U.S. Cybersecurity Archives

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 11, 2026

Windows 10 Users Are Being Targeted With New Upgrade Offer

A surge of attacks targeting Windows 10 machines highlights the need for users to upgrade to Windows 11 Pro, which is currently available at a discount of approximately 94% off its standard price. Windows 10 is becoming increasingly vulnerable as it approaches its end of support, leaving users exposed to cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency warns that unsupported systems are often exploited by cybercriminals. Windows 10 remains widely used, making it a significant target for attackers, as evidenced by over billion in reported cybercrime losses in 2023. Windows 11 Pro offers enhanced security features, including BitLocker drive encryption, Credential Guard, and Smart App Control, along with a security-first design that requires compatible hardware. Current promotions allow users to purchase a Windows 11 Pro license for under 0, providing a one-time purchase option that includes updates until Microsoft ends support for Windows 11. Users are advised to check compatibility before upgrading and to back up important files. For those unable to upgrade, alternatives include purchasing Extended Security Updates or investing in new hardware that meets Windows 11 specifications.

Winsage

December 10, 2025

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include two critical vulnerabilities: 1. CVE-2025-6218 (CVSS score of 7.8) - RARLAB WinRAR Path Traversal Vulnerability, which allows attackers to execute arbitrary code by manipulating file paths within a malicious archive or webpage. 2. CVE-2025-62221 (CVSS score of 7.8) - Microsoft Windows Use After Free Vulnerability, which enables an authorized attacker to elevate their privileges locally to SYSTEM. Federal agencies are required to address these vulnerabilities by December 30, 2025, in accordance with Binding Operational Directive (BOD) 22-01.

Winsage

November 13, 2025

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox. 1. WatchGuard Firebox Vulnerability (CVE-2025-9242): This vulnerability has a CVSS score of 9.3 and allows unauthenticated attackers to execute arbitrary code through an out-of-bounds write flaw. It affects Fireware OS versions 11.10.2 to 11.12.4_Update1, 12.0 to 12.11.3, and 2025.1. The vulnerability impacts the Mobile User VPN and Branch Office VPN configured with IKEv2. 2. Gladinet Triofox Vulnerability (CVE-2025-12480): This improper access control vulnerability allows threat actors to bypass authentication and upload remote access tools. It has been linked to threat cluster UNC6485 and is the third Triofox issue exploited this year, following CVE-2025-30406 and CVE-2025-11371. 3. Microsoft Windows Vulnerability (CVE-2025-62215): This race condition vulnerability has a CVSS score of 7 and allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM privileges. Federal agencies must address these vulnerabilities by December 3, 2025, as per Binding Operational Directive (BOD) 22-01. Private organizations are also advised to review the KEV catalog to strengthen their cybersecurity measures.

Winsage

October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.

Winsage

October 25, 2025

Windows Server WSUS bug exploits underway, Microsoft’s mum

A critical vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, has a CVSS score of 9.8 out of 10 and affects Windows Server versions from 2012 to 2025. The vulnerability arises from the insecure deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code on compromised systems. Servers without the WSUS role enabled are unaffected. Microsoft issued a patch on October 14, which did not fully resolve the issue, leading to an emergency update. Security researcher Kevin Beaumont reported that he could manipulate the second patch, raising concerns about the delivery of malicious updates. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-59287 to its Known Exploited Vulnerabilities catalog, while the Dutch National Cybersecurity Center issued alerts about ongoing exploitation activities. Private security firms, including Huntress and watchTowr, reported targeted attacks on WSUS instances, with fewer than 25 susceptible hosts identified. WatchTowr's CEO warned that any unpatched WSUS instance online is likely compromised, urging organizations to reassess their security posture.

Winsage

October 24, 2025

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

Microsoft has released out-of-band security updates to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287, which has a CVSS score of 9.8 and is actively being exploited. The vulnerability allows unauthorized remote code execution due to unsafe deserialization of untrusted data. It affects various supported versions of Windows Server, including 2012, 2012 R2, 2016, 2019, 2022, and 2025 (23H2 Edition, Server Core installation). Microsoft recommends applying the patch and rebooting the system, or alternatively, disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531. The Dutch National Cyber Security Centre (NCSC) reported active exploitation on the same day the updates were released. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to address it by November 14, 2025.

Winsage

October 22, 2025

CISA urges immediate patching of exploited Windows SMB client vulnerability

The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued a warning about a high-severity vulnerability, CVE-2025-33073, affecting unpatched versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server. This vulnerability targets the Windows Server Message Block (SMB) client, crucial for file and printer sharing. It was initially addressed by Microsoft in June 2025, but not all installations received the updates, leading to active exploitation. Attackers can exploit this vulnerability by tricking a Windows client into connecting to a malicious SMB server, allowing them elevated access privileges. CISA has mandated that federal civilian agencies implement the security update by November 10 and is encouraging private organizations to ensure patch compliance. Recommendations for organizations include restricting SMB access, segmenting internal networks, and monitoring for unusual outbound SMB traffic.