A dangerous flaw in how Windows environments handle Kerberos service ticket requests one that significantly expands the practical attack surface for Kerberos relaying in Active Directory.
Continue Reading
Summary: Microsoft’s October 2025 Patch Tuesday fixes 175 security vulnerabilities in the products Windows, Office, Azure, and .NET and others. It includes patches for 6 – zero-day vulnerabilities where three vulnerabilities have been exploited and three publicly known vulnerabilities.
Microsoft advises immediate deployment of updates and removal of affected drivers, while assessing legacy fax hardware for compatibility issues introduced by the driver removal in this month update.
The October 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-10-14 |
| No. of Patches | 175 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
Major fixes address serious remote code execution issues in Office and WSUS, along with privilege escalation vulnerabilities in Windows and Azure. The update also removes the Agere Modem driver, which could affect older fax devices. Users & Administrator are urged to update the patch to immediately to stay protected.
Here are the CVE addresses for Microsoft & non-Microsoft:
Breakdown of October 2025 Vulnerabilities
Source: Microsoft
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows Agere Modem Driver Elevation of Privilege Vulnerability | CVE-2025-24990 | Windows 10, 11, Server 2016-2022 | High | 7.8 |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | CVE-2025-59230 | Windows 10, 11, Server 2016-2022 | High | 7.8 |
| Secure Boot Bypass Vulnerability in IGEL OS | CVE-2025-47827 | IGEL OS | Medium | 4.6 |
| Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | CVE-2025-59287 | Windows Server | Critical | 9.8 |
| Microsoft Office Remote Code Execution Vulnerability | CVE-2025-59234 | Microsoft Office | High | 7.8 |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2025-59236 | Microsoft Excel (2016-2021) | High | 8.4 |
Technical Summary
October 2025 Patch Tuesday includes security updates addresses remote code execution, privilege escalation and information disclosure vulnerabilities in core Windows components, Office applications and Azure cloud services.
3 zero-days are actively exploited, including CVE-2025-24990 in the Agere Modem driver, where attackers can abuse the third-party component to gain administrative privileges without needing the modem hardware active, leading to local system compromise.
Additionally, exposes improper access controls in Windows Remote Access Connection Manager, enabling authorized attackers to escalate to SYSTEM privileges with moderate effort.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24990 | Windows Agere Modem Driver | Third-party driver abused for admin privileges; removed in updates, may break fax modem hardware | Privilege Escalation |
| CVE-2025-59230 | Windows Remote Access Connection Manager | Improper access control allows local attackers to gain SYSTEM privileges | Privilege Escalation |
| CVE-2025-47827 | IGEL OS < v11 | Improper cryptographic signature verification enables Secure Boot bypass via crafted root filesystem | Security Feature Bypass |
| CVE-2025-59287 | Windows Server Update Service | Deserialization of untrusted data allows unauthenticated RCE over networks, prime for supply-chain attacks | Remote Code Execution |
| CVE-2025-59234 | Microsoft Office (2016-2021) | Use-after-free in Office allows RCE via malicious files, no authentication required | Remote Code Execution |
| CVE-2025-59236 | Microsoft Excel (2016-2021) | Use-after-free in Excel enables RCE via malicious files, potentially leading to system control | Remote Code Execution |
Source: Microsoft
In addition to several other publicly exploited Zero-Day & Critical severity issues were addressed
Key Affected Products and Services
Updates for Windows Kernel, NTFS, BitLocker, NTLM, SMB, WinSock, PrintWorkflowUserSvc and Remote Desktop Services, with several vulnerabilities rated CVSS 7.8 or higher.
Patches for Excel, Word, PowerPoint, Visio, and SharePoint addressing RCE and information disclosure issues, particularly via malicious file execution.
Fixes for Azure Entra ID, Monitor Agent, Connected Machine Agent, PlayFab and Confidential Container Instances.
Vulnerabilities in Hyper-V and Virtual Secure Mode, including privilege escalation and DoS risks.
Updates for PowerShell, Visual Studio and Configuration Manager addressing local privilege escalation.
Patches for SMB, WSUS, and Connected Devices Platform with critical RCE and lateral movement risks.
Microsoft Edge (Chromium-based) updates, including republished Chrome CVEs.
