zero-day flaw Archives

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Tech Optimizer

May 5, 2026

AI finds 20-year-old bugs in PostgreSQL and MariaDB

Patches have been released for all identified vulnerabilities in PostgreSQL and MariaDB, with strong recommendations for users to upgrade to the latest fixed versions. A zero-day flaw in PostgreSQL, classified as CVE-2026-2005, is a heap-based buffer overflow issue in the "pgcrypto" extension. This vulnerability allows attackers to exploit specially crafted input, leading to out-of-bounds writes and potential remote code execution on the database server. It affects all supported versions of PostgreSQL and has been addressed in updates v18.2, v17.8, v16.12, v15.16, and v14.21. The flaw has a high-severity rating of CVSS 8.8 out of 10 and has existed since 2005.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 10, 2025

Microsoft Patch Tuesday, December 2025 Edition

Microsoft released a significant update addressing 56 security vulnerabilities across its Windows operating systems and supported software. This update includes a patch for a zero-day exploit, CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later versions. Throughout 2025, Microsoft has patched a total of 1,129 vulnerabilities, marking an 11.9% increase from the previous year. Three vulnerabilities were classified as critical: CVE-2025-62554 and CVE-2025-62557 related to Microsoft Office, and CVE-2025-62562 related to Microsoft Outlook. Several non-critical privilege escalation vulnerabilities were identified as likely to be exploited, including CVE-2025-62458, CVE-2025-62470, CVE-2025-62472, CVE-2025-59516, and CVE-2025-59517. Another vulnerability, CVE-2025-64671, was found in the Github Copilot Plugin for Jetbrains, allowing remote code execution. Additionally, CVE-2025-54100 is a remote code execution bug in Windows Powershell affecting Windows Server 2008 and later.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

Update Windows ASAP to Patch Another Zero-Day Vulnerability

Microsoft's November Patch Tuesday release addresses a total of 63 vulnerabilities, including a zero-day flaw (CVE-2025-62215) that allows elevation of privilege through a race condition in the Windows Kernel. The vulnerabilities include 29 elevation of privilege, 2 security feature bypass, 16 remote code execution, 11 information disclosure, 2 denial of service, and 3 spoofing vulnerabilities. Four vulnerabilities are classified as "critical." Windows 11 users will receive updates such as a scrollable Start menu and enhancements to File Explorer and other features. Microsoft has ended support for Windows 10, but Extended Security Updates are available until October 13, 2026, for those who opted in.

Winsage

October 31, 2025

Windows zero-day actively exploited to spy on European diplomats

A China-linked hacking group, identified as UNC6384 or Mustang Panda, is exploiting a Windows zero-day vulnerability (CVE-2025-9491) to target European diplomats, particularly in Hungary, Belgium, Serbia, Italy, and the Netherlands. The attacks are initiated through spearphishing emails that disguise malicious LNK files as legitimate invitations to NATO and European Commission events. Once activated, these files allow the deployment of the PlugX remote access trojan (RAT), enabling persistent access to compromised systems for surveillance and data extraction. The vulnerability requires user interaction to exploit and resides in the handling of .LNK files, allowing attackers to execute arbitrary code remotely. As of March 2025, the vulnerability is being exploited by multiple state-sponsored groups and cybercrime organizations, but Microsoft has not yet released a patch for it. Network defenders are advised to restrict the use of .LNK files and block connections from identified command-and-control infrastructure.

Winsage

October 16, 2025

Patch Tuesday: Windows 10 end of life pain for IT departments

Microsoft has ceased support for Windows 10 and released a significant Patch Tuesday update addressing several zero-day vulnerabilities, including CVE-2025-24990, which involves a legacy device driver that has been completely removed from Windows. This driver, the Agere Modem driver (ltmdm64.sys), supports hardware from the late 1990s and early 2000s and has not kept pace with modern security practices. The removal of the driver is a strategic decision to reduce security risks associated with outdated components, as patching such legacy code can lead to instability and may not effectively resolve vulnerabilities. Another vulnerability addressed in the update is CVE-2025-2884, related to the Trusted Platform Module (TPM) 2.0 reference implementation. Additionally, CVE-2025-49708, a critical vulnerability in the Microsoft Graphics Component with a CVSS score of 9.9, poses severe risks by allowing a full virtual machine escape, enabling attackers to gain system privileges on the host server from a low-privilege guest VM. Security experts recommend prioritizing patches for this vulnerability to maintain the integrity of virtualization security.

Winsage

August 15, 2025

Microsoft patches more than 100 Windows security flaws – update your PC now

Microsoft's August Patch Tuesday update addresses 107 vulnerabilities in Windows, including 13 critical ones. It affects all current versions of Windows, including Windows 10, Windows 11, and Windows Server. The update fixes security issues in components like File Explorer, Remote Desktop, and Hyper-V, as well as bugs in Microsoft Office, Edge, and Teams. Nine critical vulnerabilities involve remote code execution. One vulnerability, CVE-2025-53779, is a zero-day flaw in the Windows Kerberos authentication system that could grant domain administrator privileges if exploited. The update also introduces new features, including a revamped error screen called the Black Screen of Death and Quick Machine Recovery for troubleshooting boot failures. Users can check for the update in the Windows Update section of Settings.