< ciso
brief />
Security Advisory and Patch Watch Banner

All news in category “Security Advisory and Patch Watch

2059 articles · page 77 of 103

Siemens Solid Edge: Improper Certificate Validation

⚠️ Siemens disclosed an improper certificate validation vulnerability in Solid Edge SE2025 that could enable unauthenticated remote man-in-the-middle attacks against the product's license service connections. The issue is tracked as CVE-2025-40744 and carries a CVSS v3.1 base score of 7.5 and a CVSS v4 base score of 8.7, indicating high impact and low attack complexity. Siemens recommends updating to V225.0 Update 11 or later and restricting network access to licensing endpoints; CISA also advises network segmentation, use of secure remote access, and standard anti-phishing protections. No known public exploitation targeting this vulnerability has been reported.
read more →

Siemens Spectrum Power 4 Vulnerabilities and Patches

🔒 Siemens disclosed multiple vulnerabilities in Spectrum Power 4 that allow privilege escalation and remote command execution in affected versions prior to V4.70 SP12 Update 2. Several issues carry high severity ratings (CVSS v4 up to 8.7) and include weaknesses such as incorrect privilege and permission assignments (CWE-266, CWE-732), incorrect use of privileged APIs (CWE-648), and inclusion of untrusted control-sphere functionality (CWE-829). Siemens recommends updating to V4.70 SP12 Update 2 and limiting network exposure; CISA reiterates defensive best practices.
read more →

Rockwell FactoryTalk Policy Manager DoS Vulnerability

⚠ Rockwell Automation reported a remotely exploitable vulnerability (CVE-2024-22019) in FactoryTalk Policy Manager that can lead to resource exhaustion and denial of service. The issue stems from Node.js HTTP handling of chunked transfer encoding (CWE-404) that permits unbounded reads from a single connection. Affected releases include Version 6.51.00 and earlier; Rockwell corrected the issue in Version 6.60.00. CISA assigns a high severity rating (CVSS v4 8.7) and recommends upgrading, minimizing network exposure, and isolating control networks behind firewalls.
read more →

CISA Alerts Agencies to Exploited WatchGuard Firewall Flaw

🔔 CISA has warned federal agencies to patch a critical, actively exploited vulnerability in WatchGuard Firebox firewalls that permits remote code execution through an out-of-bounds write in Fireware OS 11.x (EOL), 12.x, and 2025.1. The agency added CVE-2025-9242 to its Known Exploited Vulnerabilities catalog and imposed a three-week remediation deadline under BOD 22-01. WatchGuard released patches on September 17 but only marked the flaw as exploited on October 21. Internet scans tracked over 75,000 vulnerable appliances before counts fell to roughly 54,000.
read more →

CISA Adds Critical WatchGuard Fireware Flaw to KEV

🔒 CISA has added a critical WatchGuard Fireware vulnerability, CVE-2025-9242 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The out-of-bounds write in the OS iked process affects Fireware OS 11.10.2 through 11.12.4_Update1, 12.0 through 12.11.3 and 2025.1 and can allow remote unauthenticated code execution. Researchers at watchTowr Labs attribute the flaw to a missing length check on an identification buffer used during the IKE handshake, which permits a pre‑authentication code path before certificate validation. Shadowserver scans show over 54,300 vulnerable Firebox instances worldwide (about 18,500 in the U.S.), and Federal Civilian Executive Branch agencies are directed to apply WatchGuard patches by December 3, 2025.
read more →

Canon TTF Printer Vulnerability Allows Remote Code Execution

🖨️ Independent researcher Peter Geissler disclosed a critical vulnerability (CVE-2024-12649) in certain Canon printers that can be triggered simply by printing an XPS document containing a malicious TTF font. The exploit abuses TTF hinting instructions to overflow a virtual-machine stack in the printer’s font engine, allowing code execution on devices running Canon’s DryOS. Canon has issued firmware updates, but organizations should promptly patch, restrict printer exposure, and segment printers to reduce risk.
read more →

