vulnerabilities Archives

Winsage

April 30, 2025

A mysterious new Windows 11 folder appeared – and now there’s a new exploit

Windows 11 users encountered the "inetpub" folder after the April 2023 update (KB5055523), which is a crucial component for addressing the security vulnerability CVE-2025-21204. Microsoft stated that the folder should not be removed, as it helps manage Windows Update security vulnerabilities by preventing unauthorized control through symbolic links. However, cybersecurity expert Kevin Beaumont revealed that the same patch introduced a new vulnerability that could allow remote exploitation, prompting Microsoft to acknowledge this issue with a "Moderate" status and indicate that a fix is forthcoming. Users are advised to keep their systems updated and not delete the "inetpub" folder. If the folder is deleted, it can be restored by enabling Internet Information Services in the Control Panel.

Winsage

April 30, 2025

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code

Security researcher Nafiez has discovered a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft has chosen not to address this issue, stating it does not meet their security servicing criteria. The vulnerability exploits specific components of LNK files, enabling attackers to create malicious shortcuts that initiate silent network connections when a user accesses a folder containing them. The exploit involves manipulating the HasArguments flag, EnvironmentVariableDataBlock, and embedding UNC paths. Microsoft defends its inaction by citing the Mark of the Web (MOTW) feature as adequate protection, despite concerns from security experts about its effectiveness. Previous vulnerabilities in LNK files have been addressed by Microsoft, and the availability of proof-of-concept code raises fears of potential exploitation by malicious actors.

AppWizard

April 30, 2025

Google’s Play Store App Deletion—What You Do Now On Your Phone

Google's Play Store has undergone a significant overhaul, resulting in a reduction of apps from approximately 3.4 million to around 1.8 million, a decline of nearly 47% since the beginning of 2024. This change was prompted by an increase in threats to mobile devices and stricter criteria for app inclusion and retention. Google is targeting the removal of static apps without specific functionalities, apps with minimal content, and applications that lack functional value. Removed apps will no longer be available for download, but users with the app already installed can continue to use it without updates. If uninstalled, users cannot redownload the app unless republished by the developer. Users are advised to manage their app collections to mitigate risks associated with low-quality apps. Subscriptions linked to removed apps will also be terminated.

Tech Optimizer

April 30, 2025

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

A significant vulnerability, designated as CVE-2025-3500, has been identified in Avast Free Antivirus, allowing attackers to gain elevated system privileges and execute malicious code at the kernel level. The vulnerability has a high CVSS score of 8.8 and was publicly disclosed on April 24, 2025, shortly after a patch was implemented. It originates from inadequate validation of user-supplied data in the aswbidsdriver kernel driver, leading to an integer overflow prior to buffer allocation. Attackers must first execute low-privileged code on the target system to exploit this vulnerability. The flaw affects multiple versions of Avast Free Antivirus, specifically versions ranging from 20.1.2397 to 2016.11.1.2262. A fix was released in version 25.3.9983.922, and users are urged to update their software promptly. Security experts recommend enabling automatic updates and using standard user accounts for daily activities to mitigate risks.

Winsage

April 29, 2025

New Windows 7 And Windows Server 2008 Security Updates Confirmed

Microsoft has introduced a no-reboot patching feature for Windows 11 and announced hotpatching costs for Windows Server 2025. Windows 7 and Windows Server 2008 R2 have reached their end-of-support status and lack official security patches. However, users of these legacy systems can utilize a micro patching service called 0patch, which delivers micro patches to address specific vulnerabilities without requiring system reboots. On April 29, 2023, Mitja Kolsek, CEO of ACROS Security, announced that support for Windows 7 and Windows Server 2008 R2 would be extended until January 2027 due to high demand. These micro patches are currently the only available security updates for these legacy versions.

