< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2057 articles · page 21 of 103

Critical RCE in Weaver E-cology Exploited Since March

🔒 Researchers observed exploitation of a critical unauthenticated RCE (CVE-2026-22679) in Weaver E-cology 10.0 beginning in mid-March, days after the vendor released a patch and before public disclosure. Attackers abused an exposed debug API that allowed user-supplied parameters to reach backend RPC handlers and be executed as system commands, performing discovery and attempting PowerShell-based payloads and an MSI deployment. The vendor's update (build 20260312) removes the debug endpoint entirely, and administrators are urged to apply the update immediately.
read more →

Progress patches critical MOVEit Automation flaws urgently

⚠️ Progress Software issued updates for MOVEit Automation to address two vulnerabilities: a critical authentication bypass (CVE-2026-4670, CVSS 9.8) and an improper input validation flaw that could enable privilege escalation (CVE-2026-5174, CVSS 7.7). Affected branches include releases <=2025.1.4, <=2025.0.8, and <=2024.1.7; fixes are available in 2025.1.5, 2025.0.9, and 2024.1.8. Airbus SecLab researchers reported the issues, and Progress states there are no workarounds and no confirmed in-the-wild exploitation; administrators should apply updates promptly and review access to service backend command ports.
read more →

Critical MOVEit Automation Auth Bypass Patch Urged

🚨 Progress warns customers to patch a critical authentication bypass in MOVEit Automation tracked as CVE-2026-4670, affecting versions before 2025.1.5, 2025.0.9, and 2024.1.8. Remote attackers can exploit the flaw without privileges in low-complexity, no-interaction attacks. Progress says upgrading with the full installer is the only remediation and that an outage will occur during the upgrade. The vendor also released a fix for a high-severity privilege escalation, CVE-2026-5174.
read more →

CISA: 'Copy Fail' Linux Flaw Now Actively Exploited

🔒CISA warns that threat actors are actively exploiting the Linux "Copy Fail" vulnerability tracked as CVE-2026-31431. The flaw exists in the kernel's algif_aead cryptographic algorithm interface and lets unprivileged local users gain root by writing four controlled bytes to the page cache of any readable file. Theori published a "100% reliable" Python PoC; vendors are issuing kernel fixes and CISA has ordered federal patches under BOD 22-01.
read more →

Microsoft: April updates block vulnerable psmounterex.sys

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.
read more →

Microsoft Defender False-Positives Flag DigiCert Roots

🛡️ Microsoft Defender began flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha after a signature update on April 30, producing widespread false positives and, in some cases, removing certificates from Windows trust stores. Microsoft issued Security Intelligence updates 1.449.430.0 and 1.449.431.0 to resolve the detections and reportedly restore removed certificates. Administrators can force an update via Windows Security > Virus and threat protection > Protection updates.
read more →

CISA Adds Actively Exploited Linux Root Bug to KEV

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed Linux kernel vulnerability, CVE-2026-31431, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of in-the-wild activity. The privilege escalation bug, nicknamed Copy Fail, affects kernels shipped since 2017 and carries a CVSS score of 7.8; patches are available in kernel releases 6.18.22, 6.19.12, and 7.0. Security vendors warn the flaw is especially dangerous for containerized environments when the algif_aead module is exposed on hosts, and detecting exploitation is difficult because the exploit uses legitimate system calls.
read more →

Linux 'Copy Fail' CVE-2026-31431: kernel LPE across distros

🛡️ Microsoft Defender Security Research warns of CVE-2026-31431, known as 'Copy Fail', a high-severity local privilege escalation in the Linux kernel crypto subsystem that impacts many major distributions and cloud workloads. An unprivileged user can abuse AF_ALG and splice() to corrupt the page cache and deterministically escalate to root, enabling container escape and multi-tenant compromise. Apply vendor patches or block AF_ALG socket creation immediately and hunt for indicators of compromise.
read more →

Windows Shell Spoofing Vulnerability Forces Rapid Patching

⚠️ Microsoft and CISA have warned that a Windows shell spoofing vulnerability (CVE-2026-32202) is being actively exploited and has prompted a CISA directive requiring federal agencies to patch by May 12. Microsoft says exploitation can expose sensitive data though it does not allow full system takeover. Security experts caution the situation was aggravated by an incomplete earlier fix for CVE-2026-21510, creating a patch gap between vendor updates and organizational deployment. CISOs face a difficult balance between rapid remediation and careful testing to avoid service disruption, and are urged to apply interim mitigations where possible.
read more →

Microsoft fixes Remote Desktop warning display bug

🔧 Microsoft has issued a fix for a known issue that caused newly introduced Windows security warnings to render incorrectly when opening Remote Desktop (.rdp) files on multi-monitor systems with differing display scaling. The bug affected all supported Windows versions after the April 2026 cumulative updates and was addressed in the optional Windows 11 preview update KB5083631. The misrendering could hide or misalign dialog buttons and text, preventing users from interacting with the RDP security prompt designed to block risky resource redirections.
read more →

CISA Adds Linux Kernel CVE to Exploited Vulnerabilities

⚠️ CISA added CVE-2026-31431 (Linux Kernel Incorrect Resource Transfer Between Spheres) to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by required due dates; CISA notes this vulnerability type is a frequent attack vector and poses significant risk to the federal enterprise. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management and says it will continue updating the KEV Catalog as new exploitation evidence emerges.
read more →

