NewApp Digest
search bot

spoofing

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Winsage
January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.
Microsoft's Latest 'Patch Tuesday' Update Fixes These Three Zero-Days
Winsage
December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.
PrivadoVPN bundles VPN with antivirus for just $1.11 per month with our exclusive deal
Tech Optimizer
November 30, 2025

PrivadoVPN bundles VPN with antivirus for just $1.11 per month with our exclusive deal

PrivadoVPN is offering a Black Friday deal at .11 per month, which includes unlimited antivirus protection at no extra cost. The 27-month plan costs .99, making it the most affordable premium VPN option available. PrivadoVPN provides speeds exceeding 800 Mbps, essential features like a kill switch and parental controls, and can protect up to 10 devices simultaneously. It claims a strict no-logs policy, but lacks independent audit verification.
Microsoft gives Windows admins a legacy migration headache with WINS sunset
Winsage
November 28, 2025

Microsoft gives Windows admins a legacy migration headache with WINS sunset

Many organizations using Windows Internet Name Service (WINS) do not actively leverage it for critical operations, and it often operates quietly in the background. WINS poses significant security risks due to design limitations, particularly its lack of a robust mechanism for authenticating name registrations, making it vulnerable to spoofing attacks. Attackers can register malicious entries, such as Web Proxy Auto-Discovery (WPAD) records, allowing them to intercept web traffic or redirect connections, which facilitates lateral movement within a network and threatens organizational security.
Microsoft to remove WINS support after Windows Server 2025
Winsage
November 25, 2025

Microsoft to remove WINS support after Windows Server 2025

Microsoft will remove the Windows Internet Name Service (WINS) from all future Windows Server releases after November 2034. WINS was officially deprecated with Windows Server 2022 in August 2021, and Windows Server 2025 will be the last version to support it. Standard support for WINS will continue until November 2034. Organizations are encouraged to migrate to DNS-based name resolution solutions before this deadline. The removal will include the WINS server role, management console snap-in, automation APIs, and related interfaces. Microsoft recommends auditing services dependent on NetBIOS name resolution and migrating to DNS solutions. Static host files are not advised as a workaround. Organizations should begin migration planning to avoid operational disruptions.
Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
Winsage
November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Winsage
November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.
Update Windows ASAP to Patch Another Zero-Day Vulnerability
Winsage
November 11, 2025

Update Windows ASAP to Patch Another Zero-Day Vulnerability

Microsoft's November Patch Tuesday release addresses a total of 63 vulnerabilities, including a zero-day flaw (CVE-2025-62215) that allows elevation of privilege through a race condition in the Windows Kernel. The vulnerabilities include 29 elevation of privilege, 2 security feature bypass, 16 remote code execution, 11 information disclosure, 2 denial of service, and 3 spoofing vulnerabilities. Four vulnerabilities are classified as "critical." Windows 11 users will receive updates such as a scrollable Start menu and enhancements to File Explorer and other features. Microsoft has ended support for Windows 10, but Extended Security Updates are available until October 13, 2026, for those who opted in.
Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution
Winsage
October 31, 2025

Windows LNK UI Spoofing Vulnerability Weaponized for Remote Code Execution

A cyber espionage campaign targeting European diplomatic institutions has been attributed to the Chinese-affiliated threat actor UNC6384, which exploits the ZDI-CAN-25373 vulnerability in Windows shortcut files. The campaign, noted for its use of social engineering tactics that mimic legitimate diplomatic events, has specifically targeted entities in Hungary, Belgium, and surrounding European nations between September and October 2025. The attack utilizes spearphishing emails with malicious LNK files related to European Commission and NATO meetings, leading to the deployment of PlugX, a remote access trojan. The attack chain involves a weaponized LNK file that executes PowerShell commands to unpack a tar archive containing a malicious DLL and an encrypted payload. UNC6384 employs advanced techniques to evade detection, including dynamic loading of Windows API functions and anti-analysis measures. The malware allows extensive espionage activities and creates hidden directories for persistent access. Recommendations for organizations include disabling automatic LNK file resolution, blocking known command and control domains, and enhancing user training to defend against such threats.
Search