zero-day exploit Archives

Winsage

December 20, 2025

Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning

Microsoft's December 2025 security update disrupts Message Queuing (MSMQ) on older Windows 10 and Server systems. A subsequent November 2025 update causes RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly in Azure Virtual Desktop environments, although Windows Home or Pro editions remain unaffected. French authorities arrested two crew members of an Italian ferry for allegedly installing malware that could allow remote control of the vessel; one suspect has been released while the other is in custody. Tom Cotton, Chairman of the Senate Intelligence Committee, has urged action on vulnerabilities in open-source software, citing concerns about foreign adversaries inserting malicious code. A zero-day exploit, CVE-2025-20393, affecting Cisco email security products has been exploited by Chinese hackers since late November. DXS International reported a cybersecurity incident involving unauthorized access to its internal servers, with an investigation ongoing. A report from Resecurity indicates a rise in the criminal use of DIG AI for generating tips for illegal activities. CISA warned of a critical vulnerability in ASUS Live Update software, which has been actively exploited. An automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.

Winsage

December 18, 2025

Microsoft Eases Windows 11 Smart App Control with Toggle Option

Microsoft's Smart App Control feature in Windows 11 is designed to evaluate and block potentially harmful applications by cross-referencing them against a database of known safe software. Initially, it required a clean installation to enable or disable, which hindered its adoption. Recent updates have removed this requirement, allowing users to toggle the feature on or off directly through the Windows Security app without a system reset. This change addresses user complaints and enhances usability, particularly for developers and IT professionals managing multiple devices. The feature employs artificial intelligence for real-time decisions on app safety and integrates with other Microsoft security tools. Feedback from the tech community has been positive, highlighting the update as a significant improvement in balancing security and user flexibility.

Winsage

December 10, 2025

Microsoft Patch Tuesday, December 2025 Edition

Microsoft released a significant update addressing 56 security vulnerabilities across its Windows operating systems and supported software. This update includes a patch for a zero-day exploit, CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later versions. Throughout 2025, Microsoft has patched a total of 1,129 vulnerabilities, marking an 11.9% increase from the previous year. Three vulnerabilities were classified as critical: CVE-2025-62554 and CVE-2025-62557 related to Microsoft Office, and CVE-2025-62562 related to Microsoft Outlook. Several non-critical privilege escalation vulnerabilities were identified as likely to be exploited, including CVE-2025-62458, CVE-2025-62470, CVE-2025-62472, CVE-2025-59516, and CVE-2025-59517. Another vulnerability, CVE-2025-64671, was found in the Github Copilot Plugin for Jetbrains, allowing remote code execution. Additionally, CVE-2025-54100 is a remote code execution bug in Windows Powershell affecting Windows Server 2008 and later.

Winsage

November 11, 2025

Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day

Microsoft's latest security updates addressed 63 vulnerabilities, including a zero-day exploit designated as CVE-2025-62215, which affects the Windows Kernel and has a CVSS rating of 7.0. This vulnerability could allow attackers to gain system privileges, but details on its exploitation are not disclosed. It involves a race condition that requires additional exploits for full system compromise. A functional exploit for CVE-2025-62215 has been observed in the wild, although no public proof-of-concept exists. The most critical vulnerability this month is CVE-2025-60724, a remote-code execution flaw in the Microsoft Graphics Component with a CVSS rating of 9.8, though it is considered less likely to be exploited. Five other vulnerabilities, including three affecting the Windows Ancillary Function Driver for WinSock, are rated at 7.0 and flagged as having a higher likelihood of exploitation. Kernel-mode driver defects are highlighted as high-risk due to their role in network functionality.

