All news with #advisory tag

🔔 CISA released four Industrial Control Systems (ICS) advisories covering Advantech DeviceOn iEdge, Ubia Ubox, ABB FLXeon Controllers, and an update for Hitachi Energy Asset Suite. Each advisory provides technical details on identified vulnerabilities and recommended mitigations. Users and administrators are urged to review the advisories and apply mitigations promptly.

🔒 Microsoft warned that installing Windows security updates released on or after October 14, 2025 can cause some systems to boot into BitLocker recovery, prompting users to enter their recovery key on first restart. The issue mainly affects Intel devices that support Connected Standby (Modern Standby) and occurs during restart or startup on Windows 11 24H2/25H2 and Windows 10 22H2. Microsoft says devices should boot normally after the key is entered and offers a Group Policy mitigation via Known Issue Rollback (KIR), with affected customers advised to contact Microsoft Support for Business.

⚠ A critical vulnerability in the @react-native-community/cli ecosystem could let remote, unauthenticated attackers execute arbitrary OS commands on machines running the React Native development server. JFrog researcher Or Peles reported that the Metro dev server binds to external interfaces by default and exposes a vulnerable /open-url endpoint that passes user input to the unsafe open() call. The flaw (CVE-2025-11953, CVSS 9.8) affected versions 4.8.0–20.0.0-alpha.2 and is fixed in 20.0.0.

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

⚠️ The Canadian Centre for Cyber Security warns hacktivists are increasingly exploiting internet-accessible industrial control systems (ICS), citing recent intrusions that affected a water utility, an oil and gas automated tank gauge (ATG), and a farm's grain-drying silo. Attackers manipulated pressure, fuel-gauge, and environmental controls, creating safety and service disruptions. The alert urges secure remote access via VPNs with MFA and inventories of OT assets. Provincial and municipal coordination is recommended to protect sectors lacking cybersecurity oversight.

⚠️ Microsoft confirmed a known issue where closing Task Manager does not terminate the taskmgr.exe process after installing the October 28, 2025 preview update (KB5067036). Multiple background instances can consume CPU and cause stutters. As a temporary workaround, end each process in a new Task Manager window or run: taskkill.exe /im taskmgr.exe /f while Microsoft investigates a permanent fix.

🔒 Cybersecurity agencies in the United States, Australia and Canada have issued coordinated best-practice guidance to help organizations harden on-premises Microsoft Exchange Server installations against ongoing attacks and misconfiguration risks. The advisory emphasizes keeping servers fully patched and on the supported Subscription Edition, enabling Microsoft’s Emergency Mitigation Service, and establishing security baselines. It also urges stronger authentication and encryption, dedicated administrative workstations, and built-in protections such as Microsoft Defender Antivirus and App Control to reduce attack surfaces.

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.

🛡️ CISA released two Industrial Control Systems advisories addressing the International Standards Organization ISO 15118-2 standard and Hitachi Energy TropOS. The advisories provide timely information on security issues, vulnerabilities, and potential exploits affecting ICS components. Administrators and operators are urged to review the advisories for technical details and recommended mitigations to protect operational environments.

🔔 This week's ThreatsDay bulletin highlights a critical BIND9 vulnerability (CVE-2025-40778) enabling DNS cache poisoning and a public PoC, along with widespread campaign activity from loaders, commodity RATs and supply-chain trojans. Other notable items include a guilty plea by a former defense employee for selling cyber-exploit components to a Russian broker, a new Linux Rust dual-personality evasion technique, and Avast's free decryptor for Midnight ransomware. Recommended defensive actions emphasize patching to the latest BIND9 releases, enabling DNSSEC, restricting recursion, and strengthening monitoring and authentication controls.

⚠️ CISA disclosed critical vulnerabilities in Vertikal Systems Hospital Manager Backend Services that were fixed as of September 19, 2025. One flaw exposed the unauthenticated ASP.NET tracing endpoint (/trace.axd), allowing disclosure of request traces, headers, session identifiers, and internal paths. A second flaw returned verbose ASP.NET error pages for invalid WebResource.axd requests, revealing framework versions, stack traces, and server paths. CVE-2025-54459 and CVE-2025-61959 were assigned; organizations should apply vendor updates and follow network isolation best practices.

