Microsoft and Adobe Patch Tuesday, April 2025 Security Update Review

Microsoft's April 2025 Patch Tuesday has arrived, delivering critical security updates and fixes across the various products, features, and roles. Here's a quick breakdown of what you need to know. Microsoft Patch Tuesday for April 2025 In this month's Patch Tuesday, April 2025 edition, Microsoft...

Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft marked as "critical". In this month's release, none of the included vulnerabilities have been observed by Microsoft to be exploited in...

11 Nation-State Hackers Exploit Unpatched Windows Flaw Since 2017

Microsoft refuses to patch serious Windows shortcut vulnerability abused in global espionage campaigns!...

Microsoft and Adobe Patch Tuesday, March 2025 Security Update Review

March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for March 2025 Microsoft Patch's Tuesday, March 2025 edition addresse...

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: EoP - Windows Ancillary Function Driver for WinSock CVE-2025-21418 EoP - Windows Storage CVE-2025-21391 There are no vulnerabilities with public exploits, but there are 7 with private...

Microsoft's Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rat...

svcrdma: Address an integer overflow

...

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical

The Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft's December Patch Tuesday, a public exploit for it appeared on...

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 vulnerability from the December Microsoft Patch Tuesdaya month later? Almost nothing. This is a vulnerability in a standard Windows component, available in all versions starting with...

January Microsoft Patch Tuesday

January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild: EoP - Windows Hyper-V NT Kernel Integration VSP CVE-2025-21333, CVE-2025-21334, CVE-2025-21335. No details yet. No vulnerabilities have public exploits. 5 have private ones: Security...

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2024-49138. There are no details about this vulnerability yet. Strictly speaking, there was another...

PT-2024-9321

Name of the Vulnerable Software and Affected Versions Windows Common Log File System Driver affected versions not specified Description The vulnerability is an elevation-of-privilege issue in the Windows Common Log File System Driver. It allows attackers to gain SYSTEM privileges on Windows...

CVE-2024-49040

creationtimestamp| type| source ---|---|--- 2024-11-12 17:59:10+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113471281510766374 2024-11-12 18:26:35+00:00| seen| https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review 2024-11-12 19:44:17+00:00| seen|...

PT-2024-8082 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a Windows Registry Elevation of Privilege vulnerability, which is caused by errors in synchronization when using a shared resource. This vulnerability can be exploit...

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege - Windows Kernel-Mode Driver CVE-2024-35250 vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname...

What NIST’s latest password standards mean, and why the old ones weren’t working

Say goodbye to the days of using the "@" symbol to mean "a" in your password or replacing an "S" with a "$." The U.S. National Institute of Standards and Technology NIST recently announced new guidelines for the ways website and organizations should handle password creation and management that wi...

Security Updates for Outlook (August 2024)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

CVE-2024-38193

creationtimestamp| type| source ---|---|--- 2024-08-13 18:05:01+00:00| seen| https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review 2024-08-13 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-08-13 21:18:33+00:00| seen| https://t.me/cvedetector/3065...

Windows update may present users with a BitLocker recovery screen

Some Windows users may see a BitLocker Recovery screen after applying the Microsoft patch Tuesday updates. BitLocker is a Windows security feature that encrypts entire drives. It prevents someone that has obtained a stolen or lost device from reading the files stored on that drive. Unfortunately,...