Microsoft fixes false Windows 10 end-of-support alerts

🔧 Microsoft resolved a bug that caused incorrect end-of-support warnings to appear in Windows Update settings after the October 2025 updates. The cosmetic issue affected Windows 10 22H2 devices enrolled in the Extended Security Updates (ESU) program as well as LTSC 2021 editions that remain supported, but affected systems continued to receive security updates. Microsoft issued a cloud configuration fix and on Nov 11, 2025 released KB5068781; admins can also apply a Known Issue Rollback policy if immediate deployment is required.
read more →

Amazon: APT Exploits Cisco ISE and Citrix Zero‑Days

🔒 Amazon Threat Intelligence identified an advanced threat actor exploiting undisclosed zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix products. The actor achieved pre-authentication remote code execution via a newly tracked Cisco deserialization flaw (CVE-2025-20337) and earlier Citrix Bleed Two activity (CVE-2025-5777). Following exploitation, a custom in-memory web shell disguised as IdentityAuditAction was deployed, demonstrating sophisticated evasion using Java reflection, Tomcat request listeners, and DES with nonstandard Base64. Amazon recommends limiting external access to management endpoints and implementing layered defenses and detection coverage.
read more →

Zero-day Attacks Exploit Citrix Bleed 2 and Cisco ISE

🛡️ Amazon's MadPot honeypot observed exploitation of Citrix Bleed 2 (CVE-2025-5777) and Cisco ISE (CVE-2025-20337) before public disclosure. The attacker used the ISE flaw to deploy a stealthy custom web shell named IdentityAuditAction, which registered an HTTP listener, used Java reflection to inject into Tomcat threads, and relied on DES with non-standard base64 encoding for concealment. Apply vendor patches and limit edge device access through layered firewall controls.
read more →

Amazon: Threat Actor Exploited Cisco and Citrix Zero-Days

⚠️ Amazon's threat intelligence team disclosed that it observed an advanced threat actor exploiting two zero-day vulnerabilities in Citrix NetScaler ADC (CVE-2025-5777) and Cisco Identity Services Engine (CVE-2025-20337) to deploy a custom web shell. The backdoor, disguised as an IdentityAuditAction component, operates entirely in memory, uses Java reflection to inject into running threads, and registers a Tomcat listener to monitor HTTP traffic. Amazon observed the activity via its MadPot honeypot, called the actor highly resourced, and noted both flaws were later patched by the vendors.
read more →

CISA Issues Guidance on Cisco ASA and Firepower Risks

⚠️ CISA released Implementation Guidance for Emergency Directive 25‑03 addressing ongoing exploitation of Cisco ASA and Firepower devices, identifying minimum software versions that remediate known vulnerabilities. The guidance directs federal agencies to perform corrective patching and recommends all organizations verify and apply the specified minimum updates. CISA also provides the RayDetect scanner to analyze ASA core dumps for RayInitiator compromise and offers temporary mitigation recommendations for agencies still completing compliance.
read more →

CISA Adds Three CVEs to KEV Catalog Targeting Federal Assets

🔔CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-9242 (WatchGuard Firebox out-of-bounds write), CVE-2025-12480 (Gladinet Triofox improper access control), and CVE-2025-62215 (Microsoft Windows race condition). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required due dates. CISA urges all organizations to prioritize timely remediation and other mitigations to reduce exposure to active threats.
read more →

Microsoft fixes Windows Task Manager bug hurting performance

⚠️ Microsoft released a fix for a Windows 11 Task Manager issue introduced by the optional preview update KB5067036 that could leave multiple taskmgr.exe processes running after the window was closed. The defect, blamed for stuttering and CPU hangs on affected systems, is resolved in the November cumulative security update KB5068861. Microsoft recommends installing KB5068861, and users who cannot immediately update can temporarily terminate lingering Task Manager processes by running an elevated Command Prompt and executing taskkill.exe /im taskmgr.exe /f.
read more →

