Latest news with #CVE2025
Forbes
06-07-2025
- Forbes
Microsoft Confirms Windows 11 Update Causes Security Firewall Error
Windows 11 uodate causes Firewall error messages, Microsoft has confirmed. Microsoft Windows updates: you can't live without them, but living with them can be tough at times. When high-severity vulnerabilities are uncovered, such as CVE-2025-33073, which can lead to Windows system takeover, updating is a security no-brainer. When vulnerabilities are of the zero-day variety and already subject to ongoing attacks, the need to update is even more critical. The problem that Microsoft has, however, is a history of fumbled update issues that have led to mass confusion at best, and at worst, problems like the startup loop of death that prevent users from being able to use their Windows machines. So, when yet another Windows update problem emerges, the user base heaves yet another sigh of exasperation. Here's what you need to know about the Windows 11 firewall configuration error, erm, error. Microsoft Windows Non-Security Update Leads To Misguided Security Concerns Windows 11 users are experiencing issues with a Firewall configuration error when using Windows Firewall with Advanced Security, following the June 26 KB5060829 Windows update. One simply cannot ignore the irony of a non-security update leading to security concerns. Microsoft has now confirmed that the issue is displayed within the Event Viewer under event 2024 for Windows Firewall With Advanced Security. The error appears, Microsoft said, 'as Config Read Failed with a message of More data is available.' This error is triggered every time the Windows device is restarted, Microsoft admitted. The good news in this mess of Microsoft's own making, is that the error 'can be safely ignored,' according to the Seattle tech behemoth. As it does 'not reflect an issue with Windows Firewall.' The Truth Behind Microsoft's Latest Windows Update Fumble So, what is actually going on, beyond the obvious update faux pas? Microsoft's July 2 update, erm, update, explains this error as being 'related to a feature that is currently under development and not fully implemented.' Oh well, that's OK then, and doesn't display any lack of proper validation of update integrity before release at all. I mean, it's good to know that the issue does not have any impact on or to Windows processes and that, as Microsoft has said, it is 'working on a resolution and will provide an update in an upcoming release,' but wouldn't it be better if these things were discovered before the update is made available to one and all? I have approached Microsoft for a statement.
Forbes
16-06-2025
- Forbes
Update Windows Now — Microsoft Confirms System Takeover Danger
CVE-2025-33073 can lead to system takeover, Microsoft has confirmed. Microsoft users are starting to get all too familiar with being advised to act now, as confirmation of security threat after security threat is made. A Windows secure boot bypass, and attacks exploiting vulnerabilities against Windows 10 and 11 users both require users to update now. That advice is all too clearly warranted as Microsoft has confirmed yet another Windows vulnerability that demands urgent update attention, and this one can lead to a system takeover. Here's what you need to know about CVE-2025-33073, and what you need to do. Hint: update Windows now! Attaining a Common Vulnerability Scoring System score of 8.8, considered a high severity risk, CVE-2025-33073 has been given an important severity rating by Microsoft itself. Such discrepancies are not unusual, as Microsoft applies several additional factors in arriving at its own assessment. None of which, however, should distract from the primary point here: this is a serious security vulnerability with serious consequences if successfully exploited by an attacker. 'An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,' Microsoft has confirmed. Although there is no evidence of exploitation in the wild as of yet, the vulnerability itself has been publicly exposed, so it's only a matter of time. 'To exploit this vulnerability,' Microsoft explained, 'an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.' 'Even though CVE-2025-33073 is referred by Microsoft as an elevation of privilege,' Wilfried Bécard and Guillaume André, security researchers at Synacktiv who were among those who disclosed the vulnerability, said, 'it is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing.' Semantics aside, what is important is that you follow the advice given at the very start of this article and update now. Microsoft has released a fix, as part of the June Patch Tuesday Windows security rollout, which not only applies the fix but, Bécard and André said, 'also removes the ability to coerce machines into authenticating via Kerberos by registering a DNS record with marshalled target information.'
Forbes
11-06-2025
- Forbes
Microsoft Issues Windows 10 And 11 Update As Attacks Already Underway
Microsoft issues security update as Windows attacks begin. Users of the Windows operating system, be that Windows 10, Windows 11 or any of the Windows Server variants, are used to reading Microsoft cyberattack warnings. Some warnings, however, are more critical than others. Whenever a Windows zero-day exploit is involved, then you really need to start paying close attention. These are the vulnerabilities that have not only been found by threat actors, but also exploited and are under attack already by the time that the vendor, in this case Microsoft, becomes aware of them. Microsoft, and by extension you, are then playing catch-up to get protected against the cyberattacks in question. Here's what you need to know about CVE-2025-33053 and what you need to do right now. Don't wait, update Windows right now. The June 10 Patch Tuesday security rollout has brought with it a few unwelcome surprises, as is often the case. None more so than CVE-2025-33053, which is not only a zero-day, in that it is already known to have been exploited by threat actors, but is also being leveraged widely by cyberattacks, and that's very worrying indeed for all Windows users. A Microsoft executive summary describes the threat from CVE-2025-33053 as 'external control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.' Or, in other words, a remote code execution vulnerability that can do some very bad things indeed. Tenable Research Special Operations has analyzed the threat, and Satnam Narang, the senior staff research engineer at Tenable, said that it has been confirmed in a Check Point Research report, a known threat group, Stealth Falcon, has 'launched a social engineering campaign to convince targets to open a malicious .url file, which would then exploit this vulnerability, giving them the ability to execute code.' That's problematical, as Narang explained, 'it is rare to hear of a zero-day reported during Patch Tuesday as being leveraged widely. We typically expect these types of zero-days to be used sparingly, with an intention to remain undetected for as long as possible.' All the more reason to get your systems updated as soon as possible. The attackers are not waiting, and neither should you. 'The advisory also has attack complexity as low,' Adam Barnett, lead software engineer at Rapid7, said, 'which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker's control.' Indeed, exploitation just requires a user to click on a malicious link, oh what a surprise. 'It's not clear how an asset would be immediately vulnerable if the service isn't running,' Barnett concluded, adding 'but all versions of Windows receive a patch.' You know what to do, go and do it know.
