Microsoft Tuesday Patch

Blogs Cybersecurity News Security Advisory

Cyber Security News at a Glance; May 2025

For the month of May 2025 here are the Top News including Security Advisory & Blogs

Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit

A high-severity vulnerability (CVE-2025-2082) in Tesla Model 3’s Vehicle Controller Security (VCSEC) module allows attackers within wireless range to remotely execute arbitrary code by exploiting a flaw in the Tire Pressure Monitoring System (TPMS)

Tesla Model 3 VCSEC Vulnerability Allows Remote Code Execution via TPMS Exploit 

The FBI issued an alert warning of ongoing exploitation of 13 EOL Linksys/Cisco routers by cybercriminal groups operating the 5Socks and Anyproxy services.

FBI Warns  End-of-Life Routers Exploited in Active Botnet and Proxy Campaigns 

Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days

Microsoft addressed 83 vulnerabilities across its product suite. Among them are 5 zero-day vulnerabilities have been confirmed as actively exploited in the wild. The updates span Windows components, Office, Visual Studio, and other core services.

11 vulnerabilities were rated critical, emphasizing the importance of timely remediation especially for enterprise environments.

5 non-Microsoft CVEs included

78 Microsoft CVEs addressed

Microsoft May 2025 Patch Tuesday Released; Fixed 83 Vulnerabilities, Including 5 Zero-Days

Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required 

SAP has released critical security updates for its May 2025 patch, including fixes for two actively exploited zero-day vulnerabilities in SAP NetWeaver Visual Composer.

SAP Visual Composer is not installed by default, however it is enabled because it was a core component used by business process specialists to develop business application components without coding.

Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required 

CISA is officially changing the way it disseminates online security updates and guidance.

CISA says the enhanced information dissemination system will from now on use social media and email only to disperse cybersecurity alerts and advisories, saving its landing page for more critical warnings on May 12.

Updates on May 13

Just a day after announcing it was changing the way it sent out alerts, CISA has changed its mind and reverted back to its old system of putting everything on its website.

“We recognize this has caused some confusion in the cyber community,” the site now reads. “As such, we have paused immediate changes while we re-assess the best approach to sharing with our stakeholders.”

Social Media & emails as Medium to disperse Cybersecurity alerts; CISA

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk 

A zero-day vulnerability (CVE-2025-4664) in Google Chrome’s Loader component has been actively exploited in the wild.This flaw allows attackers to bypass security policies, leak cross-origin data, and potentially execute unauthorized code. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging immediate patching. 

Zero-Day Threat in Chrome’s Loader Component (CVE-2025-4664) – CISA Flags Urgent Risk 
Security Advisory

Microsoft Updates Patch Tuesday for Feb 2025; Address 67 Vulnerabilities, Includes 2 Exploited Zero-Days 

Summary

Microsoft’s February 2025 Patch Tuesday addresses multiple security vulnerabilities, including four zero-days, with two actively exploited in the wild. This update covers a total of 67 security flaws, with three classified as critical Remote Code Execution (RCE) vulnerabilities.  

Microsoft  issued a revision for an older zero-day that threatens the latest Windows desktop and server versions.

OEM Microsoft 
Severity Critical 
Date of Announcement 2025-02-11
No. of Vulnerabilities Patched 67 
Actively Exploited Yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

The affected products include Windows, Microsoft Office, Microsoft Surface, and various network services. Organizations are strongly advised to apply these patches immediately to mitigate security risks and potential cyberattacks. 

  • 63 Microsoft CVEs addressed 
  • 4 non-Microsoft CVEs included 

The highlighted vulnerabilities include 4 zero-day flaws, 2 of which are currently being actively exploited. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-21418 Windows High 7.8 
Windows Storage Elevation of Privilege Vulnerability  CVE-2025-21391 Windows High 7.1 
Microsoft Surface Security Feature Bypass Vulnerability CVE-2025-21194 Windows High  7.1 
NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-21377 Windows Medium  6.5 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
  CVE-2025-21418  Windows server and Windows 10 & 11  Windows ancillary function driver for winsock elevation of privilege vulnerability enables attackers to escalate privileges to SYSTEM level. Specific exploitation details are not disclosed.    Unauthorized access with SYSTEM privileges.  
  CVE-2025-21391  Windows server and Windows 10 & 11 Windows storage elevation of privilege vulnerability allows attackers to delete targeted files on a system, potentially leading to service unavailability. Does not expose confidential data.    Deletion of critical data, leading to service disruption. 
  CVE-2025-21194    Microsoft Surface    Microsoft surface security feature bypass vulnerability allows attackers to bypass UEFI protections, compromising the secure kernel. Likely related to “PixieFail” vulnerabilities affecting the IPv6 network stack in Tianocore’s EDK II firmware.    Bypass of security features, potentially compromising system integrity. 
 CVE-2025-21377  Windows server and Windows 10 & 11 NTLM hash disclosure spoofing vulnerability exposes NTLM hashes when a user interacts with a malicious file. Simply selecting or right-clicking a file could trigger a remote connection, allowing an attacker to capture NTLM hashes for cracking or pass-the-hash attacks.   Potential for attackers to authenticate as the user, leading to unauthorized access. 

Source:  Microsoft       

In addition to the actively exploited vulnerabilities, several other critical flaws were also addressed: 

  • CVE-2025-21376: A Windows Lightweight Directory Access Protocol (LDAP) RCE vulnerability that could allow attackers to execute arbitrary code remotely. 
  • CVE-2025-21379: A DHCP Client Service RCE vulnerability that may enable remote attackers to execute code with elevated privileges. 
  • CVE-2025-21381: An RCE vulnerability in Microsoft Excel that could be triggered through malicious spreadsheet files. 

