software vulnerabilities Archives

Tech Optimizer

September 24, 2025

EDR Bypass Technique Puts Antivirus Tools To Sleep

Endpoint detection and response (EDR) systems and antivirus protections are increasingly targeted by threat actors using sophisticated techniques. A new method called EDR-Freeze has been introduced, which utilizes Windows Error Reporting and the MiniDumpWriteDump function to hibernate antivirus processes without needing to install vulnerable drivers. This technique operates entirely in user mode and was disclosed by an anonymous researcher known as Two One Seven Three on Zero Salarium. The MiniDumpWriteDump function can suspend all threads within a target process during the dump process, which is crucial to avoid memory corruption. The researcher faced challenges with the rapid execution of MiniDumpWriteDump and the security measures protecting EDR and antivirus processes. By reverse-engineering the WerFaultSecure program, the researcher enabled MiniDumpWriteDump for any chosen process and integrated it with the CreateProcessAsPPL tool to bypass Protected Process Light (PPL) protections. The researcher proposed a race condition attack consisting of four steps: executing WerFaultSecure with WinTCB-level protection, configuring it to dump the target process, monitoring the target process until it is suspended, and then suspending the WerFaultSecure process. A tool to execute this exploit is available on GitHub, and another researcher has developed a KQL rule for its detection. The EDR-Freeze technique exploits a vulnerability in the WerFaultSecure program, addressing the weaknesses of the BYOVD method and allowing flexible control over EDR and antivirus programs.

Tech Optimizer

July 21, 2025

How Often Should You Update Your Antivirus Software?

Antivirus software protects devices from various digital threats, including viruses, Trojans, ransomware, and spyware. According to the 2025 Antivirus Statistics and Consumer Report, 75% of users believe their antivirus software effectively safeguards their devices. The effectiveness of antivirus software depends on the last update, as neglecting updates leaves devices vulnerable to emerging threats. Frequent updates are necessary because hackers continuously develop new malware. Failing to update antivirus software increases the risk of hacking and can degrade device performance. It is recommended to check for updates daily, perform manual checks weekly, and expect major updates every 3 to 6 months. Free antivirus software may offer limited protection and fewer updates, requiring users to be proactive in checking for updates.

AppWizard

July 8, 2025

Call of Duty takes PC game offline after multiple reports of RCE attacks on players

Call of Duty has temporarily taken its PC games offline due to reports of remote code execution (RCE) attacks that have compromised players' computers. The developers are investigating the issue. Players have shared videos of their systems being hacked during gameplay, with incidents including game freezes and unauthorized command executions. The vulnerability is linked to the shift from dedicated servers to peer-to-peer networking, which has made older games more susceptible to attacks. MalwareBytes has noted that this issue has become well-known in the community, leading many to avoid these titles. Previous vulnerabilities allowing RCE through the Steam platform were identified six years ago. The official Call of Duty X account has not provided updates on the investigation or the status of the games.

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Tech Optimizer

March 2, 2025

5 things you may already be doing that compromise your Windows security

Many individuals compromise their computer security through everyday habits, which cybercriminals exploit, leading to data theft and unauthorized access. Common missteps include: 1. Downloading software from untrusted sources, which can harbor malware. To mitigate this risk, always download from official websites and consider using a sandbox for testing. 2. Using weak or reused passwords, making accounts vulnerable if one site is breached. To enhance security, use a password manager, enable multi-factor authentication, and create unique, complex passwords. 3. Clicking on phishing emails and links, which can lead to credential theft. To defend against phishing, scrutinize emails and links, and visit official websites directly for verification. 4. Disabling or ignoring antivirus and firewall protection, which exposes PCs to risks. Ensure these protections remain active and trustworthy before bypassing any warnings. 5. Ignoring software and OS security updates, which are crucial for addressing vulnerabilities. Regularly installing updates helps maintain security, as neglecting them can leave systems exposed.

