unpatched vulnerability Archives

Winsage

July 27, 2025

Microsoft Weekly: a new Surface, big Windows 11 feature update, and more

In July 2025, Microsoft released non-security updates for Windows 10 (KB5062649) and Windows 11 (KB5062663 for versions 22H2 and 23H2; KB5062660 for version 24H2), introducing AI functionalities, improvements in Settings, and a redesigned BSOD. Companies like Brave and AdGuard are blocking Windows Recall due to privacy concerns. Microsoft is developing a tool for transitioning from older to newer computers and published a guide for Windows 10's end of support on October 14, 2025. The Windows Insider Program released Build 27909, focusing on minor fixes, and introduced an audio-sharing feature. Microsoft disclosed a security breach in SharePoint affecting the US nuclear weapons department and provided fixes. The Surface Laptop 7 was launched with Intel's Core Ultra 200 Series processors and optional 5G connectivity. The Files app received a preview update with a new Omnibar. Meta is transitioning WhatsApp on Windows to a progressive web app, and Firefox released version 141.0 with AI-powered tab groups. Microsoft is testing a cross-device play history feature for Xbox and reversed its decision on Xbox game pricing. EA announced a new Battlefield installment, and Nvidia added new titles to GeForce NOW. Various discounts and a free game, Legion TD 2, were featured in the Weekend PC Game Deals.

Winsage

May 22, 2025

Windows Server Flaw a Shortcut to Privilege Escalation

An unpatched vulnerability in Windows Server 2025, identified by Akamai researchers, is associated with a method called "BadSuccessor." This flaw, considered "trivial" to exploit and present in the default configuration, allows for privilege escalation and potential full domain compromise. The vulnerability arises from delegated managed service accounts (dMSA), which were intended to enhance security during the migration of legacy service accounts. However, dMSAs can inherit permissions from legacy accounts, enabling attackers to simulate a migration and gain access to the permissions and encryption keys of those accounts without verification. The attack requires prior permissions within an Active Directory organizational unit, indicating a previous breach. Akamai reported the vulnerability to Microsoft on April 1, but Microsoft classified its severity as "moderate." Akamai recommends organizations restrict the creation of dMSAs to mitigate risks associated with this vulnerability.

Winsage

December 7, 2024

Micropatchers share fix for NTLM hash leak flaw in Windows

Acros Security has identified an unpatched NTLM vulnerability in Microsoft Windows, affecting versions from Windows 7 to Windows 11 v24H2, which risks credential theft. The vulnerability can be exploited through Windows Explorer when users view a malicious file, exposing their NTLM hash to remote attackers. Acros plans to release a micropatch to mitigate the risk and has contacted Microsoft regarding the issue. Historically, Acros has reported several zero-day vulnerabilities to Microsoft. The micropatching industry aims to provide more permanent solutions to security flaws, though it may introduce complications. As Windows 10 approaches retirement, IT managers may increasingly consider micropatching for system protection. Mainstream support for Windows 7 ended in 2015, with extended support concluding in 2020.

Winsage

August 28, 2024

Microsoft Update Leak—Good News Revealed For 30% Of Windows Users

Microsoft recently published and then removed a support document about a new feature called "hotpatching," which aims to reduce the need for reboots after updates by allowing in-memory code of running processes to be patched without restarting them. However, users may still need to reboot their systems for every third update. Additionally, a new vulnerability associated with the Downdate tool allows attackers to revert Windows installations to previous versions, potentially exposing systems to previously mitigated threats. Microsoft acknowledged an elevation of privilege vulnerability within Windows Update that could let attackers reintroduce fixed vulnerabilities and is working on a security update. The company has issued recommendations for users to enhance security, including configuring audit settings and restricting access to update files. There is an increasing urgency for users, especially those on Windows 10, to upgrade to Windows 11 due to the approaching end of life for Windows 10.

Winsage

August 14, 2024

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Attackers are exploiting a significant number of vulnerabilities disclosed by Microsoft in its August security update, with six out of 90 vulnerabilities being a primary concern for system administrators. Four of these vulnerabilities were known prior to the announcement and are categorized as zero-days, including CVE-2024-38202, an unpatched elevation of privilege (EoP) vulnerability in the Windows Update Stack. This flaw allows an attacker with basic user privileges to potentially reintroduce mitigated vulnerabilities or bypass features of Virtualization Based Security (VBS). Seven vulnerabilities from the update are rated as critical, while the remaining 79 CVEs are deemed "Important" or of medium severity. Two of the actively exploited vulnerabilities facilitate remote code execution (RCE): CVE-2024-38189 affects Microsoft Project, allowing arbitrary code execution if a user opens a malicious file, and CVE-2024-38178 involves a memory corruption issue in the Windows Scripting Engine, requiring user interaction. Additionally, three other zero-days under active exploitation (CVE-2024-38106, CVE-2024-38107, and CVE-2024-38193) enable privilege elevation to system admin status, with CVE-2024-38106 being particularly concerning due to its presence in the Windows Kernel. The final zero-day, CVE-2024-38213, allows attackers to bypass Windows Mark of the Web security protections, facilitating the infiltration of malicious files and web content into enterprise environments.

Winsage

July 18, 2024

Windows installer tagged with flaws that could elevate privileges

An unpatched vulnerability in Windows installer files allows attackers to elevate privileges and potentially take over vulnerable systems. The vulnerability stems from the way Windows handles permissions for installer files, allowing custom actions to bypass normal account protections and carry out malicious activities. The flaw was reported to Microsoft last year but was dismissed as not replicable on patched systems. The vulnerability requires local access to exploit, making it more difficult for threat actors to take advantage of.