Copy Fail: Nine-Year Linux Kernel Zero-Day Patched

🔍 A nine-year high-severity Linux kernel vulnerability called Copy Fail was discovered by Taeyang Lee of Theori using the AI code-analysis tool Xint. Assigned CVE-2026-31431, the logic bug enables an unprivileged local user with physical access to perform a deterministic four-byte write into the page cache of any readable file, potentially escalating to root. The issue affects kernels shipped since 2017; vendors have released a fix that reverts a 2017 AEAD optimization—update kernels to include commit a664bf3d603d.
read more →

Windows 11 KB5083631 Preview: 34 Fixes, Security and Perf

🔔 Microsoft released the optional cumulative preview update KB5083631 for Windows 11, delivering 34 quality improvements and fixes. Highlights include a new Xbox mode that provides a full‑screen gaming interface, improved startup app launch performance, and enhanced batch file/CMD security that prevents scripts from changing during execution. The update is optional and can be installed via Settings → Windows Update or manually from the Microsoft Update Catalog.
read more →

Trivial Linux kernel bug allows local users to gain root

⚠️ A newly disclosed Linux kernel logic flaw dubbed Copy Fail (CVE-2026-31431) enables an unprivileged local user to write four deterministic bytes into the page cache of any readable file and gain root. Theori researchers published a 732-byte Python proof-of-concept and reported the bug to the kernel team in March; patches were committed in April. Until distributions publish updates — Arch has released a patch so far — CSOs should inventory multi-tenant and container hosts, monitor for privilege escalation, and apply fixes or temporary kernel parameters where feasible.
read more →

April KB5083769 breaks third-party backup on Windows 11

⚠️ The April 2026 KB5083769 security update is causing third‑party backup applications to fail on Windows 11 (24H2 and 25H2) by triggering a VSS snapshot timeout. Vendors including Acronis, Macrium, NinjaOne and UrBackup have reported backup operations aborting with VSS timeout errors. Acronis has published guidance confirming failures on Pro and Home editions and recommends uninstalling KB5083769 and pausing updates as a temporary workaround.
read more →

Linux 'Copy Fail' LPE (CVE-2026-31431) Roots Major Distros

⚠ An exploit for a local privilege escalation called Copy Fail (CVE-2026-31431) has been published, allowing unprivileged users to obtain root on Linux kernels released since 2017. The issue was discovered by Theori using its Xint Code AI pentesting platform, reported on March 23, and patched upstream in early April by reverting an in-place crypto optimization. Researchers published a compact Python PoC that they demonstrated against multiple distributions and recommend disabling the algif_aead interface as an interim mitigation while vendors distribute kernel updates.
read more →

ABB PCM600 Path Traversal Vulnerability (CVE-2018-1002208)

⚠️ A path traversal vulnerability in ABB PCM600 (CVE-2018-1002208) could allow an attacker to deliver specially crafted messages to a system node, resulting in insertion and execution of arbitrary code. Affected releases are PCM600 versions >=1.5 and <=2.13; ABB released a fix in PCM600 2.14 (note: RE_630 relays are incompatible with 2.14). CISA rates the issue CVSS 3.1 4.4 (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N), notes exploitation is not remotely trivial, and recommends applying the vendor update or, where immediate upgrade is impractical, applying system-level and network mitigations such as segmentation, firewalls, and updated VPNs.
read more →

CISA Adds CVE-2026-41940 to Known Exploited Vulnerabilities

⚠️ CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities Catalog for a missing authentication for critical function in WebPros cPanel & WHM and WP2 (WordPress Squared). The issue has evidence of active exploitation and represents a common attack vector that can enable unauthorized access to protected functionality. Under BOD 22-01 federal agencies are required to remediate affected systems by the specified due date; CISA strongly urges all organizations to prioritize patching, apply vendor updates, and implement compensating controls promptly.
read more →

ABB AWIN Gateways: High-Risk Authentication Flaws Updates

🔒 CISA published an advisory on 2026-04-30 describing multiple authentication-related vulnerabilities in ABB AWIN Gateways that permit unauthenticated queries to disclose system configuration and, in one case, remotely reboot devices. The issues include an authentication bypass via capture-replay and missing authentication for critical functions. Affected firmware includes AWIN GW100 rev.2 (2.0-0, 2.0-1) and AWIN GW120 (1.2-0, 1.2-1); ABB released fixes (FW 2.1-0 and FW 2.0-0, Product IDs 3BNP102988R1 and 3BNP103003R1) and PSIRT advisory 4JNO000329. CISA recommends isolating devices, removing internet exposure, using secure remote access (for example, up‑to‑date VPNs), and conducting impact analysis before deploying mitigations.
read more →

ABB OPTIMAX Azure AD SSO Authentication Bypass Vulnerability

🔒 A high-severity authentication bypass (CVE-2025-14510, CVSS 8.1) affects ABB Ability OPTIMAX systems that use Azure Active Directory Single Sign-On, potentially permitting an attacker to bypass user authentication remotely. Affected builds include all 6.1 and 6.2 releases and 6.3/6.4 builds prior to 6.3.1-251120 and 6.4.1-251120. ABB has published fixes (for example, 6.3.1-251120); administrators should follow the ABB PSIRT advisory, apply available updates, and implement network segmentation and secure remote access controls while performing impact analysis prior to changes.
read more →