All news with #patch tag

Microsoft fixes Media Creation Tool on affected PCs again

🛠 Microsoft has restored the Windows 11 Media Creation Tool after reports it failed to run on some up-to-date Windows 10 22H2, Windows 11 25H2 and Arm64 systems following the Windows 11 2025 Update. Microsoft says the issue was resolved in the optional KB5067036 preview update published October 28, 2025, and the updated tool is now available for download. As before, users can also obtain Windows ISO files directly to create bootable media.

Microsoft fixes 0x800F081F Windows Update failures

🔧 Microsoft has resolved a known issue that caused Windows updates to fail with error code 0x800F081F on Windows 11 24H2 devices. The problem affected systems that installed the KB5050094 January 2025 preview cumulative update and subsequent updates, and Microsoft traced the failures to missing language packs and feature payloads removed by ACR/MCR cleanup. Microsoft acknowledged the issue on October 15 and fixed it in the KB5067036 October 2025 preview update. Administrators who cannot install the optional preview immediately can perform an In‑Place Upgrade via Windows installation media or the Settings > System > Recovery workflow to restore missing components without losing files or apps.

BSI: Tens of Thousands of German Exchange Servers Vulnerable

⚠️ The German Federal Office for Information Security (BSI) warns that the majority of an estimated 33,000 publicly reachable Microsoft Exchange Server 2016 and 2019 installations still operate without vendor support after 14 October 2025. Without security updates, new critical Exchange vulnerabilities cannot be patched and affected systems may need to be taken offline to avoid compromise. The BSI highlights rapid network-wide compromise and ransomware risk and urges prompt upgrades, migrations, or protective measures such as VPNs or IP restrictions.

Visibility Gaps in Patching and Vulnerability Remediation

🔍 Modern patch management demands centralized visibility, faster prioritization, and accountable remediation to close growing exposure gaps. The article highlights how legacy systems such as WSUS and SCCM struggle with mixed environments, remote endpoints, and third-party applications, producing inconsistent patch states and unnoticed failures. Action1 is presented as a cloud-native platform that inventories endpoints, maps missing updates to CVEs, automates targeted deployments and retries failures, and provides audit-ready reporting to unify security and IT workflows.

Defending QUIC Against Acknowledgement-Based DDoS Attacks

🔒 Cloudflare patched two QUIC ACK-handling vulnerabilities (CVE-2025-4820, CVE-2025-4821) affecting its open-source quiche library and services using it. The flaws—missing ACK range validation and an Optimistic ACK attack—could let a malicious peer inflate server send rates, driving CPU and network amplification. Cloudflare implemented ACK range enforcement and a dynamic, CWND-aware skip frequency; quiche versions prior to 0.24.4 were affected.

Windows 11 KB5067036 Preview Adds Administrator Protection

🔒 Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, introducing the new Administrator Protection feature alongside a refreshed Start menu. Administrator Protection requires users to verify identity with Windows Hello before permitting actions that require administrative privileges; it is off by default and can be enabled via OMA-URI in Microsoft Intune or Group Policy. The preview also delivers File Explorer and UI enhancements plus a range of bug fixes across authentication, graphics, accessibility and Windows Update reliability. Microsoft reports no known issues with this update.

CISA Warns of Two Actively Exploited DELMIA Flaws Now

⚠️ CISA has confirmed active exploitation of two vulnerabilities in Dassault Systèmes' DELMIA Apriso: CVE-2025-6205 (critical missing authorization) and CVE-2025-6204 (high-severity code injection). Both flaws were patched by the vendor in early August 2025 and affect Releases 2020 through 2025. Federal agencies must remediate within three weeks under BOD 22-01, and CISA urges all organizations to prioritize vendor mitigations or discontinue use if no fixes exist.

CISA Releases Three ICS Advisories on Schneider, Vertikal

🔔 CISA released three Industrial Control Systems (ICS) advisories addressing multiple vulnerabilities that may affect operational technology safety and availability. The advisories cover ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services, and an update to ICSA-24-352-04 Schneider Electric Modicon (Update B). Administrators and asset owners should review the technical findings, assess exposure, and apply recommended mitigations promptly to reduce operational risk.

Schneider Electric EcoStruxure OPC UA Server DoS Advisory

🔒 CISA and Schneider Electric describe a vulnerability (CVE-2024-10085) in EcoStruxure that allows remote actors to exhaust server resources and cause denial of service by sending a large number of OPC UA requests to the server. Affected products include EcoStruxure OPC UA Server Expert versions prior to SV2.01 SP3 and EcoStruxure Modicon Communication Server (all versions). The issue has a CVSS v4 base score of 8.2 and is noted as remotely exploitable with low attack complexity. Schneider has released SV2.01 SP3 to address the OPC UA Server Expert and plans remediation for Modicon; interim mitigations and hardening guidance are provided.

Vertikal Systems Hospital Manager Backend Services

⚠️ CISA disclosed critical vulnerabilities in Vertikal Systems Hospital Manager Backend Services that were fixed as of September 19, 2025. One flaw exposed the unauthenticated ASP.NET tracing endpoint (/trace.axd), allowing disclosure of request traces, headers, session identifiers, and internal paths. A second flaw returned verbose ASP.NET error pages for invalid WebResource.axd requests, revealing framework versions, stack traces, and server paths. CVE-2025-54459 and CVE-2025-61959 were assigned; organizations should apply vendor updates and follow network isolation best practices.