Tech Optimizer

August 30, 2025

Hackers found a way to turn off Windows Defender remotely

Most modern Windows PCs rely on Microsoft Defender for malware protection. A hacker group has exploited a legitimate Intel CPU tuning driver in a "Bring Your Own Vulnerable Driver" (BYOVD) attack to disable Microsoft Defender. This method has been observed since mid-July 2025 and is used in active ransomware campaigns. The Akira ransomware group utilizes the Intel driver rwdrv.sys from ThrottleStop to gain kernel-level access, then installs a malicious driver hlpdrv.sys to modify the DisableAntiSpyware registry setting, effectively shutting down Microsoft Defender. Akira has also targeted SonicWall VPN devices, exploiting the known vulnerability CVE-2024-40766. Security firm GuidePoint has identified this method in Akira campaigns and has published detection rules and indicators for monitoring. Recommendations for protection include using strong antivirus software, limiting exposure to threats, avoiding unexpected commands, keeping software updated, using two-factor authentication, and investing in personal data removal services.

Winsage

August 27, 2025

Microsoft Streamlines Windows Server 2025 Upgrades with AI and Automation

Microsoft is introducing automated tools to simplify system upgrades for Windows Server administrators, aiming to reduce manual interventions and save IT teams time. The upcoming Windows Server 2025 will feature enhancements such as improved rollback mechanisms, better hybrid cloud integration, and security improvements, including defenses against emerging threats and support for zero-trust models. Microsoft has updated its guidelines for administrators to emphasize controlled upgrade paths and has released evaluation versions for testing. The integration of AI-powered features in updates is intended to enhance user experiences. Feedback from the community is mixed, with some expressing skepticism about potential disruptions to stable legacy systems. Ongoing refinements are being made based on user feedback to address concerns.

Winsage

August 24, 2025

Microsoft confirms latest Windows 11 update is tanking streaming app performance

Microsoft's August 2025 Patch has introduced over 100 vulnerabilities, including a zero-day exploit affecting Windows Kerberos. Users have reported significant performance declines in streaming applications, particularly OBS and NDI Tools, characterized by severe lag and stuttering during streaming sessions when using the NDI protocol. Microsoft acknowledged that these issues arise after installing the update, specifically noting that severe stuttering, lag, and choppy audio/video may occur when using NDI for streaming or transferring audio/video feeds between PCs. The NDI team confirmed a drop in traffic linked to the Reliable User Datagram Protocol (RUDP), which is the default communication method for NDI, with performance degradation observed exclusively with RUDP connections. Microsoft has suggested potential workarounds, but a definitive fix may take time to implement.

Winsage

August 19, 2025

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft

Microsoft has identified a sophisticated malware called PipeMagic, disguised as a ChatGPT desktop application, linked to the threat actor Storm-2460, who is preparing for ransomware attacks. This malware exploits a zero-day vulnerability (CVE-2025-29824) affecting the Windows Common Log File System Driver (CFLS), first disclosed in April. PipeMagic has targeted sectors such as information technology, financial, and real estate across the U.S., Europe, South America, and the Middle East. It emerged in 2022 during attacks on Asian entities and resurfaced in September 2024. Victims see a blank screen upon opening the malicious application, complicating detection. Hackers modified an open-source ChatGPT project to embed malicious code that activates the malware, allowing privilege escalation and ransomware deployment. Kaspersky reported that PipeMagic was used in a RansomExx ransomware campaign, and Symantec noted its exploitation by the Play ransomware group.

Tech Optimizer

July 11, 2025

Google fixes another Chrome security flaw being actively exploited

Google has addressed a critical vulnerability in its Chrome browser, identified as CVE-2025-6554, which is the fourth zero-day exploit uncovered this year. This high-severity flaw originates from a type confusion bug within Chrome's V8 JavaScript engine, allowing attackers to execute malicious code or access sensitive areas of a system. Google has rolled out an emergency update for Chrome users across Windows, Mac, and Linux platforms. The latest stable versions addressing this exploit are 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux. Users are urged to update their browsers and verify they are running the most recent version. Additionally, it is recommended to install reliable antivirus software for enhanced protection against cyber threats.

Winsage

June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.