CyberSecurity news

FlagThis - #patchtuesday

@The DefendOps Diaries //

Microsoft's March Patch Tuesday Addresses Zero-Days - Microsoft's March 2025 Patch Tuesday addressed 57 flaws, including seven actively exploited zero-day vulnerabilities.
Microsoft's March 2025 Patch Tuesday has addressed 57 flaws, including seven zero-day vulnerabilities that were already being actively exploited. These zero-day flaws highlight the importance of applying security updates in a timely manner. Three critical vulnerabilities were remote code execution vulnerabilities, posing a high risk that could lead to full system compromise if exploited. One notable zero-day vulnerability is the Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2025-24983), which could allow attackers to gain SYSTEM privileges through a race condition.

Microsoft has also announced that it will drop support for the Remote Desktop app, available through the Microsoft Store, on May 27th. The current app will be replaced with the new Windows App, designed for work and school accounts. Microsoft is encouraging users to review the known issues and limitations of the Windows App to understand any feature gaps that may create challenges during migration. The Windows App is intended to connect to Azure Virtual Desktop, Windows 365, Microsoft Dev Box, Remote Desktop Services, and remote PCs.

Recommended read:
References :
  • isc.sans.edu: Microsoft Patch Tuesday: March 2025, (Tue, Mar 11th)
  • The DefendOps Diaries: Microsoft's March 2025 Patch Tuesday: Addressing Critical Vulnerabilities
  • BleepingComputer: Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
  • CyberInsider: Microsoft March 2025 ‘Patch Tuesday’ Updates Fix Six Actively Exploited Flaws
  • Tenable Blog: Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)
  • bsky.app: Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.
  • krebsonsecurity.com: Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
  • Blog RSS Feed: March 2025 Patch Tuesday Analysis
  • Threats | CyberScoop: Microsoft patches 57 vulnerabilities, including 6 zero-days
  • The Register - Software: Choose your own Patch Tuesday adventure: Start with six zero-day fixes, or six critical flaws
  • hackread.com: March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days
  • www.kaspersky.com: Main vulnerabilities from Microsoft's March Patch Tuesday | Kaspersky official blog
  • Rescana: Microsoft March 2025 Patch Tuesday: Zero-Day Exploitation Analysis in WinDbg, ASP.NET Core, and Remote Desktop
  • socradar.io: March 2025 Patch Tuesday: Microsoft Fixes 6 Critical & 6 Exploited Security Vulnerabilities
  • Security | TechRepublic: Microsoft's March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential.
  • Davey Winder: Microsoft has confirmed that no less than six zero-day vulnerabilities are exploiting Windows users in the wild. Here’s what you need to know and do.
  • : Microsoft Patches a Whopping Seven Zero-Days in March
  • Blog: As part of its monthly Patch Tuesday event, Microsoft has fixed 57 vulnerabilities. Among them are six actively exploited zero-day vulnerabilities
  • Arctic Wolf: Microsoft Patch Tuesday: March 2025
@securityonline.info //

Progress Software Patches High-Severity LoadMaster Flaws - Multiple high-severity vulnerabilities in Progress Software's LoadMaster software could allow attackers to execute arbitrary system commands through improper input validation; patches are available and should be applied immediately.
Progress Software has released patches to address multiple high-severity vulnerabilities in its LoadMaster software. These flaws could allow remote, authenticated attackers to execute arbitrary system commands on affected systems. The vulnerabilities stem from improper input validation, where attackers who gain access to the management interface can inject malicious commands via crafted HTTP requests.

The affected software includes LoadMaster versions from 7.2.48.12 and prior, 7.2.49.0 to 7.2.54.12 (inclusive), and 7.2.55.0 to 7.2.60.1 (inclusive), as well as Multi-Tenant LoadMaster version 7.1.35.12 and prior. Progress Software has implemented input sanitization to mitigate these vulnerabilities, preventing arbitrary system commands from being executed. Users are advised to update to the latest patched versions to ensure the security of their systems.

Recommended read:
References :
  • community.progress.com: Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection Remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate could issue a carefully crafted HTTP request that allows arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed.   We have not received any reports that these vulnerabilities have been exploited and we are not aware of any direct impact on customers.
  • securityaffairs.com: Progress Software fixed multiple high-severity LoadMaster flaws - SecurityAffairs
  • securityonline.info: Progress LoadMaster Security Update: Multiple Vulnerabilities Addressed - SecurityOnline
  • The Hacker News: Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions - The Hacker News
  • securityonline.info: Security Online Article about Progress LoadMaster Security Update
  • : Progress security advisory "05" February 2024: (8.4 high) Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection
@arcticwolf.com //

Microsoft February 2025 Patch Tuesday Addresses Multiple Vulnerabilities - Microsoft released its February 2025 security update, addressing 63 vulnerabilities, two of which were actively exploited in the wild.
References: Arctic Wolf , isc.sans.edu ,
Microsoft has released its February 2025 security update, addressing a total of 63 newly disclosed vulnerabilities. This update, released on February 11th, includes patches for various Microsoft products. Arctic Wolf has highlighted three vulnerabilities in this security bulletin that affect Microsoft Windows and are classified as critical or have been exploited in the wild.

Among the vulnerabilities addressed, two are actively being exploited, including CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability, and CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability. Users are strongly advised to apply these updates promptly to mitigate the risk posed by these threats. This month, Microsoft has released patches addressing a total of 141 vulnerabilities.

Recommended read:
References :
  • Arctic Wolf: Microsoft Patch Tuesday: February 2025
  • isc.sans.edu: Microsoft February 2025 Patch Tuesday, (Tue, Feb 11th)
  • Tenable Blog: Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
CISO2CISO Editor 2@ciso2ciso.com //

Oracle Addresses 318 Vulnerabilities in January Patch Update - Oracle is addressing 320 new vulnerabilities in its January patch update, affecting over 90 products and services, highlighting the need for robust vulnerability management.
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 new security vulnerabilities across over 90 products and services within 27 categories. The update includes patches for roughly 200 unique CVEs. The vulnerabilities affect a wide range of Oracle products, including its Communications applications, Construction and Engineering appliances, middleware and servers, and the E-Business Suite. This update is critical for organizations using Oracle products, highlighting the importance of robust vulnerability management and patching procedures.

The severity of the addressed vulnerabilities varies, with some having a CVSS score of 4 to 6 while others are considered critical. The most severe vulnerability, with a CVSS score of 9.9, affects the Oracle Agile Product Lifecycle Management (PLM) Framework, allowing a low-privileged attacker to compromise susceptible instances via HTTP. Oracle is urging customers to apply the Critical Patch Update as soon as possible, as some older Oracle flaws remain unpatched on some networks as evidenced by the US Cybersecurity and Infrastructure Security Agency (CISA) adding an older vulnerability in Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog.

Recommended read:
References :
  • ciso2ciso.com: Oracle To Address 320 Vulnerabilities in January Patch Update
  • ciso2ciso.com: Software giant Oracle is expected to release patches for 320 new security vulnerabilities affecting over 90 products and services across 27 categories.
  • The Hacker News: Oracle releases January 2025 patch to address 300+ vulnerabilities
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products – Source:thehackernews.com
  • ciso2ciso.com: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Blogs

Research Tools