🔔 CISA released three Industrial Control Systems (ICS) advisories addressing multiple vulnerabilities that may affect operational technology safety and availability. The advisories cover ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services, and an update to ICSA-24-352-04 Schneider Electric Modicon (Update B). Administrators and asset owners should review the technical findings, assess exposure, and apply recommended mitigations promptly to reduce operational risk.

🔒 CISA and Schneider Electric describe a vulnerability (CVE-2024-10085) in EcoStruxure that allows remote actors to exhaust server resources and cause denial of service by sending a large number of OPC UA requests to the server. Affected products include EcoStruxure OPC UA Server Expert versions prior to SV2.01 SP3 and EcoStruxure Modicon Communication Server (all versions). The issue has a CVSS v4 base score of 8.2 and is noted as remotely exploitable with low attack complexity. Schneider has released SV2.01 SP3 to address the OPC UA Server Expert and plans remediation for Modicon; interim mitigations and hardening guidance are provided.

⚠️ Microsoft has released an out-of-band patch for a critical WSUS vulnerability (CVE-2025-59287) that enables unauthenticated remote code execution by sending malicious encrypted cookies to the GetCookie() endpoint. Security vendors Huntress and HawkTrace reported active exploitation of publicly exposed WSUS instances on TCP ports 8530 and 8531. Administrators should prioritize applying the update immediately; if that is not possible, isolate WSUS servers, restrict access to management hosts and Microsoft Update servers, and block inbound traffic to ports 8530/8531 until systems are remediated.

⚠️ CISA warns that attackers are exploiting a critical flaw (CVE-2025-61932) in Motex's Lanscope Endpoint Manager, enabling unauthenticated remote code execution via specially crafted packets. The issue affects client components in versions 9.4.7.2 and earlier; Motex has released patched client builds and noted managers do not require updates. No mitigations are available—install the vendor updates; CISA added the flaw to its KEV with a Nov. 12 remediation deadline for federal agencies.

🔔 CISA released eight Industrial Control Systems advisories addressing vulnerabilities and updates across multiple vendors and products, including AutomationDirect, ASKI Energy, Veeder-Root, Delta Electronics, NIHON KOHDEN, Schneider Electric, and Hitachi Energy. The notices cover new findings and several updates (for example, Update A and Update C) and list ICSA/ICSMA identifiers for each advisory. Administrators and asset owners should review the technical details, apply available patches or vendor mitigations, and reinforce network segmentation, access controls, and monitoring to reduce exposure.

⚠ After installing the October 14, 2025 security update KB5066835, USB-wired mice and keyboards do not function in the Windows Recovery Environment (WinRE), Microsoft confirmed. The devices continue to operate normally inside the Windows OS, but WinRE navigation is blocked, affecting Windows 11 (24H2, 25H2) and Windows Server 2025. Microsoft is working on a fix expected in the coming days; meanwhile users can rely on Bluetooth peripherals or legacy PS/2 input devices as a workaround.

⚠️ Nearly 76,000 WatchGuard Firebox network appliances exposed on the public internet remain vulnerable to CVE-2025-9242, a critical (9.3) out-of-bounds write in the iked process that handles IKEv2 VPN negotiations. The flaw can be exploited without authentication by sending specially crafted IKEv2 packets to devices configured with dynamic gateway peers, potentially enabling remote code execution. WatchGuard has published patched releases and urges administrators to upgrade to supported versions immediately; 11.x is end-of-support and will not receive fixes.

🔒 Microsoft warns the October 2025 Windows security updates are causing smart card authentication and certificate failures by switching RSA-based smart card certificates to use KSP instead of CSP. Affected systems may report errors such as "invalid provider type specified" or "CryptAcquireCertificatePrivateKey error" and Event ID 624 in the Smart Card Service log. Microsoft provides a manual workaround: set the DisableCapiOverrideForRSA registry value to 0, back up the registry first, then restart. This impacts Windows 10, Windows 11 and Windows Server releases; the company says the key will be removed in April 2026 and urges customers to work with application vendors to resolve compatibility.

🚨 CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation: CVE-2022-48503 (Apple), CVE-2025-2746 and CVE-2025-2747 (Kentico Xperience Staging Sync Server), CVE-2025-33073 (Microsoft Windows SMB Client), and CVE-2025-61884 (Oracle E-Business Suite SSRF). These flaws include authentication bypasses, improper access control, and SSRF, which are frequent attack vectors and pose significant risks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate identified KEV items by the required due dates; CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practice.