Actively Exploited WSUS RCE Prompts Urgent Patching

⚠️ Microsoft has released an out-of-band patch for a critical WSUS vulnerability (CVE-2025-59287) that enables unauthenticated remote code execution by sending malicious encrypted cookies to the GetCookie() endpoint. Security vendors Huntress and HawkTrace reported active exploitation of publicly exposed WSUS instances on TCP ports 8530 and 8531. Administrators should prioritize applying the update immediately; if that is not possible, isolate WSUS servers, restrict access to management hosts and Microsoft Update servers, and block inbound traffic to ports 8530/8531 until systems are remediated.

Critical WSUS RCE (CVE-2025-59287) Actively Exploited

⚠️ A critical unauthenticated remote code execution vulnerability in Microsoft Windows Server Update Services was identified as CVE-2025-59287 and observed being actively exploited in October 2025. The flaw stems from unsafe deserialization in WSUS endpoints (GetCookie and ReportingWebService) and enables remote attackers to execute arbitrary code as SYSTEM. Microsoft issued an emergency out-of-band patch on Oct 23 after initial Patch Tuesday fixes were incomplete; organizations should apply the update or follow temporary mitigations such as disabling the WSUS Server Role or blocking inbound TCP ports 8530/8531 immediately.

QNAP: NetBak PC Backup Affected by Critical ASP.NET Flaw

🔔 QNAP has warned that its NetBak PC Agent, a Windows backup utility, may include an affected ASP.NET Core runtime vulnerable to CVE-2025-55315. The flaw resides in the Kestrel ASP.NET Core web server and can allow low-privileged attackers to hijack other users' credentials or bypass front-end security via HTTP request smuggling. QNAP recommends reinstalling the app or manually installing the latest ASP.NET Core Runtime (Hosting Bundle) from the .NET 8.0 downloads to secure systems.

Exposure Management in 2025: Trends, Risks, and Response

🔒 Intruder’s 2025 Exposure Management Index analyzes scans from over 3,000 small and midsize businesses to show defenders adapting under mounting pressure. High-severity vulnerabilities rose nearly 20% year‑on‑year, even as 89% of resolved critical flaws were remediated within 30 days (up from 75% in 2024). The report highlights AI-driven exploit development, growing attack surfaces from cloud, shadow IT and supply‑chain risk, and faster remediation at smaller firms.

CISA orders patch for critical WSUS RCE exploited now

🔔 CISA ordered U.S. federal agencies to urgently patch a critical, actively exploited Windows Server Update Services vulnerability (CVE-2025-59287) that enables unauthenticated remote code execution with SYSTEM privileges. Microsoft released out-of-band security updates after proof-of-concept exploit code appeared, and administrators are urged to install them immediately or disable the WSUS Server role as an interim mitigation. Security firms reported scanning and attacks against WSUS instances exposed on default ports 8530/8531, and CISA has added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal patching under BOD 22-01.

Critical Microsoft WSUS RCE Flaw Exploited in Wild Now

⚠️Microsoft released out-of-band updates to fully remediate a critical deserialization vulnerability in Windows Server Update Service (WSUS), tracked as CVE-2025-59287. The initial Oct. 14 fixes were incomplete, prompting emergency patches for multiple Windows Server versions. Exploits in the wild were reported after a public proof-of-concept was published, allowing remote code execution as SYSTEM on affected servers.

Microsoft issues emergency WSUS patch for critical RCE

⚠️ Microsoft released an out-of-band security update to address a critical WSUS remote code execution vulnerability, CVE-2025-59287 (CVSS 9.8). The flaw stems from unsafe deserialization of AuthorizationCookie objects at the GetCookie() endpoint, where AES-128-CBC-encrypted cookie payloads are decrypted and deserialized via BinaryFormatter without type validation, enabling SYSTEM-level code execution on servers running the WSUS role. Microsoft published updates for supported Windows Server releases and recommends installing the patch and rebooting; short-term mitigations include disabling the WSUS role or blocking TCP ports 8530 and 8531.

Critical WSUS RCE Flaw in Windows Server Exploited Now

⚠️Microsoft confirmed attackers are exploiting a critical Windows Server Update Service vulnerability tracked as CVE-2025-59287, a remote code execution flaw that affects servers running the WSUS Server role when configured as an update source for other WSUS servers. The bug can be abused remotely with low complexity and no user interaction to run code as SYSTEM, raising wormable concerns. Microsoft released out-of-band patches for all affected Windows Server versions and advised immediate installation or temporary disabling of the WSUS Server role; public proof-of-concept code and active scanning have been observed in the wild.

Microsoft Releases Out-of-Band WSUS Patch for CVE-2025-59287

⚠ Microsoft released an out-of-band security update (October 23, 2025) to remediate a critical Windows Server Update Service (WSUS) remote code execution vulnerability, CVE-2025-59287, after a prior fix proved incomplete. The flaw affects WSUS on Windows Server 2012, 2016, 2019, 2022, and 2025 and could allow an unauthenticated actor to execute code with SYSTEM privileges. CISA urges organizations to identify affected WSUS servers, apply the update and reboot, or temporarily disable the WSUS Server Role or block inbound TCP ports 8530/8531 as mitigations until the patch is installed.

Microsoft issues emergency WSUS updates for critical RCE

⚠️ Microsoft has released out-of-band security updates to remediate a critical WSUS vulnerability tracked as CVE-2025-59287. The flaw affects only Windows servers with the WSUS Server Role enabled and allows remote, unauthenticated attackers to execute code as SYSTEM in low-complexity attacks without user interaction. Microsoft published cumulative KB updates for all affected Server builds and requires a reboot; administrators who cannot patch immediately are advised to disable the WSUS role or block TCP ports 8530/8531 as temporary mitigations.