Tag Archives: PatchTuesday

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

Leave a reply

April In the Trend of VM (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 11 trending vulnerabilities:

🔻 Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
🔻 Spoofing – Windows File Explorer (CVE-2025-24071)
🔻 Four Windows vulnerabilities from March Microsoft Patch Tuesday were exploited in the wild (CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-24983)
🔻 Three VMware “ESXicape” Vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
🔻 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔻 Remote Code Execution – Kubernetes (CVE-2025-1974)

На русском

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application

Leave a reply

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:31 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
🔻 01:12 Elevation of Privilege – Windows Storage (CVE-2025-21391)
🔻 01:53 Authentication Bypass – PAN-OS (CVE-2025-0108)
🔻 03:09 Remote Code Execution – CommuniGate Pro (BDU:2025-01331)
🔻 04:27 The VM riddle: who should patch hosts with a deployed application?
🔻 07:11 About the digest of trending vulnerabilities

На русском

April Microsoft Patch Tuesday

Leave a reply

April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild:

🔻 EoP – Windows Common Log File System Driver (CVE-2025-29824). An attacker can gain SYSTEM privileges. No technical details yet.
🔻 SFB – Microsoft Edge (CVE-2025-2783). Sandbox escape with an existing PoC exploit.
🔻 RCE – Microsoft Edge (CVE-2025-24201). Originally reported as a WebKit vuln on Apple OSes. 🤷‍♂️

Microsoft also patched vulnerabilities in Kubernetes with known exploits (CVE-2025-1974, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-24513)

Other notable ones:

🔹 RCE – LDAP (CVE-2025-26670, CVE-2025-26663), TCP/IP (CVE-2025-26686), Microsoft Office (CVE-2025-29794, CVE-2025-29793), RDS (CVE-2025-27480, CVE-2025-27482), Hyper-V (CVE-2025-27491)
🔹 SFB – Kerberos (CVE-2025-29809)

🗒 Full Vulristics report

На русском

March Microsoft Patch Tuesday

Leave a reply

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild:

🔻 RCE – Windows Fast FAT File System Driver (CVE-2025-24985)
🔻 RCE – Windows NTFS (CVE-2025-24993)
🔻 SFB – Microsoft Management Console (CVE-2025-26633)
🔻 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983)
🔻 InfDisc – Windows NTFS (CVE-2025-24991, CVE-2025-24984)
🔻 AuthBypass – Power Pages (CVE-2025-24989) – in Microsoft web service, can be ignored

There are no vulnerabilities with public exploits, there are 2 more with private ones:

🔸 RCE – Bing (CVE-2025-21355) – in Microsoft web service, can be ignored
🔸 SFB – Windows Kernel (CVE-2025-21247)

Among the others:

🔹 RCE – Windows Remote Desktop Client (CVE-2025-26645) and Services (CVE-2025-24035, CVE-2025-24045), MS Office (CVE-2025-26630), WSL2 (CVE-2025-24084)
🔹 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24044)

🗒 Full Vulristics report

На русском

February Microsoft Patch Tuesday

Leave a reply

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild:

🔻 EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)
🔻 EoP – Windows Storage (CVE-2025-21391)

There are no vulnerabilities with public exploits, but there are 7 with private ones:

🔸 RCE – Microsoft Edge (CVE-2025-21279, CVE-2025-21283)
🔸 Auth. Bypass – Azure (CVE-2025-21415)
🔸 EoP – Windows Setup Files Cleanup (CVE-2025-21419)
🔸 Spoofing – Windows NTLM (CVE-2025-21377)
🔸 Spoofing – Microsoft Edge (CVE-2025-21267, CVE-2025-21253)

Among the rest, the following can be highlighted:

🔹 RCE – Windows LDAP (CVE-2025-21376), Microsoft Excel (CVE-2025-21381, CVE-2025-21387), Microsoft SharePoint Server (CVE-2025-21400), DHCP Client Service (CVE-2025-21379)
🔹 EoP – Windows Core Messaging (CVE-2025-21184, CVE-2025-21358, CVE-2025-21414), Windows Installer (CVE-2025-21373)

🗒 Full Vulristics report

На русском

January Microsoft Patch Tuesday

Leave a reply

January Microsoft Patch Tuesday

January Microsoft Patch Tuesday. 170 CVEs, 10 of them were added since December MSPT. 3 exploited in the wild:

🔻 EoP – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335). No details yet.

No vulnerabilities have public exploits. 5 have private ones:

🔸 Security Feature Bypass – Microsoft Update Catalog (CVE-2024-49147), MapUrlToZone (CVE-2025-21268, CVE-2025-21189)
🔸 EoP – Windows Installer (CVE-2025-21287)
🔸 Auth. Bypass – Azure (CVE-2025-21380)

Notable among the rest:

🔹 RCE – Windows OLE (CVE-2025-21298), Windows RMCAST (CVE-2025-21307), Microsoft Office (CVE-2025-21365), Windows Remote Desktop Services (CVE-2025-21297, CVE-2025-21309), NEGOEX (CVE-2025-21295)
🔹 EoP – Windows NTLM V1 (CVE-2025-21311), Windows Search Service (CVE-2025-21292), Windows App Package Installer (CVE-2025-21275)
🔹 Spoofing – Windows Themes (CVE-2025-21308)

🗒 Full Vulristics report

На русском

December Microsoft Patch Tuesday

Leave a reply

December Microsoft Patch Tuesday

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild:

🔻 EoP – Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet.

Strictly speaking, there was another vulnerability that was exploited in the wild: EoP – Microsoft Partner Network (CVE-2024-49035). But this is an already fixed vulnerability in the Microsoft website and I’m not even sure that it was worth creating a CVE. 🤔

For the remaining vulnerabilities, there are no signs of exploitation in the wild, nor exploits (even private ones).

I can highlight:

🔹 RCE – Windows LDAP (CVE-2024-49112, CVE-2024-49127)
🔹 RCE – Windows LSASS (CVE-2024-49126)
🔹 RCE – Windows Remote Desktop Services (CVE-2024-49106 и ещё 8 CVE)
🔹 RCE – Microsoft MSMQ (CVE-2024-49122, CVE-2024-49118)
🔹 RCE – Microsoft SharePoint (CVE-2024-49070)

🗒 Full Vulristics report

На русском