All news with #patch tag

CISA Issues Guidance for Cisco ASA and Firepower Fixes

🔔 CISA released implementation guidance for Cisco ASA and Firepower devices to support Emergency Directive 25-03. The guidance lists minimum software versions that remediate CVE-2025-20333 and CVE-2025-20362 and directs agencies to perform corrective patching. CISA warns multiple organizations believed they had applied updates but had not and recommends all operators verify exact versions. Agencies with devices not yet updated or updated after Sept. 26, 2025, should follow additional temporary mitigations.

Active Directory Under Siege: Risks in Hybrid Environments

🔐 Active Directory remains the critical authentication backbone for most enterprises, and its growing complexity across on‑premises and cloud hybrids has expanded attackers' opportunities. The article highlights common AD techniques — Golden Ticket, DCSync, and Kerberoasting — and frequent vulnerabilities such as weak and reused passwords, lingering service accounts, and poor visibility. It recommends layered defenses: strong password hygiene, privileged access management, zero‑trust conditional access, continuous monitoring, and rapid patching. The piece stresses that AD security is continuous and highlights solutions that block compromised credentials in real time.

Microsoft fixes Windows Task Manager bug hurting performance

⚠️ Microsoft released a fix for a Windows 11 Task Manager issue introduced by the optional preview update KB5067036 that could leave multiple taskmgr.exe processes running after the window was closed. The defect, blamed for stuttering and CPU hangs on affected systems, is resolved in the November cumulative security update KB5068861. Microsoft recommends installing KB5068861, and users who cannot immediately update can temporarily terminate lingering Task Manager processes by running an elevated Command Prompt and executing taskkill.exe /im taskmgr.exe /f.

Microsoft Patches 63 Flaws Including Kernel Zero‑Day

🔒 Microsoft released patches for 63 vulnerabilities, four rated Critical and 59 Important, including a Windows Kernel zero-day (CVE-2025-62215) that Microsoft says is being exploited in the wild. The flaws span privilege escalation, remote code execution, information disclosure and DoS, with notable heap-overflow issues in Graphics Component and WSL GUI. Administrators are urged to prioritize updates where exploits are known or where vulnerabilities permit privilege escalation or remote code execution.

Microsoft Fixes Windows Kernel Zero Day in November

🔒 Microsoft released its November Patch Tuesday updates addressing over 60 CVEs, including an actively exploited Windows kernel zero-day (CVE-2025-62215). The flaw is a race-condition and double-free that can let low-privileged local attackers corrupt kernel memory and escalate to system privileges, though exploitation requires precise timing and local code execution. Administrators should also prioritise a critical GDI+ RCE (CVE-2025-60724, CVSS 9.8) that can be triggered by parsing specially crafted metafiles. Microsoft additionally issued an out-of-band update (KB5071959) to resolve Windows 10 Consumer ESU enrollment failures.

Enterprise networks hit by legacy, unpatched systems

🔍 New research from Palo Alto Networks shows enterprise networks remain sprawling and poorly controlled: telemetry from 27 million devices across 1,800 enterprises found 26% of Linux and 8% of Windows systems running on end-of-life OS versions, 39% of directory-registered devices lack active endpoint protection, and 32.5% operate outside IT control. Poor segmentation — present in 77% of networks — and unmanaged edge devices increase attacker opportunities.

November 2025 Patch Tuesday: One Zero-Day, Five Criticals

🔒 Microsoft’s November 2025 Patch Tuesday addresses 63 CVEs, including one actively exploited zero‑day and five Critical vulnerabilities that span Windows, Office, Developer Tools and third‑party products. This release is the first Extended Security Update (ESU) roll‑out for Windows 10 after its October 14 end‑of‑life; ESU enrollment and upgrade to 22H2 are required to receive fixes. CrowdStrike notes elevation of privilege, remote code execution and information disclosure are the leading exploitation techniques this month. Administrators should prioritize the zero‑day and Critical fixes (notably GDI+ and Nuance PowerScribe) and adopt mitigations where patching is delayed.

November Patch Tuesday: Critical Windows Kernel Zero-Day

⚠️ Microsoft’s November Patch Tuesday addresses 63 vulnerabilities, including an actively exploited Windows kernel zero-day CVE-2025-62215 that can allow local attackers to escalate to SYSTEM via a complex race-condition double-free. Administrators should prioritize this fix across servers, domain controllers, and desktops, including Windows 10 systems enrolled in the ESU program. Other notable fixes include a Copilot Chat extension RCE (CVE-2025-62222) and a critical Microsoft Graphics Component overflow that could be triggered by specially crafted document uploads.

Synology Patches Critical BeeStation RCE Shown at Pwn2Own

🔒 Synology has released a patch for a critical remote code execution flaw (CVE-2025-12686) in BeeStation OS, following a proof-of-concept exploit shown at Pwn2Own Ireland. The vulnerability, described as a buffer copy without checking input size, can enable arbitrary code execution on impacted NAS devices and has no practical mitigations. Synology advises users to upgrade to BeeStation OS 1.3.2-65648 or later to remediate the issue. The flaw was demonstrated by Synacktiv researchers Tek and anyfun, who earned a $40,000 reward.

Hackers Exploit Triofox AV Feature to Deploy Remote Tools

⚠️ Hackers exploited a critical Triofox vulnerability (CVE-2025-12480) and abused the product's built-in antivirus configuration to achieve remote code execution as SYSTEM. Google Threat Intelligence Group traced the activity to UNC6485 targeting a Triofox server in August; attackers bypassed authentication via Host header/Referer spoofing and configured a malicious scanner to run a PowerShell downloader. Vendor patches are available; administrators should update and audit admin and scanner settings.