Remediation:
Here are some recommendations below
Conclusion:
Critical RCE flaws in Office and WSUS, along with privilege escalation bugs, pose significant risks for ransomware, data theft and lateral movement. Administrator, users & security teams should deploy patches immediately, enhance monitoring and apply mitigations to reduce exposure.
References:
September 2025 Patch Tuesday update, addressing 86 security issues in products like Microsoft Windows, Microsoft Office etc.
This includes two publicly known zero-day bugs in the Windows SMB Server and another in Newtonsoft.Json. Here are the CVE addressed for Microsoft & non-Microsoft.
Organizations are strongly encouraged to prioritize patching of systems tied to network services, virtualization and productivity tools to mitigate risks of exploitation.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-09-09 |
| No. of Patches | 86 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Here are the CVE addressed for Microsoft & non-Microsoft
Breakdown of September 2025 Vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Windows SMB Elevation of Privilege Vulnerability | CVE-2025-55234 | Windows Server, Windows 10, 11 | High | 8.8 |
| Improper Handling of Exceptional Conditions in Newtonsoft.Json | CVE-2024-21907 | Microsoft SQL Server | High | 7.5 |
Technical Summary
September 2025 Patch Tuesday includes security updates addressing denial-of-service and privilege escalation vulnerabilities in commonly used libraries and services.
One of the publicly disclosed zero-day CVE-2024-21907 affects the popular .NET library Newtonsoft.Json, where deserialization of crafted JSON can lead to application crashes.
Additionally, CVE-2025-55234 highlights a potential for relay attacks in SMB Server configurations that lack hardening measures such as signing and Extended Protection for Authentication (EPA). Microsoft advises assessing current SMB deployments using new audit capabilities introduced in this month’s updates.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-55234 | Microsoft SMB Server | Lack of hardening (signing & EPA) in SMB Server can allow attackers to perform relay attacks, potentially resulting in elevation of privilege. | Privilege Escalation |
| CVE-2024-21907 | Newtonsoft.Json < 13.0.1 | Improper handling of crafted input to JsonConvert.DeserializeObject may trigger a StackOverflowException, leading to a denial-of-service condition. | Denial of Service |
Source: Microsoft and NVD
In addition to the publicly disclosed zero day vulnerability, several other Critical & High severity issues were addressed
Key Affected Products and Services
The September 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services:
Includes updates for Windows Kernel, NTFS, TCP/IP, Defender Firewall, LSASS, BitLocker, NTLM, Win32K, and RRAS (Routing and Remote Access Service), with several vulnerabilities rated CVSS 8.8 or higher.
Patches released for Excel, Word, PowerPoint, Visio, and SharePoint addressing RCE and information disclosure issues, especially through Preview Pane vectors.
Fixes affect Azure Virtual Machine Agent, Azure Arc, and High-Performance Compute Pack (HPC).
Multiple vulnerabilities in Hyper‑V and Virtual Hard Drive components, including privilege escalation and denial-of-service risks.
Patches applied to PowerShell, AutoZone, Windows Management Services and Capability Access Management, addressing local privilege escalation.
Updates cover SMB, SMBv3, MSMQ and Connected Devices Platform, with critical RCE and lateral movement vectors in enterprise environments.
Microsoft Edge (Chromium-based) updates, along with republished Chrome CVEs for continued coverage of known browser threats.
Remediation:
Apply Patches Promptly: Install the September 2025 security updates immediately to mitigate risks.
Conclusion:
Microsoft’s September 2025 Patch Tuesday addresses 86 vulnerabilities, including several critical and high rated issues across Windows, Office, Hyper-V and Azure components etc.
Notably, multiple flaws affect Windows Routing and Remote Access Service (RRAS), SQL Server, and Microsoft High Performance Compute Pack (HPC), with potential for remote code execution (RCE) and privilege escalation.
Microsoft fixed an elevation of privileges flaw in SMB Server that is exploited through relay attacks.
“SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks,” explains Microsoft.