Microsoft Patches 63 Flaws Including Kernel Zero‑Day

🔒 Microsoft released patches for 63 vulnerabilities, four rated Critical and 59 Important, including a Windows Kernel zero-day (CVE-2025-62215) that Microsoft says is being exploited in the wild. The flaws span privilege escalation, remote code execution, information disclosure and DoS, with notable heap-overflow issues in Graphics Component and WSL GUI. Administrators are urged to prioritize updates where exploits are known or where vulnerabilities permit privilege escalation or remote code execution.
read more →

Microsoft Fixes Windows Kernel Zero Day in November

🔒 Microsoft released its November Patch Tuesday updates addressing over 60 CVEs, including an actively exploited Windows kernel zero-day (CVE-2025-62215). The flaw is a race-condition and double-free that can let low-privileged local attackers corrupt kernel memory and escalate to system privileges, though exploitation requires precise timing and local code execution. Administrators should also prioritise a critical GDI+ RCE (CVE-2025-60724, CVSS 9.8) that can be triggered by parsing specially crafted metafiles. Microsoft additionally issued an out-of-band update (KB5071959) to resolve Windows 10 Consumer ESU enrollment failures.
read more →

November 2025 Patch Tuesday: One Zero-Day, Five Criticals

🔒 Microsoft’s November 2025 Patch Tuesday addresses 63 CVEs, including one actively exploited zero‑day and five Critical vulnerabilities that span Windows, Office, Developer Tools and third‑party products. This release is the first Extended Security Update (ESU) roll‑out for Windows 10 after its October 14 end‑of‑life; ESU enrollment and upgrade to 22H2 are required to receive fixes. CrowdStrike notes elevation of privilege, remote code execution and information disclosure are the leading exploitation techniques this month. Administrators should prioritize the zero‑day and Critical fixes (notably GDI+ and Nuance PowerScribe) and adopt mitigations where patching is delayed.
read more →

November Patch Tuesday: Critical Windows Kernel Zero-Day

⚠️ Microsoft’s November Patch Tuesday addresses 63 vulnerabilities, including an actively exploited Windows kernel zero-day CVE-2025-62215 that can allow local attackers to escalate to SYSTEM via a complex race-condition double-free. Administrators should prioritize this fix across servers, domain controllers, and desktops, including Windows 10 systems enrolled in the ESU program. Other notable fixes include a Copilot Chat extension RCE (CVE-2025-62222) and a critical Microsoft Graphics Component overflow that could be triggered by specially crafted document uploads.
read more →

Synology Patches Critical BeeStation RCE Shown at Pwn2Own

🔒 Synology has released a patch for a critical remote code execution flaw (CVE-2025-12686) in BeeStation OS, following a proof-of-concept exploit shown at Pwn2Own Ireland. The vulnerability, described as a buffer copy without checking input size, can enable arbitrary code execution on impacted NAS devices and has no practical mitigations. Synology advises users to upgrade to BeeStation OS 1.3.2-65648 or later to remediate the issue. The flaw was demonstrated by Synacktiv researchers Tek and anyfun, who earned a $40,000 reward.
read more →

Hackers Exploit Triofox AV Feature to Deploy Remote Tools

⚠️ Hackers exploited a critical Triofox vulnerability (CVE-2025-12480) and abused the product's built-in antivirus configuration to achieve remote code execution as SYSTEM. Google Threat Intelligence Group traced the activity to UNC6485 targeting a Triofox server in August; attackers bypassed authentication via Host header/Referer spoofing and configured a malicious scanner to run a PowerShell downloader. Vendor patches are available; administrators should update and audit admin and scanner settings.
read more →

Microsoft releases KB5068781 — first Windows 10 ESU update

🔔 Microsoft released KB5068781, the first Extended Security Update (ESU) for Windows 10 following the platform's end of support. The update fixes a bug that incorrectly reported LTSC devices as out of support and bundles October Patch Tuesday fixes. It addresses 63 vulnerabilities — including one actively exploited elevation-of-privilege flaw — and is mandatory for enrolled devices, installing via Settings → Windows Update and updating ESU and LTSC builds to 19045.6575/19044.6575.
read more →