2925 matches found
KLA90821 DoS vulnerability in Microsoft Browser
Denial of service vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-14174 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Edge CVE list CVE-2025-14174 critical...
KB5074204: Security Update for Windows PowerShell (OS Builds 26100.7392 and 26200.7392)
None None...
October 14, 2025—KB5066782 (OS Build 20348.4294)
October 14, 2025—KB5066782 OS Build 20348.4294 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the pa...
October 14, 2025—KB5066835 (OS Builds 26200.6899 and 26100.6899)
October 14, 2025—KB5066835 OS Builds 26200.6899 and 26100.6899 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business...
KLA90816 ACE vulnerability in Microsoft Copilot Plugin
A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2025-64671 Related products GitHub-Copilot-Plugin CVE list CVE-2025-64671 critical KB list Solution Install necessary...
KLA90815 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof us...
New ClickFix wave infects users with hidden malware in images and fake Windows updates
Several researchers have flagged a new development in the ongoing ClickFix campaign: Attackers are now mimicking a Windows update screen to trick people into running malware. ClickFix campaigns use convincing lures, historically “Human Verification” screens, and now a fake “Windows Update” splash...
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites xHamster,...
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
A recently patched security flaw in Microsoft Windows Server Update Services WSUS has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence...
KLA90453 SUI vulnerability in Microsoft Windows
A spoofing vulnerability vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2025-62459 Related products Microsoft-365 CVE list CVE-2025-62459 high Solution Install necessary updates from the KB section, tha...
November 20, 2025—KB5070312 (OS Build 22631.6276) Preview
November 20, 2025—KB5070312 OS Build 22631.6276 Preview This non-security update for Windows 11, version 23H2 KB5070312, improves functionality, performance, and reliability. To learn more about differences between security updates, optional non-security preview updates, Out-of-band OOB...
Metasploit Wrap-Up 11/14/2025
It has “SUS” in the name, what did you expect? This week’s release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service WSUS vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the...
📄 Windows Server Update Service Deserialization Remote Code Execution
This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...
2025-11 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5068781)
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...
KB5068781: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (November 2025)
The remote Windows host is missing security update 5068781. It is, therefore, affected by multiple vulnerabilities - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208,...
KLA90053 PE vulnerability in Microsoft SQL Server
An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-59499 Related products Microsoft-SQL-Server Microsoft-Azure CVE list CVE-2025-59499 critical KB list 5068405 5068403 5068401...
KLA90054 ACE vulnerability in Microsoft Azure
A remote code execution vulnerability was found in Microsoft Azure Monitor Agent. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2025-59504 Related products Microsoft-Azure Azure-Monitor Azure-Monitor-Agent CVE list CVE-2025-59504 high Solution...
KLA90061 PE vulnerability in Microsoft System Center
An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47179 Related products Microsoft-Configuration-Manager CVE list CVE-2025-47179 high Solution Install necessary updates from...
Intel® System Support Utility Advisory
Summary: A potential security vulnerability for the Intel® System Support Utility may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24842 Description: Uncontrolled search path for the Intel® Syst...
KLA90058 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Dynamics 365 Field Service...