Remediation

  • Apply Updates: Immediately install the February 2025 Patch Tuesday updates to address these vulnerabilities. 

Conclusion: 

The February 2025 Patch Tuesday release addresses critical security vulnerabilities, including actively exploited zero-days. Timely application of these updates is essential to protect systems from potential threats. Organizations should review the affected products and implement the necessary patches and mitigations to maintain security integrity. 

The attack vector is local, meaning the attacker needs local access — physically or remotely, using SSH method without user interaction and if successful in exploiting, can give the attacker system privileges.

References

Security Advisory

Critical Security Updates: Microsoft Jan 2025 Patch Tuesday Fixes 8 Zero-Days & 159 Vulnerabilities 

Summary 

Microsoft has released its January 2025 Patch Tuesday updates, delivering critical fixes. Key products impacted include Windows Telephony Service, Windows Digital Media, and MSMQ, among others.

Key take away:

  • Microsoft addressed 159 vulnerabilities across multiple products, including eight zero-day flaws, with three actively exploited in the January 2025 Patch Tuesday updates.
  • Key vulnerabilities include privilege escalation flaws in Hyper-V and remote code execution bugs in Microsoft Excel.
  • This marks highest number of fixes in a single month since at least 2017.
OEM Microsoft 
Severity Critical 
Date of Announcement 2025-01-14 
No. of Vulnerabilities Patched 159 
Actively Exploited yes 
Exploited in Wild Yes 
Advisory Version 1.0 

Overview 

Critical updates were issued for Windows Hyper-V, Windows Themes, Microsoft Access, and Windows App Package Installer. The vulnerabilities include elevation of privilege, remote code execution, and spoofing attacks, impacting various systems. The patch targets a range of critical issues across Microsoft products, categorized as follows: 

  • 58 Remote Code Execution (RCE) Vulnerabilities 
  • 40 Elevation of Privilege (EoP) Vulnerabilities 
  • 22 Information Disclosure Vulnerabilities 
  • 20 Denial of Service (DoS) Vulnerabilities 
  • 14 Security Feature Bypass 
  • 5 Spoofing Vulnerabilities 

The highlighted vulnerabilities include 8 zero-day flaws, 3 of which are currently being actively exploited. 

Vulnerability Name CVE ID Product Affected Severity CVSS Score 
Elevation of privilege vulnerability  CVE-2025-21333CVE-2025-21334CVE-2025-21335 Windows High 7.8 
Elevation of Privilege Vulnerability CVE-2025-21275 Windows High 7.8 
Remote Code Execution Vulnerability CVE-2025-21186,CVE-2025-21366, CVE-2025-21395 Windows High 7.8 
Spoofing Vulnerability CVE-2025-21308 Windows Medium 6.5 

Technical Summary 

CVE ID System Affected Vulnerability Details Impact 
 CVE-2025-21333CVE-2025-21334CVE-2025-21335  Windows Hyper-V NT Kernel No information has been released on how elevation of privilege vulnerabilities in Windows Hyper-V NT Kernel Integration VSP, which allow attackers to gain SYSTEM privileges, were exploited in attacks, as they were disclosed anonymously.    Allow attackers to gain SYSTEM privileges 
  CVE-2025-21275  Windows App Package Installer Elevation of privilege vulnerability in the Windows App Package Installer, potentially leading to SYSTEM privileges.   Attackers could gain SYSTEM privileges 
 CVE-2025-21186,CVE-2025-21366, CVE-2025-21395   Microsoft Access  Remote code execution vulnerabilities in Microsoft Access, exploitable via specially crafted Access documents.   Remote Code Execution 
 CVE-2025-21308   Windows Themes Spoofing vulnerability in Windows Themes; viewing a specially crafted theme file in Windows Explorer can lead to NTLM credential theft.   NTLM credential theft 

Source:  Microsoft       

Additional Critical Patches Address High-Severity Vulnerabilities 

  • Eight of this month’s patches address Virtual Secure Mode components, requiring administrators to follow Microsoft’s guidance for updating virtualization-based security (VBS) issues. (CVE-2025-21280, CVE-2025-21284, CVE-2025-21299, CVE-2025-21321, CVE-2025-21331, CVE-2025-21336, CVE-2025-21340, CVE-2025-21370). 
  • Windows NTLM V1 Elevation of Privilege Vulnerability (CVE-2025-21311). 
  • Windows OLE Remote Code Execution Vulnerability (CVE-2025-21298). 

Remediation

  • Apply Updates: Immediately install the January 2025 Patch Tuesday updates to address these vulnerabilities. 
  • Disable NTLM: For CVE-2025-21308, consider disabling NTLM or enabling the “Restrict NTLM: Outgoing NTLM traffic to remote servers” policy to mitigate the risk.  
  • Exercise Caution with Untrusted Files: Avoid opening or interacting with files from untrusted sources, especially those with extensions associated with Microsoft Access. 

Conclusion: 

The January 2025 Patch Tuesday release addresses critical vulnerabilities that could allow attackers to gain elevated privileges, execute arbitrary code, or steal credentials. Prompt application of these updates is essential to maintain system security. Additionally, implementing recommended mitigations, such as disabling NTLM, can provide further protection against potential exploits. 

References

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Scroll to top