Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one i...

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the...

Vulnerabilities fixed in Microsoft System Center

Microsoft has fixed vulnerabilities in System Center Configuration Manager. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, potentially gaining access to sensitive data or executing arbitrary code with elevated privileges. For successful misuse, the...

ToolShell: Details of CVEs affecting SharePoint servers

Update 2025/07/22: Microsoft has released a security update for Sharepoint Enterprise Server 2016. The update, with the ID KB5002760, is available in the following link . Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal...

KLA85942 PE vulnerability in Microsoft Office

Privilege escalation vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to bypass security restrictions, gain privileges. Original advisories CVE-2025-53762 Related products Microsoft-Office Microsoft-Outlook Microsoft-Excel Microsoft-Word...

Microsoft Patch Tuesday, July 2025 Edition

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they...

GitHub: CVE-2025-27614 Gitk Arbitrary Code Execution Vulnerability

CVE-2025-27614 is regarding a vulnerability in Gitk where a Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking gitk filename, where filename has a particular structure. GitHub created th...

PT-2025-28469 · Microsoft · Asp.Net Core

Name of the Vulnerable Software and Affected Versions: ASP.NET Core affected versions not specified Description: The issue concerns weak authentication in End Of Life EOL ASP.NET Core, allowing an unauthorized attacker to elevate privileges over a network. It affects only EOL software components...

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now...

Patch Tuesday, May 2025 Edition

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesse...

Microsoft Security Update Validation Report April 2025

Microsoft’s April 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

April 8, 2025—KB5055519 (OS Build 17763.7136) - EXPIRED

April 8, 2025—KB5055519 OS Build 17763.7136 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. Support for Windows 10...

Exploit for CVE-2022-30190

ICT287CVE-2022-30190Exploit Project on CVE-2022-30190 exploi...

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 (KB5002667)

Description of the security update for SharePoint Server 2019 Language Pack: January 14, 2025 KB5002667 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

PT-2025-1110

Name of the Vulnerable Software and Affected Versions Howyar UEFI Application "Reloader" 32-bit and 64-bit versions prior to January 2025 Description A vulnerability exists in the Howyar UEFI Application "Reloader" that allows for the execution of unsigned software in a hardcoded path. This flaw,...

KB5050109: Servicing stack update for Windows 10, version 1607 and Windows Server 2016: January 14, 2025

KB5050109: Servicing stack update for Windows 10, version 1607 and Windows Server 2016: January 14, 2025 Support for Windows 10 has ended on October 14, 2025 After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes...

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2024-49138. There are no details about this vulnerability yet. Strictly speaking, there was another...

Description of the security update for SharePoint Server 2019 Language Pack: December 10, 2024 (KB5002664)

Description of the security update for SharePoint Server 2019 Language Pack: December 10, 2024 KB5002664 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, and Microsoft SharePoint informatio...

Microsoft Security Update Validation Report October 2024

Microsoft’s October 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in two Developer tools. Successful exploitation requires the malicious party to trick the victim into opening and processing a rogue file. Azure IoT SDK: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...