Winsage

April 28, 2025

While Windows 10 users panic, Ubuntu makes extending support easy

Ubuntu offers a service called Ubuntu Pro that allows home users to extend support for Ubuntu 20.04 at no cost through Extended Security Maintenance (ESM), providing a decade of vulnerability management for critical, high, and select medium security issues. Ubuntu 20.04, launched in 2020, has five years of support remaining. Users can create a free Ubuntu Pro account to link their operating system to ESM, which can be done by executing the command "sudo pro attach TOKEN" after obtaining a unique token from their account. ESM is available for all Long Term Support (LTS) versions of Ubuntu, including 20.04, 22.04, and 24.04, with support lasting until 2030, 2032, and 2034, respectively.

Winsage

April 28, 2025

Microsoft to Launch Paid Hotpatching for Windows Server 2025

Microsoft will launch a subscription-based hotpatching service for Windows Server 2025 on July 1, 2025, priced at [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Microsoft is set to transform the landscape of enterprise updates with the upcoming launch of its subscription-based hotpatching service for Windows Server 2025. This innovative approach marks a significant shift in how updates will be managed for businesses operating Windows Server outside of Azure. Beginning July 1, 2025, hotpatching will transition from a complimentary preview to a paid subscription model, priced at .50 per CPU core per month. This change extends a capability that was previously exclusive to Azure users, now making it accessible for on-premises servers and hybrid environments through Azure Arc integration. What Is Hotpatching? Hotpatching is a cutting-edge technology that enables the installation of security and critical updates without necessitating a system reboot. Instead of interrupting services or rebooting servers, hotpatching directly updates the in-memory code of running processes. This advancement brings Windows server deployments in line with similar technologies that Linux administrators have enjoyed for years, such as kpatch and ksplice. By allowing updates without reboots, organizations can significantly reduce disruptions while enhancing their security posture. How Does Hotpatching Work? The hotpatching mechanism follows a structured update cycle: Baseline months: In January, April, July, and October, a full cumulative update will be released, requiring a reboot to establish a new baseline. Hotpatch months: In the two months following each baseline month, critical patches will be deployed via hotpatches without requiring any server reboots. This means that servers will only need to reboot approximately four times a year, rather than monthly. On rare occasions, Microsoft may issue a critical security update that requires a reboot even during a hotpatch month, but the aim remains clear: to provide up to eight rebootless hotpatches annually. Why Is Microsoft Moving to a Paid Model? While hotpatching was available at no additional cost during its preview phase, Microsoft is now positioning it as a premium feature for customers seeking maximum uptime, operational simplicity, and rapid security response. According to the Windows Server team at Microsoft, the value of hotpatching encompasses: Reduced Downtime: Maintain operations without the need for scheduling late-night or weekend reboot windows. Faster Updates: Smaller patches facilitate quicker deployments. Enhanced Security: Address vulnerabilities swiftly without delays associated with reboot coordination. Operational Efficiency: Streamlined change management and patch orchestration. Internal teams at Microsoft, including the Xbox division, have already experienced notable efficiency improvements with hotpatching, completing tasks that previously took weeks in just days. Subscription Details Feature Details Launch Date July 1, 2025 Price .50 USD per CPU core per month Editions Supported Windows Server 2025 Standard and Datacenter Deployment Requirement Must be connected to Azure Arc Included with Azure Editions Datacenter: Azure Edition (no extra charge) Patch Frequency 8 hotpatches/year + 4 reboot-required baseline patches Organizations currently utilizing the free preview must either opt out before June 30, 2025, or they will be automatically transitioned into the paid subscription starting in July. While hotpatching offers powerful capabilities, it does not entirely eliminate the need for traditional updates. Certain updates will still necessitate a reboot, including: Major non-security updates. .NET Framework patches. Driver and firmware updates. Emergency out-of-band security patches. As such, administrators should still anticipate occasional downtime, albeit significantly reduced. By incorporating hotpatching into their update strategies, organizations can bolster system availability and streamline their maintenance processes." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core per month. Hotpatching allows security and critical updates to be installed without rebooting the system, reducing downtime and enhancing security. The update cycle includes four baseline months requiring reboots and eight hotpatches annually without reboots. The service is available for Windows Server 2025 Standard and Datacenter editions and requires connection to Azure Arc. Organizations using the free preview must opt out by June 30, 2025, or will be transitioned to the paid model. Certain updates, such as major non-security updates and .NET Framework patches, will still require reboots.

