Wednesday , February 19 2025

Microsoft January 2025 Patch, 159 Vuls, 10 Critical RCE’s

Microsoft’s January Patch Tuesday update fixed 159 vulnerabilities, including 10 critical Remote Code Execution (RCE) issues. These updates are essential for protecting Windows and related software from exploitation.

Key Highlights of December 2024 Patch Tuesday Updates:

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

Lazarus Group Unleashes New Malware Against Developers Worldwide

Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
Lazarus Group Unleashes New Malware Against Developers Worldwide

Daily Security Update Dated : 15.02.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.02.2025

Salt Typhoon to target Bangladeshi Universities, One identified

RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
Salt Typhoon to target Bangladeshi Universities, One identified

CVE-2025-21362 & CVE-2025-21354: Both issues are vulnerabilities in Microsoft Excel that allow remote code execution when a user opens a specially crafted file. They are critical because they enable attackers to run arbitrary code with user privileges.

CVE-2025-21311: A serious security flaw in Windows NTLM V1 that could let attackers gain higher access to the system.

CVE-2025-21309 & CVE-2025-21297: Both involve vulnerabilities in Windows Remote Desktop Services that allow remote code execution via malicious connections or files.

CVE-2025-21307: Affects the RMCAST driver, enabling remote attackers to run any code.

CVE-2025-21298 & CVE-2025-21296: These are security flaws in Windows OLE and BranchCache that could allow hackers to run harmful code remotely through specially designed inputs.

CVE-2025-21295 & CVE-2025-21294: Both are serious security issues that could allow unauthorized access to systems.

Microsoft’s January 2025 updates fixed several security issues, including three critical zero-day vulnerabilities that were publicly known and actively exploited.

The updates, aimed at improving the security of Windows and related software, fix issues ranging from privilege escalation to remote code execution and spoofing vulnerabilities. Below are the key details about the zero-day vulnerabilities that were patched:

CVE-2025-21275: Windows App Package Installer Elevation of Privilege Vulnerability:

A critical vulnerability, CVE-2025-21275, in the Windows App Package Installer has been fixed. This flaw could allow an attacker to gain full SYSTEM-level privileges on a compromised device, giving them complete control over it.

This vulnerability was reported to Microsoft anonymously. While no details about active exploitation are available, attackers often target such flaws to gain higher access privileges.

CVE-2025-21308: Windows Themes Spoofing Vulnerability:

A new zero-day vulnerability, CVE-2025-21308, has been discovered in Windows Themes. It allows spoofing just by displaying a specially crafted Theme file in Windows Explorer.

Users can be exploited just by loading a malicious file in Windows Explorer, without needing to open or click on it.

The exploit uses the BrandImage and Wallpaper options in theme files to set a network file path.

Windows Explorer sends the logged-in user’s NTLM credentials to the remote host indicated in the Theme file. Attackers can exploit these NTLM hashes to either crack the plain-text password or carry out pass-the-hash attacks.

Steps to Mitigate CVE-2025-21308:

Microsoft recommends turning off NTLM or adjusting the security policy to limit outgoing NTLM traffic to remote servers to reduce the risk of this vulnerability.

Blaz Satler from 0patch at ACROS Security discovered a flaw that bypasses a prior vulnerability (CVE-2024-38030). 0patch had released micropatches for this issue in October 2024, pending Microsoft’s official fix.

Microsoft Access Vulnerabilities: CVE-2025-21186, CVE-2025-21366, CVE-2025-21395
Microsoft has fixed three remote code execution (RCE) vulnerabilities in Access: CVE-2025-21186, CVE-2025-21366, and CVE-2025-21395. Attackers could exploit these flaws by convincing victims to open malicious Access documents.

The vulnerabilities emphasize the need to avoid untrusted files and to implement security solutions that can identify suspicious activity in office productivity tools.

Microsoft’s January 2025 Patch Tuesday highlights the ongoing threat of zero-day vulnerabilities in popular software. Users should apply updates right away to safeguard their devices.

Organizations should also consider extra defenses, like disabling NTLM in enterprise networks and restricting vulnerable protocols.

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include serious zero-day vulnerabilities in Microsoft Windows’ Hyper-V NT Kernel Integration.

Check Also

Insikt Group

Salt Typhoon Exploits Vulnerable Cisco Devices of Telcoms Globally

Between December 2024 and January 2025, Recorded Future’s Insikt Group discovered a campaign targeting unpatched …

Leave a Reply

Your email address will not be published. Required fields are marked *