Tech Optimizer

February 23, 2025

Top 10 Best Ransomware Protection Tools

Ransomware is a type of malicious software that encrypts files, making them inaccessible until a ransom is paid, usually in cryptocurrency. Ransom demands can range from a few hundred to several thousand dollars, causing significant disruptions and financial losses. Key examples of ransomware include WannaCry, Petya, CryptoLocker, Ryuk, REvil, and Snake. To protect against ransomware, it is crucial to keep software updated, use anti-virus solutions, be cautious with unknown attachments or links, and regularly back up important data. Effective protection tools include backup solutions, anti-virus software, firewalls, and ransomware-specific solutions. Free protection options include Windows Defender, Malwarebytes Anti-Ransomware, Bitdefender Anti-Ransomware, Avast Anti-Ransomware, and Kaspersky Anti-Ransomware Tool for Business. Ransomware can be categorized into locker ransomware, screen ransomware, and encrypting ransomware.

Tech Optimizer

February 4, 2025

EDB announces Secure Open Software Solution for EDB Postgres AI Enterprise and Government Deployments

EDB has announced the EDB Postgres® AI platform, which now includes a Secure Open Source solution aimed at enhancing security for enterprise and government deployments. Key features include: - Supply Chain Security to mitigate risks from third-party software vulnerabilities. - Automated Standards Compliance to simplify adherence to industry standards. - Government Security Assurance to meet stringent security requirements. EDB has also expanded security partnerships with Fortanix and Entrust to improve key management for sensitive data protection.

Winsage

December 7, 2024

Micropatchers share fix for NTLM hash leak flaw in Windows

Acros Security has identified an unpatched NTLM vulnerability in Microsoft Windows, affecting versions from Windows 7 to Windows 11 v24H2, which risks credential theft. The vulnerability can be exploited through Windows Explorer when users view a malicious file, exposing their NTLM hash to remote attackers. Acros plans to release a micropatch to mitigate the risk and has contacted Microsoft regarding the issue. Historically, Acros has reported several zero-day vulnerabilities to Microsoft. The micropatching industry aims to provide more permanent solutions to security flaws, though it may introduce complications. As Windows 10 approaches retirement, IT managers may increasingly consider micropatching for system protection. Mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020.

Winsage

October 25, 2024

What I learned from 3 years of running Windows 11 on “unsupported” PCs

Midrange and high-end laptops have seen enhancements such as high-resolution displays, taller screen aspect ratios (16:10 and 3:2), USB-C charging, and backlit keyboards. The ThinkPad X230 features a booklight next to the webcam for keyboard illumination but lacks a backlit keyboard. Recent laptops offer upgrades that improve productivity and user satisfaction, particularly for Windows 11 support. Windows 11 requires security features like TPM 2.0, hypervisor-protected code integrity (HVCI), and mode-based execution control (MBEC), which enhance data protection but may affect performance on older systems. Older PCs face vulnerabilities due to the lack of support for the latest security updates and BIOS fixes, increasing their risk.

Winsage

October 9, 2024

October 2024 Patch Tuesday: Updates and Analysis

Microsoft released a patch for CVE-2024-43572, a vulnerability in the Microsoft Management Console, rated Important with a CVSS score of 7.8, allowing remote code execution through malicious MSC files. Another patch was issued for CVE-2024-43573, a Moderate spoofing vulnerability in the Windows MSHTML Platform with a CVSS score of 6.5, affecting multiple Microsoft products. Additionally, three critical vulnerabilities were identified: CVE-2024-43468 in Microsoft Configuration Manager (CVSS score 9.8), CVE-2024-43488 in the Arduino extension for Visual Studio Code (CVSS score 8.8), and CVE-2024-43582 in the Remote Desktop Protocol Server (CVSS score 8.1). The CrowdStrike Falcon® platform introduced a Patch Tuesday dashboard for tracking vulnerabilities, and organizations are encouraged to adopt comprehensive cybersecurity strategies beyond just patching.