We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

zero-day flaws

Microsoft Just Uninstalled Copilot From Your PC
Winsage
March 18, 2025

Microsoft Just Uninstalled Copilot From Your PC

Microsoft's Patch Tuesday update addressed 57 security vulnerabilities, including seven critical zero-day flaws, and is recommended for all Windows users. Users who installed updates KB5053598 for Windows 11 or KB5053606 for Windows 10 may find that Copilot has been unpinned from the taskbar and uninstalled. Microsoft stated that this issue does not affect the Microsoft 365 Copilot app. The company is working on a new update to restore access to Copilot, but users can reinstall it from the Microsoft Store. Some users are looking for ways to disable Copilot, and tools are available for its removal.
Don't ignore Microsoft's February Patch Tuesday - it's a big one for all Windows 11 users
Winsage
February 13, 2025

Don’t ignore Microsoft’s February Patch Tuesday – it’s a big one for all Windows 11 users

Microsoft's February Patch Tuesday updates, released on February 11, include KB5051987 for Windows 11 24H2 and KB5051989 for Windows 11 23H2. The updates introduce enhancements to the Taskbar and File Explorer, including improved previews and animations for Taskbar icons, a new icon in the System Tray for Windows Studio Effects, and a new simplified Chinese font named Simsun-ExtG. A feature allowing certain applications to automatically restart after signing back in has also been added. File Explorer now includes a "New Folder" command in the context menu and can restore previously open tabs at logon. The updates fix various bugs, including issues with Auto HDR in games, playback interruptions for USB audio devices, and problems with USB audio drivers. They also address issues from the January 2025 security update, such as USB camera recognition and slower shutdown processes with connected controllers. On the security side, the update resolves 56 vulnerabilities, three of which are critical. Notable vulnerabilities include CVE-2025-21391 (file deletion), CVE-2025-21418 (remote code execution), CVE-2025-21377 (authentication spoofing), and CVE-2025-21376 (malicious code execution). The updates are set to install automatically, but users can check for updates manually through Windows Update.
Windows 11 update fixes two actively exploited vulnerabilities, among others.
Winsage
February 11, 2025

Windows 11 update fixes two actively exploited vulnerabilities, among others.

The latest Windows 11 update, released on February 11, 2025, addresses two critical zero-day vulnerabilities that allow malicious actors to delete files and gain unrestricted system-level access. Users are encouraged to implement the update promptly for security. The update also introduces an improved taskbar preview feature for better multitasking and a new system tray icon for applications supporting Windows Studio Effects, particularly on devices with a neural processing unit.
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws
Winsage
November 13, 2024

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

On November 2024 Patch Tuesday, Microsoft addressed 91 vulnerabilities, including four critical zero-day flaws, two of which are actively exploited. The vulnerabilities are categorized as follows: 26 Elevation of Privilege, 2 Security Feature Bypass, 52 Remote Code Execution, 1 Information Disclosure, 4 Denial of Service, and 3 Spoofing. The two actively exploited vulnerabilities are: 1. CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability, which allows remote attackers to expose NTLM hashes with minimal user interaction. 2. CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability, enabling an attacker to execute a specially crafted application that elevates privileges. Three additional vulnerabilities were publicly disclosed but not exploited: 1. CVE-2024-49040 - Microsoft Exchange Server Spoofing Vulnerability. 2. CVE-2024-49019 - Active Directory Certificate Services Elevation of Privilege Vulnerability. Other companies, including Adobe, Cisco, Citrix, Dell, D-Link, Google, Ivanti, SAP, Schneider Electric, and Siemens, also released updates addressing various vulnerabilities in November 2024.
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days
Winsage
August 14, 2024

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Microsoft released an update on August 14, 2024, addressing 90 security vulnerabilities, including 10 zero-day flaws, with six actively exploited. Nine vulnerabilities are classified as Critical, 80 as Important, and one as Moderate. The six actively exploited zero-days include: - CVE-2024-38189 (CVSS score: 8.8) - Microsoft Project Remote Code Execution Vulnerability - CVE-2024-38178 (CVSS score: 7.5) - Windows Scripting Engine Memory Corruption Vulnerability - CVE-2024-38193 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability - CVE-2024-38106 (CVSS score: 7.0) - Windows Kernel Elevation of Privilege Vulnerability - CVE-2024-38107 (CVSS score: 7.8) - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability - CVE-2024-38213 (CVSS score: 6.5) - Windows Mark of the Web Security Feature Bypass Vulnerability CVE-2024-38213 allows attackers to bypass SmartScreen protections by persuading users to open malicious files. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by September 3, 2024. Four publicly known vulnerabilities include: - CVE-2024-38200 (CVSS score: 7.5) - Microsoft Office Spoofing Vulnerability - CVE-2024-38199 (CVSS score: 9.8) - Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability - CVE-2024-21302 (CVSS score: 6.7) - Windows Secure Kernel Mode Elevation of Privilege Vulnerability - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-38198 (CVSS score: 7.8) is a privilege escalation flaw in the Print Spooler component. Microsoft has not yet provided updates for CVE-2024-38202 and CVE-2024-21302. Additionally, a denial-of-service flaw in the Common Log File System driver (CVE-2024-6768, CVSS score: 6.8) could lead to system crashes. A Microsoft spokesperson stated that the DoS issue does not require immediate servicing but will be considered for future updates. Other vendors have also released security updates addressing multiple vulnerabilities.
Search