Winsage

April 28, 2025

Microsoft makes hot patching a paid feature for Windows Server 2025

Hotpatching in Windows Server 2025 allows system administrators to apply security updates without rebooting, enhancing response times to vulnerabilities. Microsoft will introduce a subscription model for this feature starting July 1, 2024, at an initial rate of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Hotpatching emerges as a significant advancement in the realm of Windows Server 2025, allowing system administrators to implement security updates without the need for system reboots. This capability enhances the speed at which organizations can respond to vulnerabilities, aligning with the growing demand for agile IT operations. However, Microsoft has decided to place this feature behind a paywall, introducing a subscription model that will take effect from July 1, 2024, at an initial rate of .50 per core per month. Notably, users operating on Azure will be exempt from this charge, providing a clear incentive for cloud-based deployments. Previously available in Azure Hotpatching is not an entirely new concept; it has been successfully utilized in various environments, including the Linux kernel, VMware products, and the Xen hypervisor. Microsoft has previously offered hot patching capabilities for Windows Server: Azure Edition and version 2022 within the Azure cloud ecosystem. In August 2024, the company unveiled a preview of hot patching for Windows Server 2025 in Azure, followed by an additional preview for deployments managed through the Arc hybrid and multicloud management system in September. This latest preview marks a pivotal moment, as it introduces hot patching for Windows Server 2025 Standard and Datacenter Edition, enabling on-premises applications of this technology for the first time. Microsoft has characterized this feature as a “game changer,” highlighting its potential to redefine patch management for enterprises. Subscription model and patching cycle Under the new subscription model, Microsoft anticipates releasing eight hot patches annually. However, it is important to note that there may be instances where a restart is still required for security purposes. As the transition to the paid version approaches, users currently in the preview phase will be automatically migrated unless they opt out by June 30, 2024. This move has drawn parallels to Microsoft's previous strategies regarding detailed logs, which have sparked concern among security experts. Critics argue that by monetizing essential security features, Microsoft risks compromising the overall security posture for users who may not opt for these additional services. While hotpatching was initially heralded as a cornerstone innovation for Windows Server 2025, its placement behind a paywall raises questions about the balance between enhanced security and cost considerations for organizations. Read also: Windows Server 2025 updates cause problems" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per core per month, with Azure users exempt from this charge. Hotpatching has been previously available in Azure and is now being introduced for on-premises applications in Windows Server 2025 Standard and Datacenter Edition. Microsoft plans to release eight hot patches annually, although some may still require a restart. Users in the preview phase will be automatically migrated to the paid version unless they opt out by June 30, 2024. Critics express concern that monetizing essential security features may compromise overall security for users who do not subscribe.

Winsage

April 27, 2025

New Security Warning After 1 Billion Windows Users Told Do Not Delete

Microsoft's recent security update for Windows has raised concerns among users due to the introduction of a new vulnerability. The update, intended to address the CVE-2025-21204 vulnerability, inadvertently created a folder named inetpub, which Microsoft claims is essential for user protection. Security researcher Kevin Beaumont has warned that this update has introduced a denial of service vulnerability that allows non-admin users to halt future Windows security updates. Microsoft has classified the issue as moderate in severity and suggested that deleting the inetpub symlink and retrying the update may resolve the problem. The report has been forwarded to the Windows security team for potential further action.

Tech Optimizer

April 27, 2025

Why aren’t there antivirus apps for the iPhone?

In recent years, the belief that iOS devices are "immune" to viruses has been challenged as cybercriminals increasingly target these platforms. Apple’s security measures, including sandboxing, help isolate apps to prevent the spread of malware. The App Store is strictly controlled, with Apple reviewing apps for security compliance, resulting in few harmful applications being reported. Antivirus software available in the App Store, from companies like McAfee and Norton, operates under the same constraints as other apps and cannot directly access the operating system kernel. Users are advised to avoid jailbreaking their devices, enable automatic updates, and take precautions such as avoiding public charging stations and regularly reviewing app permissions. Utilizing a password manager or VPN can enhance security, and those who have experienced data breaches may consider identity theft protection.