References:
Summary : Microsoft’s June 2025 Patch Tuesday addresses a total of 67 vulnerabilities across its product ecosystem. Critical flaws in WebDAV, SMB, SharePoint and Remote Desktop Services highlight the urgency of installing this month’s updates.
| OEM | Microsoft |
| Severity | Critical |
| Date of Announcement | 2025-06-10 |
| No. of Vulnerabilities Patched | 67 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
These include multiple high-risk flaws and two zero-day vulnerabilities one actively exploited and one publicly disclosed affecting core components like Windows WebDAV and the SMB Client.
Breakdown of May 2025 Vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| WebDAV Remote Code Execution (Exploited in the wild) | CVE-2025-33053 | Windows | High | 8.8 |
| SMB Client Elevation of Privilege (Publicly disclosed) | CVE-2025-33073 | Windows | High | 8.8 |
Technical Summary
Two zero-day vulnerabilities in Microsoft’s ecosystem were addressed in June 2025. One of these, CVE-2025-33053, has been exploited in the wild and affects the deprecated but still present WebDAV component in Windows. The other, CVE-2025-33073, was publicly disclosed and affects the Windows SMB client, enabling attackers to elevate privileges.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-33053 | Windows 10,11 and Windows Server | WebDAV RCE triggered when a user clicks a malicious link. Exploited by APT group “Stealth Falcon.” Exploitation complexity is low. | Remote Code Execution |
| CVE-2025-33073 | Windows 10,11 and Windows Server | EoP flaw in SMB Client. Exploitation may occur by connecting to a malicious SMB server. Privilege elevation to SYSTEM is possible. | Elevation of Privilege |
Source: Microsoft and NVD
In addition to the zero-day vulnerabilities, several other critical and high-severity issues were addressed:
Remediation:
General Recommendations:
Conclusion:
Microsoft’s June 2025 Patch Tuesday addresses two important zero-day vulnerabilities, including an actively exploited RCE in WebDAV tracked as CVE-2025-33053.
Organizations should prioritize these patches to mitigate risk from real-world threats. The CVE-2025-33053 vulnerability has also been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, emphasizing its urgency.
References:
High-Severity SMB Server Flaws (CVE-2024-56626 & CVE-2024-56627) in Linux Kernel
Jordy Zomer, a Security researcher have recently discovered two critical vulnerabilities in KSMBD, the in-kernel SMB server for Linux. These vulnerabilities, CVE-2024-56626 and CVE-2024-56627, could allow attackers to gain control of vulnerable systems.
SUMMARY
| OEM | Linux |
| Severity | High |
| CVSS | 7.8 |
| CVEs | CVE-2024-56626, CVE-2024-56627 |
| Exploited in Wild | No |
| Publicly POC Available | Yes |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
These vulnerabilities affect Linux kernel versions greater than 5.15 and have been addressed in version 6.13-rc2. Proof-of-concept (PoC) exploits have been publicly released, emphasizing the critical nature of these issues.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Out-of-bounds write vulnerability in ksmbd. | CVE-2024-56626 | Linux | High | Linux kernel versions greater than 5.15 |
| Out-of-bounds read vulnerability in ksmbd. | CVE-2024-56627 | Linux | High | Linux kernel versions greater than 5.15 |
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-56626 | Linux Kernel | A vulnerability in ksmbd’s ksmbd_vfs_stream_write allowed negative offsets from clients, causing out-of-bounds writes and potential memory corruption. It was triggered when using vfs objects = streams_xattr in ksmbd.conf. The issue has been fixed in recent kernel updates. | Attackers can execute arbitrary code with kernel privileges |
| CVE-2024-56627 | Linux Kernel | A vulnerability in ksmbd’s ksmbd_vfs_stream_write allowed negative client offsets, enabling out-of-bounds writes and potential memory corruption. This issue occurred when the vfs objects = streams_xattr parameter was set in ksmbd.conf and has been resolved in recent kernel updates. | Attackers can read sensitive kernel memory, leading to information disclosure |
listed below
| Version | Fixes and Releases |
| kernel version > 5.15 | kernel version 6.13-rc2 |
The discovery of CVE-2024-56626 and CVE-2024-56627 highlights critical security flaws in the Linux kernel’s SMB server implementation. Given the availability of proof-of-concept exploits, immediate action is essential to protect systems from potential exploitation. Regularly updating systems and applying security patches are vital practices to maintain a secure environment.
Recent Comments