All news with #security advisory tag

Microsoft WSUS Patch Disrupted Windows Server Hotpatching

⚠️ An out-of-band update, KB5070881, that addressed CVE-2025-59287 for Windows Server Update Service inadvertently removed Hotpatch enrollment on a very limited number of Windows Server 2025 machines. Microsoft has stopped offering KB5070881 to Hotpatch-enrolled devices and released KB5070893 the next day to fix the flaw without breaking Hotpatch. Systems that installed the buggy update will receive regular monthly security updates requiring restarts in November and December and will rejoin Hotpatch after the January 2026 baseline. As part of mitigations, Microsoft also disabled the display of WSUS synchronization error details.

Windows Task Manager Won't Quit After KB5067036 Update

⚠️ Microsoft confirmed a known issue where closing Task Manager does not terminate the taskmgr.exe process after installing the October 28, 2025 preview update (KB5067036). Multiple background instances can consume CPU and cause stutters. As a temporary workaround, end each process in a new Task Manager window or run: taskkill.exe /im taskmgr.exe /f while Microsoft investigates a permanent fix.

ASD Warns of Ongoing BADCANDY Attacks on Cisco IOS XE

🛡️ The Australian Signals Directorate (ASD) has issued a bulletin warning of ongoing attacks using a Lua-based implant dubbed BADCANDY to compromise unpatched Cisco IOS XE devices via CVE-2023-20198. ASD reports variations have been seen since October 2023 and estimates about 400 Australian devices were compromised since July 2025, with 150 infections in October. Operators are urged to apply patches, restrict public access to the web UI, and follow Cisco hardening guidance.

Agencies Publish Best Practices to Secure Exchange Server

🔒 Cybersecurity agencies in the United States, Australia and Canada have issued coordinated best-practice guidance to help organizations harden on-premises Microsoft Exchange Server installations against ongoing attacks and misconfiguration risks. The advisory emphasizes keeping servers fully patched and on the supported Subscription Edition, enabling Microsoft’s Emergency Mitigation Service, and establishing security baselines. It also urges stronger authentication and encryption, dedicated administrative workstations, and built-in protections such as Microsoft Defender Antivirus and App Control to reduce attack surfaces.

CISA and NSA Urge Immediate Hardening of Exchange Servers

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.

Critical Flaws in King Addons for Elementor Risk Takeover

⚠️ King Addons for Elementor, installed on over 10,000 WordPress sites, contains two unauthenticated critical vulnerabilities that can enable full site takeover. Patchstack identified an arbitrary file upload (CVE-2025-6327) and a registration-based privilege escalation (CVE-2025-6325) that allow remote attackers to place files in web-accessible directories and create administrative accounts. The vendor released version 51.1.37 to add a role allowlist, input sanitization, upload permission checks and stricter file-type validation — administrators should update immediately and verify whether the 'King Addons Login | Register Form' widget is active.

CISA and NSA Issue Hardening Guidance for Exchange

🔒 CISA and the NSA, joined by the Australian Cyber Security Centre and the Canadian Centre for Cyber Security, released guidance to harden on-premises and hybrid Microsoft Exchange servers against attacks. The advisory emphasizes stronger authentication, minimized application attack surfaces, robust TLS configurations, and decommissioning unsupported servers after migration to Microsoft 365. It also recommends enabling emergency mitigations and built-in anti-spam and anti-malware protections and restricting administrative access to authorized workstations.

Chromium Blink flaw crashes Chrome, Edge; exploit published

⚠ A researcher, Jose Pino, published a proof-of-concept on October 29 demonstrating a Blink rendering-engine flaw that can crash Chrome, Microsoft Edge and several other Chromium-based browsers within seconds by flooding document.title updates. Pino says he reported the issue to Google on August 28 and, after no response, released the PoC to force public attention. The exploit saturates the main thread with millions of DOM mutations per second, producing rapid CPU spikes, tab freezes and eventual process termination, and it raises particular concern for headless and automated enterprise workflows.

CISA Releases Microsoft Exchange Server Security Guide

🔐 Today, CISA, in collaboration with the National Security Agency and international partners, published Microsoft Exchange Server Security Best Practices to help defenders harden on-premises Exchange servers against ongoing exploitation. The guidance emphasizes strengthening user authentication and access controls, enforcing robust network encryption, and reducing application attack surfaces through configuration and feature management. CISA also urges organizations to decommission end-of-life or hybrid 'last Exchange' servers after migrating to Microsoft 365 to reduce exposure to continued exploitation.

CISA Adds Two CVEs to Known Exploited Vulnerabilities

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-24893 (XWiki Platform eval injection) and CVE-2025-41244 (Broadcom VMware Aria Operations and VMware Tools privilege-defined unsafe actions). Evidence indicates active exploitation and substantial risk to the federal enterprise. Under BOD 22-01, affected FCEB agencies must remediate by required due dates. CISA urges all organizations to prioritize timely remediation as part of routine vulnerability management.

