CyberSecurity news
FlagThis - #patch
|
@cyberscoop.com
//
Microsoft has issued its July 2025 Patch Tuesday updates, a crucial monthly release that addresses a significant number of vulnerabilities across its product lines. This release tackles a total of 130 CVEs, with 10 of them classified as critical. Notably, while no vulnerabilities were reported as actively exploited in the wild at the time of the release, one flaw in Microsoft SQL Server (CVE-2025-49719) has been publicly disclosed. This information disclosure vulnerability, rated as important with a CVSS score of 7.5, means that technical details are available, potentially increasing the risk of future exploitation. Organizations should prioritize patching this vulnerability, particularly as it affects SQL Server versions 2016 through 2022 and does not require authentication to exploit, potentially exposing sensitive data like credentials.
Among the critical vulnerabilities addressed, a particularly concerning one is a remote code execution (RCE) flaw in Windows SPNEGO Extended Negotiation (NEGOEX), designated CVE-2025-47981. This vulnerability carries a high CVSS score of 9.8 and is described as a heap-based buffer overflow, allowing an unauthenticated attacker to execute code remotely on a target system with low attack complexity and no user interaction. The nature of this flaw makes it a prime target for attackers seeking initial access or lateral movement within networks. Microsoft has also highlighted critical RCE vulnerabilities in Microsoft Office, with several rated as "more likely" to be exploited, including some that can be triggered via the preview pane without requiring a user to open a document, posing a significant risk to users' security. The July Patch Tuesday also includes fixes for vulnerabilities in Microsoft SharePoint, with an RCE flaw that requires authenticated access but could allow an attacker to execute code on the server. Additionally, vulnerabilities impacting Windows Hyper-V and other system components have been addressed. With a total of 130 CVEs patched, including numerous critical flaws, it is imperative for all organizations to review and apply these updates promptly to protect their systems and data from potential exploitation. The proactive patching of these vulnerabilities is essential for maintaining a strong security posture against the ever-evolving threat landscape. Recommended read:
References :
@msrc.microsoft.com
//
Microsoft has released its May 2025 Patch Tuesday updates, addressing a total of 71 or 72 vulnerabilities, depending on the source, across its software. This includes fixes for five actively exploited zero-day vulnerabilities and two publicly known vulnerabilities. The updates target flaws in various Windows components, including the Windows Common Log File System (CLFS), DWM Core Library, Scripting Engine, and Winsock.
Among the critical issues addressed are elevation of privilege (EoP) and remote code execution (RCE) vulnerabilities. Specifically, two zero-days in the CLFS (CVE-2025-32701 and CVE-2025-32706) allow attackers to gain SYSTEM privileges. Another zero-day (CVE-2025-30400) is a use-after-free vulnerability in the Windows Desktop Window Manager (DWM) Core Library, which can also lead to privilege escalation. A scripting engine memory corruption vulnerability (CVE-2025-30397) could allow for remote code execution if a user visits a malicious web page while using Internet Explorer mode in Edge. The Cybersecurity and Infrastructure Security Agency (CISA) has added all five exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging administrators to patch these flaws by June 3, 2025. Security experts emphasize the importance of prioritizing these updates to prevent potential privilege escalation, code execution, and other malicious activities. The identified vulnerabilities highlight the ongoing risk posed by CLFS exploitation and the need for continuous monitoring and patching efforts. Recommended read:
References :
@support.broadcom.com
//
Broadcom has issued an urgent patch to address a moderate-severity vulnerability, CVE-2025-22247, affecting VMware Tools versions 11.x.x and 12.x.x. The flaw, characterized as an insecure file handling vulnerability, could be exploited by attackers with limited access within a guest virtual machine (VM). This could allow them to tamper with local files and trigger insecure file operations, potentially leading to further security breaches within the virtual environment. The vulnerability impacts VMware Tools running on Windows and Linux operating systems, while macOS is reportedly unaffected.
Broadcom's security advisory highlights that VMware Tools contains this insecure file handling vulnerability which can be exploited by an attacker with non-administrative privileges within a guest VM. The successful exploitation of CVE-2025-22247 could allow the attacker to tamper with local files, leading to unauthorized actions. VMware has released VMware Tools version 12.5.2 to remediate this vulnerability. For Windows 32-bit systems, the fix is included in VMware Tools 12.4.7, also part of the 12.5.2 release. For Linux systems, the advisory notes that updates addressing CVE-2025-22247 will be distributed by individual Linux vendors. It is crucial for Linux users to stay informed about updates from their respective distribution vendors. System administrators are urged to take immediate action by updating to the latest versions of VMware Tools to mitigate the risks associated with this vulnerability. Sergey Bliznyuk of Positive Technologies has been credited for reporting the vulnerability. Recommended read:
References :
@cyberscoop.com
//
References:
cyberscoop.com
, securityaffairs.com
,
SonicWall customers are facing a resurgence of actively exploited vulnerabilities, posing a significant threat to their network security. The company recently addressed three flaws in its Secure Mobile Access (SMA) 100 appliances, including a potential zero-day vulnerability. These vulnerabilities can be chained together to achieve remote code execution, potentially granting attackers root-level access to affected systems. The network security vendor has been making frequent appearances on CISA's Known Exploited Vulnerabilities catalog.
Multiple security flaws in SMA 100 Series devices have been actively exploited recently. The disclosed vulnerabilities, identified as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, affect SMA 100 appliances and could enable attackers to run code as root. Specifically, CVE-2025-32819 allows for arbitrary file deletion, potentially resetting the device to factory settings, while CVE-2025-32820 enables overwriting system files, potentially causing denial-of-service. CVE-2025-32821 can lead to shell command injections, further facilitating remote code execution. SonicWall has released patches for these vulnerabilities in version 10.2.1.15-81sv. Security researchers at Rapid7 discovered the vulnerabilities and worked with SonicWall to validate the effectiveness of the patches before public disclosure. Users of SMA 100 series devices, including SMA 200, 210, 400, 410, and 500v, are strongly advised to update their systems to the latest version to mitigate the risk of exploitation. CISA has added SonicWall SMA100 flaws to its Known Exploited Vulnerabilities catalog and urges federal agencies to remediate these issues immediately. Recommended read:
References :
CISA@All CISA Advisories
//
CISA has added two new vulnerabilities, CVE-2024-38475 and CVE-2023-44221, to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect Apache HTTP Server and SonicWall SMA100 series appliances, posing significant risks to organizations that utilize these technologies. The agency is urging organizations to take immediate action to mitigate potential exploits. The addition to the KEV catalog highlights the active exploitation of these flaws in the wild, increasing the urgency for patching and remediation.
The vulnerabilities impacting SonicWall SMA 100 devices are particularly concerning due to the potential for complete system takeover and session hijacking. Cybersecurity researchers at watchTowr have discovered that malicious actors are actively combining these vulnerabilities. CVE-2024-38475, an Apache HTTP pre-authentication arbitrary file read vulnerability discovered by Orange Tsai, allows unauthorized file reading. CVE-2023-44221, a post-authentication command injection flaw discovered by Wenjie Zhong (H4lo) of DBappSecurity Co., Ltd, enables attackers to execute arbitrary commands on affected systems. The combination of these two vulnerabilities allows attackers to extract sensitive information, such as administrator session tokens, effectively bypassing login credentials. Once this initial foothold is established, the command injection vulnerability can be exploited to execute arbitrary commands, potentially leading to session hijacking and full system compromise. The vulnerabilities affect SMA 100 series appliances, including models SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v. watchTowr has warned of active exploitation of these vulnerabilities, urging organizations to apply available patches to secure their systems. Recommended read:
References :
|