Microsoft releases KB5068781 — first Windows 10 ESU update

🔔 Microsoft released KB5068781, the first Extended Security Update (ESU) for Windows 10 following the platform's end of support. The update fixes a bug that incorrectly reported LTSC devices as out of support and bundles October Patch Tuesday fixes. It addresses 63 vulnerabilities — including one actively exploited elevation-of-privilege flaw — and is mandatory for enrolled devices, installing via Settings → Windows Update and updating ESU and LTSC builds to 19045.6575/19044.6575.

Microsoft November 2025 Patch Tuesday: 63 Flaws, 1 Zero-Day

🛡️ Microsoft’s November 2025 Patch Tuesday addresses 63 vulnerabilities, including one actively exploited zero-day in the Windows Kernel (CVE-2025-62215). The update bundle includes four Critical issues and a broad set of fixes across kernel, RDP, Hyper-V, drivers, Office components and other Windows subsystems. Organizations still on unsupported Windows 10 should upgrade to Windows 11 or enroll in Microsoft’s ESU program; Microsoft also released an out-of-band patch to fix an ESU enrollment bug.

Windows 11 KB5068861 & KB5068865 November 2025 Updates

🔔 Microsoft released cumulative updates KB5068861 and KB5068865 for Windows 11 25H2/24H2 and 23H2, delivering the November 2025 Patch Tuesday security fixes, bug repairs, and several feature changes. The updates are mandatory security releases and update system build numbers to 26200.7019 (25H2/24H2 variants) and 226x1.6050 (23H2). Notable additions include a redesigned Start menu with Categories mode, updated battery icons with percentage, a new Copilot page in Get Started, Administrator Protection Preview, and post-quantum cryptography API support. Microsoft said the rollout is gradual and reported no new known issues at announcement time.

Microsoft emergency Windows 10 update fixes ESU enrollment

🔧Microsoft released an out‑of‑band update (KB5071959) to address a Windows 10 Consumer ESU enrollment failure that could cause the ESU wizard to abort. Once the update is installed and the device is rebooted, affected systems should be able to complete ESU enrollment and resume receiving Extended Security Updates via Windows Update. Microsoft flagged the patch as a security update for non‑enrolled devices to restore access to essential fixes.

Microsoft November 2025 Patch Tuesday: 63 Vulnerabilities

🔒 Microsoft released its November 2025 Patch Tuesday addressing 63 vulnerabilities across Windows, Office, Visual Studio and other components, including five labeled Critical. One important kernel elevation flaw, CVE-2025-62215, has been observed exploited in the wild. Critical issues include RCE in GDI+, Office, and Visual Studio, plus a DirectX elevation-of-privilege; Microsoft rates several as less likely to be exploited. Cisco Talos published Snort and Snort 3 rules and advises customers to apply updates and rule packs promptly.

Pixnapping vulnerability: Android screen-snooping risk

🔒 A newly disclosed exploit named Pixnapping (CVE-2025-48561) allows a malicious Android app with no special permissions to read screen pixels from other apps and reconstruct sensitive content. The attack chains intent-based off-screen rendering, translucent overlays, and a GPU compression timing side channel to infer pixel values. Google issued a September patch but researchers bypassed it, and a more robust fix is planned.

SAP patches critical hardcoded credentials in SQL Anywhere

🔒 SAP released November security updates addressing a maximum-severity (10.0) hardcoded credentials flaw in the non-GUI component of SQL Anywhere Monitor (CVE-2025-42890) and a critical code-injection issue in SAP Solution Manager (CVE-2025-42887). The embedded credentials could allow attackers to access administrative functions and potentially execute arbitrary code. Administrators should apply updates and follow SAP mitigation guidance promptly.

Webinar: Modern Patch Management Strategies for 2026

🔐 On December 2 at 2:00 PM ET, BleepingComputer and SC Media will host a live webinar featuring Gene Moody, Field CTO at Action1, on modern patch management strategies to reduce risk and speed remediation. The session, titled Winning the 2026 vulnerability race, explains how cloud-native, policy-driven tools can address limitations of legacy systems like WSUS. Attendees will learn prioritization techniques, visibility practices, and automation use cases to align patching with business impact.

Attackers Exploit Critical Triofox Flaw for Code Execution

⚠️ Mandiant and Google GTIG observed UNC6485 exploiting a critical improper access control flaw, CVE-2025-12480, in Gladinet Triofox versions prior to 16.7.10368.56560. Attackers spoofed a localhost Host header to reach setup pages, create a native 'Cluster Admin' account and upload payloads. They abused the product's anti‑virus configuration to execute arbitrary scripts as SYSTEM, then deployed remote access tools, escalated privileges and exfiltrated credentials. Users are urged to update, audit admin accounts and hunt for indicators of compromise.

Triofox Authentication Bypass Leads to Remote Access

🔒 Google's Mandiant reported active n‑day exploitation of a critical authentication bypass in Gladinet's Triofox (CVE-2025-12480, CVSS 9.1) that lets attackers access configuration pages and execute arbitrary payloads. Adversaries abused the product's antivirus executable path to run a malicious batch, installing Zoho UEMS and remote‑access tools such as Zoho Assist and AnyDesk. Operators created admin accounts, escalated privileges, and established SSH tunnels for inbound RDP. Triofox customers should apply the vendor patch, remove unauthorized admins, and verify antivirus executable paths cannot run untrusted scripts.