We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Windows remote desktop

Patch Tuesday fixes an exploited bug, but not for Windows 10
Winsage
April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
Winsage
April 8, 2025

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.
March Patch Tuesday fixes 6 Windows zero-day exploits
Winsage
March 12, 2025

March Patch Tuesday fixes 6 Windows zero-day exploits

A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Winsage
March 11, 2025

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Microsoft released security updates on March 2025 Patch Tuesday, addressing 57 vulnerabilities, including six classified as critical related to remote code execution. The vulnerabilities are categorized as follows: 23 Elevation of Privilege, 3 Security Feature Bypass, 23 Remote Code Execution, 4 Information Disclosure, 1 Denial of Service, and 3 Spoofing. The updates specifically address six actively exploited zero-day vulnerabilities and one publicly disclosed zero-day vulnerability. The zero-day vulnerabilities include: 1. CVE-2025-24983 - Elevation of Privilege in Windows Win32 Kernel Subsystem. 2. CVE-2025-24984 - Information Disclosure in Windows NTFS. 3. CVE-2025-24985 - Remote Code Execution in Windows Fast FAT File System Driver. 4. CVE-2025-24991 - Information Disclosure in Windows NTFS. 5. CVE-2025-24993 - Remote Code Execution in Windows NTFS. 6. CVE-2025-26633 - Security Feature Bypass in Microsoft Management Console. The publicly disclosed zero-day is: - CVE-2025-26630 - Remote Code Execution in Microsoft Access. A comprehensive list of resolved vulnerabilities includes various CVE IDs and their respective titles and severities, with several vulnerabilities affecting Microsoft Office products, Windows components, and Azure services.
Microsoft Fixes Zero-Day, Critical RCEs in Patch Tuesday
Winsage
December 11, 2024

Microsoft Fixes Zero-Day, Critical RCEs in Patch Tuesday

A Windows zero-day security vulnerability, tracked as CVE-2024-49138 (CVSS 7.8), exists in the Windows Common Log File System (CLFS) Driver, allowing privilege escalation. This vulnerability can be exploited by manipulating log files or corrupting log data, potentially leading to SYSTEM-level privileges on Windows Server. Microsoft’s December 2024 Patch Tuesday update includes 71 patches, bringing the total for the year to 1,020, with 16 classified as critical. Among these, CVE-2024-49112 (CVSS 9.8) is a critical remote code execution (RCE) vulnerability in Windows LDAP, which can compromise Domain Controllers. CVE-2024-49117 (CVSS 8.8) affects Windows Hyper-V, allowing code execution on the host OS from a guest VM. Additionally, CVE-2024-49132 (CVSS 8.1) impacts Windows Remote Desktop Services, enabling RCE through a use-after-free memory condition. Other vulnerabilities include CVE-2024-49093 (CVSS 8.8), an elevation of privilege flaw in Windows Resilient File System (ReFS), and CVE-2024-49063, an RCE issue in the Musik project related to AI-generated music.
silver Android smartphone
Winsage
December 10, 2024

Latest Quest Update Brings Big Improvements to Virtual Desktop and Hand-tracking

Meta has rolled out the Quest v72 update for its Quest 3 and 3S headsets, enhancing user experience with improvements in hand-tracking and the integration of Windows 11 Remote Desktop. The update allows users to connect their headsets to Windows PCs by gazing at their PC, although the setup requires specific steps on both the PC and the headset. The feature is labeled as "experimental" and may have initial challenges. The update also improves keyboard tracking for a wider range of devices, enhances hand-tracking technology with reduced latency and improved stability, and introduces Instagram chat, an upgraded Media Gallery, and live call captions in Horizon Worlds. Users can check for the update through the headset's settings menu, and advanced users can force an update if desired.
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Winsage
December 10, 2024

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

A compilation of vulnerabilities in various Microsoft products has been released, highlighting critical issues that require immediate attention. Key vulnerabilities include: - Microsoft/Muzic Remote Code Execution Vulnerability (CVE-2024-49063) - classified as important. - Microsoft Defender for Endpoint on Android Spoofing Vulnerability (CVE-2024-49057) - rated important. - Microsoft Edge vulnerabilities: - Type Confusion in V8 (CVE-2024-12053) - severity unknown. - Spoofing vulnerability (CVE-2024-49041) - rated moderate. - Microsoft Office vulnerabilities: - Elevation of Privilege Vulnerability (CVE-2024-49059) - rated important. - Elevation of Privilege Vulnerability (CVE-2024-43600) - rated important. - Remote Code Execution Vulnerability in Microsoft Access (CVE-2024-49142) - rated important. - Critical vulnerabilities in Microsoft Excel (CVE-2024-49069) and Publisher (CVE-2024-49079). - SharePoint vulnerabilities: - Information disclosure (CVE-2024-49064, CVE-2024-49062) - rated important. - Elevation of privilege (CVE-2024-49068) - rated important. - Remote code execution (CVE-2024-49070) - rated critical. Critical vulnerabilities in Windows services include: - Windows Hyper-V Remote Code Execution Vulnerability (CVE-2024-49117) - rated critical. - Windows Remote Desktop Services vulnerabilities (CVE-2024-49132, CVE-2024-49115, CVE-2024-49116) - all rated critical. - Windows Lightweight Directory Access Protocol vulnerabilities (CVE-2024-49124, CVE-2024-49112, CVE-2024-49127) - rated critical. - Windows Message Queuing (MSMQ) vulnerabilities (CVE-2024-49118, CVE-2024-49122) - rated critical.
Final Meta Quest 3 update of 2024 brings big hand-tracking upgrade – and it might convince me to give working in VR another chance
Winsage
December 10, 2024

Final Meta Quest 3 update of 2024 brings big hand-tracking upgrade – and it might convince me to give working in VR another chance

The latest software update for the Meta Quest 3 and Quest 3S, version 72, includes a significant upgrade to Windows remote desktop functionality, allowing easier connection to Windows 11 PCs. Users can set up by ensuring their PC runs Windows 11 version 22H2 or later, downloading the Mixed Reality Link app from the Microsoft Store, and enabling the 'Pair to PC with Microsoft Mixed Reality Link' feature in the headset's settings. The update also improves keyboard recognition through a dynamic passthrough window, introduces Hand Tracking 2.3 for better stability and accuracy, adds support for Instagram Direct Messenger, revamps the Media Gallery app for easier content sharing, and introduces live captions for calls in the People app to enhance accessibility.
Search