vulnerable systems Archives

Winsage

February 5, 2025

Windows 10 on the brink of extinction: This is how vulnerable you really are!

Microsoft will cease support for Windows 10 in October 2025, meaning new security vulnerabilities will not be patched, increasing exposure to threats. Cybercriminals are expected to target Windows 10, which still has over 60% market share, making it an attractive target. ESET estimates that around 32 million PCs in Germany are still using Windows 10. Users can opt for the Extended Security Updates program for an additional cost, extending updates until October 2026, or use 0Patch for updates until 2030. Windows 10 IoT Enterprise LTSC 2021 will receive updates until 2032, but its use as an office PC is restricted. Users are encouraged to upgrade to Windows 11 where hardware compatibility exists for ongoing security updates and new features.

Winsage

September 18, 2024

CISA warns of Windows flaw used in infostealer malware attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to strengthen their systems against the Windows MSHTML spoofing zero-day vulnerability identified as CVE-2024-43461. This vulnerability was initially deemed non-exploited by Microsoft but was later confirmed to have been exploited before its patch. Attackers, including the Void Banshee hacking group, used this vulnerability to install information-stealing malware by deceiving users into opening malicious files disguised as harmless documents. CISA has included this vulnerability in its Known Exploited Vulnerabilities catalog and has mandated that federal agencies secure their systems within three weeks, with a deadline of October 7. Additionally, Microsoft has addressed three other actively exploited zero-days in its September 2024 Patch Tuesday updates.

Winsage

August 29, 2024

PoCcode released for zero-click Windows critical vuln

A critical vulnerability in Windows, designated CVE-2024-38063, has been identified with a CVSS score of 9.8, allowing unauthenticated attackers to execute code remotely on unpatched machines via specially crafted IPv6 packets. All versions of Windows 10, Windows 11, and Windows Server are affected. A temporary workaround is to disable IPv6 and revert to IPv4. Microsoft released a patch for this vulnerability on August 13, but system administrators often delay patch installations, leading to exploitation opportunities. A developer has released proof-of-concept code for the vulnerability. Marcus Hutchins noted the rapid identification of the flaw, which stemmed from a single change in the driver file. Users are urged to patch their systems promptly to mitigate risks.

Winsage

August 14, 2024

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

Microsoft has issued a warning about a critical TCP/IP remote code execution vulnerability, tracked as CVE-2024-38063, affecting all Windows systems using IPv6. Discovered by Kunlun Lab's XiaoWei, the vulnerability arises from an Integer Underflow weakness that could allow attackers to exploit buffer overflows and execute arbitrary code on systems, including Windows 10, Windows 11, and Windows Server. Unauthenticated attackers can exploit this flaw by sending specially crafted IPv6 packets, and Microsoft has labeled it with an "exploitation more likely" tag. The company advises customers to prioritize implementing the security update and suggests disabling IPv6 temporarily as a mitigation measure, while cautioning against completely turning it off. The vulnerability has been classified as wormable, and it is part of a history of similar IPv6-related vulnerabilities addressed by Microsoft over the past four years. Users are urged to apply the latest Windows security updates promptly due to the increased risk associated with this vulnerability.

Winsage

August 9, 2024

PoC Released for 0-click RCE Flaw Impacting Windows Server – MadLicense

A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-38077, affects various Windows Server versions from 2000 to the 2025 preview. The flaw is located in the Windows Remote Desktop Licensing Service and allows attackers to execute arbitrary code without user interaction. The vulnerability is due to a heap overflow issue in the CDataCoding::DecodeData function, which mishandles user-controlled input. A proof-of-concept exploit demonstrates how this vulnerability can bypass security measures in Windows Server 2025. Over 170,000 Remote Desktop Licensing Services are exposed to the public internet, increasing the risk of exploitation. Microsoft has been informed about the vulnerability and has released a patch, urging users to apply it to mitigate risks. Security researchers recommend additional security measures like network segmentation and access controls.

Tech Optimizer

August 7, 2024

5 devious ways malware can sneak past your PC’s antivirus

Antivirus programs have detection rates between 98.9% and 100%, yet many computers still get infected due to the high volume of attacks, with over 100 million new malware variants emerging annually. Approximately 99.9% of attacks are thwarted, leaving one in 1,000 successful. Most malware spreads through email, and cybercriminals exploit security vulnerabilities, such as weak passwords, to disable antivirus software. Credential stuffing attacks use stolen login data to access multiple accounts, while social engineering tactics, like spear phishing, target individuals and organizations. New attack methods include SMS phishing and AI-generated videos. Companies are primary targets for cyberattacks, with phishing being the most common entry point. Regular updates and user education are essential for cybersecurity.

Winsage

July 30, 2024

Why you should never connect a Windows XP PC to the internet

Windows XP, released in 2001, has not received significant updates since 2014, leading to increased security vulnerabilities. YouTuber Eric Parker conducted an experiment by connecting a Windows XP machine to the internet, resulting in the detection of malware within minutes, even without visiting any websites. He recorded eight instances of malware, including four Trojans, and noted that a new administrator account was created, allowing remote control of the system. Parker conducted the test without antivirus software or an intermediate router, highlighting that the Windows Firewall alone was insufficient for protection against cyber threats. He advised that such experiments should only be done in controlled environments to avoid exposing vulnerable systems to the internet.

Winsage

July 27, 2024

Microsoft Windows Deadline—Why You Need To Update Your PC By July 30

A new threat exploiting Internet Explorer code hidden in millions of PCs poses a serious risk to user data and system integrity. The US government has added the vulnerability to its Known Exploit Vulnerability catalog, emphasizing the importance of updating Windows systems to protect against potential attacks. Microsoft has released a patch to address the issue and urges users to install the update promptly.

Winsage

July 18, 2024

Windows installer tagged with flaws that could elevate privileges

An unpatched vulnerability in Windows installer files allows attackers to elevate privileges and potentially take over vulnerable systems. The vulnerability stems from the way Windows handles permissions for installer files, allowing custom actions to bypass normal account protections and carry out malicious activities. The flaw was reported to Microsoft last year but was dismissed as not replicable on patched systems. The vulnerability requires local access to exploit, making it more difficult for threat actors to take advantage of.

Winsage

June 15, 2024

CISA warns of Windows bug exploited in ransomware attacks

Federal Civilian Executive Branch Agencies (FCEB) have three weeks to patch the CVE-2024-26169 security vulnerability to prevent ransomware attacks.