during the Pwn2Own Vancouver 2024 competition. Microsoft issued a patch for this vulnerability in June 2024, but proof-of-concept exploit code appeared on GitHub four months later. CISA has also flagged a critical Adobe ColdFusion vulnerability, CVE-2024-20767, which allows unauthenticated remote attackers to access sensitive files. Over 145,000 ColdFusion servers are exposed to the Internet. Both vulnerabilities are listed in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must secure their networks by January 6 under the Binding Operational Directive (BOD) 22-01.

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.

Winsage

December 11, 2024

Microsoft fixes zero-day security flaw in latest Windows update

Microsoft addressed 71 vulnerabilities in its December Patch Tuesday update, including a critical zero-day flaw. Of these, 59 vulnerabilities affect various versions of Windows, including Windows 10, Windows 11, and Windows Server. CVE-2024-49138 is a high-risk buffer overflow issue that allows privilege escalation and could enable full control over affected systems. Microsoft classified 16 Remote Code Execution (RCE) vulnerabilities as critical, with nine related to the Remote Desktop service. CVE-2024-49112 affects the Lightweight Directory Access Protocol (LDAP) and could allow code injection without user login. CVE-2024-49117 affects Hyper-V, allowing code execution from a guest system on the host system. Additionally, eight security vulnerabilities in Microsoft Office were resolved, including three RCE vulnerabilities. CVE-2024-49063 is the first identified security flaw in Microsoft's open-source AI project, Muzic. The next Patch Tuesday is scheduled for January 14, 2025.

Winsage

December 7, 2024

Micropatchers share fix for NTLM hash leak flaw in Windows

Acros Security has identified an unpatched NTLM vulnerability in Microsoft Windows, affecting versions from Windows 7 to Windows 11 v24H2, which risks credential theft. The vulnerability can be exploited through Windows Explorer when users view a malicious file, exposing their NTLM hash to remote attackers. Acros plans to release a micropatch to mitigate the risk and has contacted Microsoft regarding the issue. Historically, Acros has reported several zero-day vulnerabilities to Microsoft. The micropatching industry aims to provide more permanent solutions to security flaws, though it may introduce complications. As Windows 10 approaches retirement, IT managers may increasingly consider micropatching for system protection. Mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020.