Forbes
03-06-2025
- Business
- Forbes
Google Issues Emergency Update For All 3 Billion Chrome Users
Update all browsers now. Google has suddenly released an emergency Chrome update, warning that a vulnerability discovered by its Threat Analysis Group has been used in attacks. Such is the severity of the risk, that Google also confirmed that ahead of this update, The issue 'was mitigated on 2025-05-28 by a configuration change' pushed out to all platforms. Google says it 'is aware that an exploit for CVE-2025-5419 exists in the wild,' and that full access to details on the vulnerability will 'be be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' CVE-2025-5419 is an out of bounds read and write in V8, the type of dangerous memory flaw typically found and fixed on the world's most popular browser. While it's only marked as high-severity, the fact attacks are underway means apply the fix is critical. There is already a U.S. government mandate for federal staff to update Chrome by Thursday or stop using the browser, after a separate attack warning. And there has been another high-severity fix since then, with two separate fixes. It is inevitable that this latest warning and update will also prompt CISA to issue a 21-day update mandate. There is a second fix included in this emergency update — CVE-2025-5068 is another memory issue, a 'use after free in Blink,' that was disclosed by an external researcher. NIST warns that CVE-2025-5419 'allows a remote attacker to potentially exploit heap corruption via a crafted HTML page,' and that it applies across Chromium, suggesting other browsers will also issue emergency patches. As usual, you should a flag on your browser that see the update has downloaded. You need to restart Chrome to ensure it takes full effect. All your normal tabs will then reopen — unless you elect not to do that. But your Incognito tabs will not reopen, so make sure you save any work or copy down any URLs you want to revisit.
Forbes
02-06-2025
- General
- Forbes
Linux Passwords Warning — 2 Critical Vulnerabilities, Millions At Risk
Beware this Linux password vulnerability. Although most critical security warnings that hit the headlines impact users of Microsoft's Windows operating systems, and occasionally Apple's iOS and macOS, Critical Linux security vulnerabilities are a much rarer occurrence. As news of not one, but two, such Linux vulnerabilities breaks, millions of users are advised that their passwords and encryption keys could be at risk of compromise. Here's what you need to know and do. When security experts from a renowned threat research unit discover not one, but two, critical local information disclosure vulnerabilities impacting millions of Linux users, it would be an understatement to say that this is a cause for concern. When those same security researchers develop proof of concepts for both vulnerabilities, across a handful of Linux operating systems, the concern level goes through the roof. The vulnerabilities, impacting the Ubuntu core-dump handler known as Apport, and Red Hat Enterprise Linux 9 and 10, plus Fedora, with the systemd-coredump handler, are both of the race-condition variety. Put simply, this is where event timing can cause errors or behaviours that are unexpected at best, critically dangerous at worst. The vulnerabilities uncovered by the Qualys threat research unit fall into the latter category. Exploiting CVE-2025-5054 and CVE-2025-4598, Saeed Abbasi, a manager with the Qualys TRU, said, could 'allow a local attacker to exploit a Set-User-ID program and gain read access to the resulting core dump.' Because both impacted tools are designed to deal with crash reporting, they are well-known targets for attackers looking to exploit vulnerabilities to access the data contained within those core dumps. Abbasi conceded that there are plenty of modern mitigations against such risk, including systems that direct core dumps to secure locations, for example, 'systems running outdated or unpatched versions remain prime targets,' for the newly disclosed vulnerabilities. Abbasi went on to warn that the successful exploitation of these Linux vulnerabilities could lead to the extraction of 'sensitive data, like passwords, encryption keys, or customer information from core dumps.' All users are urged to mitigate that risk by prioritizing patching and increasing access controls. Abbasi said that when it comes to the Apport vulnerability, Ubuntu 24.04 is affected, including all versions of Apport up to 2.33.0 and every Ubuntu release since 16.04. For the systemd-coredump, vulnerability, meanwhile, Abbasi warned that Fedora 40/41, Red Hat Enterprise Linux 9, and the recently released RHEL 10 are vulnerable. I have reached out to Canonical and Red Hat for a statement regarding the Linux password exposure threats.