Hitachi Energy TropOS Command Injection and Privilege Issues

⚠️ Hitachi Energy's TropOS wireless devices contain multiple vulnerabilities — including OS command injection and improper privilege management — that can be exploited remotely by authenticated users to obtain root access. Affected 4th Gen firmware versions up to 8.9.6.0 are vulnerable (CVE-2025-1036, CVE-2025-1037, CVE-2025-1038); CVSS v4 scores reach 8.7. Hitachi Energy advises immediate update to version 8.9.7.0, and CISA recommends isolating devices, minimizing network exposure, and following ICS security best practices.

ISO 15118-2 SLAC Vulnerability in EV Charging Protocol

🔒 ISO 15118-2-compliant EV charging implementations using the SLAC protocol are vulnerable to spoofed measurements that can enable man‑in‑the‑middle attacks between vehicles and chargers, tracked as CVE-2025-12357 (CVSS v4 7.2). The issue is an improper restriction of communication channel (CWE-923) and may be exploitable wirelessly at close range via electromagnetic induction. ISO recommends using TLS (required in ISO 15118-20) with certificate chaining; CISA advises minimizing network exposure, isolating control networks, and using secure remote access methods.

CISA Releases Two ICS Advisories on ISO 15118-2 and TropOS

🛡️ CISA released two Industrial Control Systems advisories addressing the International Standards Organization ISO 15118-2 standard and Hitachi Energy TropOS. The advisories provide timely information on security issues, vulnerabilities, and potential exploits affecting ICS components. Administrators and operators are urged to review the advisories for technical details and recommended mitigations to protect operational environments.

Blueprint for Hardening Microsoft Exchange Servers

🔒 CISA, the NSA, and international partners released the Microsoft Exchange Server Security Best Practices blueprint to help administrators of on‑premises and hybrid Exchange environments strengthen defenses against persistent cyber threats. The guidance builds on CISA’s Emergency Directive 25‑02 and emphasizes restricting administrative access, implementing multifactor authentication, enforcing strict transport security, and adopting zero trust principles. It also urges organizations to remediate or replace end‑of‑life Exchange versions, apply recommended mitigations, and consider migrating to cloud-based email to reduce operational complexity and exposure.

ThreatsDay: DNS Poisoning, Supply-Chain Heist, New RATs

🔔 This week's ThreatsDay bulletin highlights a critical BIND9 vulnerability (CVE-2025-40778) enabling DNS cache poisoning and a public PoC, along with widespread campaign activity from loaders, commodity RATs and supply-chain trojans. Other notable items include a guilty plea by a former defense employee for selling cyber-exploit components to a Russian broker, a new Linux Rust dual-personality evasion technique, and Avast's free decryptor for Midnight ransomware. Recommended defensive actions emphasize patching to the latest BIND9 releases, enabling DNSSEC, restricting recursion, and strengthening monitoring and authentication controls.

Plugin Flaw Lets Subscribers Read Any Server File Now

⚠️ The Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) contains a vulnerability (CVE-2025-11705) that allows low-privileged subscribers to read arbitrary files on the server. The issue is caused by missing capability checks in the GOTMLS_ajax_scan() AJAX handler, enabling attackers who can obtain a nonce to access sensitive files like wp-config.php. The developer released v4.23.83 on October 15, which adds a proper capability check via a new GOTMLS_kill_invalid_user() function; administrators of membership sites should update immediately.

Microsoft fixes Media Creation Tool on affected PCs again

🛠 Microsoft has restored the Windows 11 Media Creation Tool after reports it failed to run on some up-to-date Windows 10 22H2, Windows 11 25H2 and Arm64 systems following the Windows 11 2025 Update. Microsoft says the issue was resolved in the optional KB5067036 preview update published October 28, 2025, and the updated tool is now available for download. As before, users can also obtain Windows ISO files directly to create bootable media.

Microsoft fixes 0x800F081F Windows Update failures

🔧 Microsoft has resolved a known issue that caused Windows updates to fail with error code 0x800F081F on Windows 11 24H2 devices. The problem affected systems that installed the KB5050094 January 2025 preview cumulative update and subsequent updates, and Microsoft traced the failures to missing language packs and feature payloads removed by ACR/MCR cleanup. Microsoft acknowledged the issue on October 15 and fixed it in the KB5067036 October 2025 preview update. Administrators who cannot install the optional preview immediately can perform an In‑Place Upgrade via Windows installation media or the Settings > System > Recovery workflow to restore missing components without losing files or apps.

BSI: Tens of Thousands of German Exchange Servers Vulnerable

⚠️ The German Federal Office for Information Security (BSI) warns that the majority of an estimated 33,000 publicly reachable Microsoft Exchange Server 2016 and 2019 installations still operate without vendor support after 14 October 2025. Without security updates, new critical Exchange vulnerabilities cannot be patched and affected systems may need to be taken offline to avoid compromise. The BSI highlights rapid network-wide compromise and ransomware risk and urges prompt upgrades, migrations, or protective measures such as VPNs or IP restrictions.

Defending QUIC Against Acknowledgement-Based DDoS Attacks

🔒 Cloudflare patched two QUIC ACK-handling vulnerabilities (CVE-2025-4820, CVE-2025-4821) affecting its open-source quiche library and services using it. The flaws—missing ACK range validation and an Optimistic ACK attack—could let a malicious peer inflate server send rates, driving CPU and network amplification. Cloudflare implemented ACK range enforcement and a dynamic, CWND-aware skip frequency; quiche versions prior to 0.24.4 were affected.