Microsoft<\/strong> this week pushed safety updates to repair greater than 60 vulnerabilities in its Home windows<\/strong> working programs and supported software program, together with not less than one zero-day bug that’s already being exploited. Microsoft additionally fastened a glitch that prevented some Home windows 10<\/strong> customers from benefiting from an additional 12 months of safety updates, which is good as a result of the zero-day flaw and different important weaknesses have an effect on all variations of Home windows, together with Home windows 10.<\/p>\n Affected merchandise this month embody the Home windows OS, Workplace<\/strong>, SharePoint<\/strong>, SQL Server<\/strong>, Visible Studio<\/strong>, GitHub Copilot<\/strong>, and Azure Monitor Agent<\/strong>. The zero-day risk issues a reminiscence corruption bug deep within the Home windows innards referred to as CVE-2025-62215<\/a>. Regardless of the flaw\u2019s zero-day standing, Microsoft has assigned it an \u201cnecessary\u201d score relatively than important, as a result of exploiting it requires an attacker to have already got entry to the goal\u2019s machine.<\/p>\n \u201cMost of these vulnerabilities are sometimes exploited as a part of a extra complicated assault chain,\u201d mentioned Johannes Ullrich<\/strong>, dean of analysis for the SANS Know-how Institute<\/strong>. \u201cNonetheless, exploiting this particular vulnerability is more likely to be comparatively simple, given the existence of prior comparable vulnerabilities.\u201d<\/p>\n Ben McCarthy<\/strong>, lead cybersecurity engineer at Immersive<\/strong>, referred to as consideration to CVE-2025-60274<\/a>, a important weak spot in a core Home windows graphic part (GDI+) that’s utilized by an enormous variety of functions, together with Microsoft Workplace, internet servers processing photographs, and numerous third-party functions.<\/p>\n \u201cThe patch for this ought to be a corporation\u2019s highest precedence,\u201d McCarthy mentioned. \u201cWhereas Microsoft assesses this as \u2018Exploitation Much less Doubtless,\u2019 a 9.8-rated flaw in a ubiquitous library like GDI+ is a important danger.\u201d<\/p>\n Microsoft patched a important bug in Workplace<\/strong> \u2014 CVE-2025-62199<\/a> \u2014 that may result in distant code execution on a Home windows system. Alex Vovk<\/strong>, CEO and co-founder of Action1<\/strong>, mentioned this Workplace flaw is a excessive precedence as a result of it’s low complexity, wants no privileges, and might be exploited simply by viewing a booby-trapped message within the Preview Pane.<\/p>\n Most of the extra regarding bugs addressed by Microsoft this month have an effect on Home windows 10, an working system that Microsoft formally ceased supporting with patches final month. As that deadline rolled round, nevertheless, Microsoft started providing Home windows 10 customers an additional 12 months of free updates, as long as they register their PC to an lively Microsoft account.<\/p>\n Judging from the feedback on final month\u2019s Patch Tuesday publish<\/a>, that registration labored for lots of Home windows 10 customers, however some readers reported the choice for an additional 12 months of updates was by no means provided. Nick Carroll<\/strong>, cyber incident response supervisor at Nightwing<\/strong>, notes that\u00a0Microsoft has just lately launched an out-of-band replace to deal with points when making an attempt to enroll<\/a> within the Home windows 10 Shopper Prolonged Safety Replace program.<\/p>\n \u201cIn case you plan to take part in this system, be sure you replace and set up KB5071959<\/a> to deal with the enrollment points,\u201d Carroll mentioned. \u201cAfter that’s put in, customers ought to be capable to set up different updates corresponding to right this moment\u2019s KB5068781 which is the newest replace to Home windows 10.\u201d<\/p>\n Chris Goettl<\/strong> at Ivanti <\/strong>notes that along with Microsoft updates right this moment, third-party updates from Adobe<\/strong> and Mozilla<\/strong> have already been launched. Additionally, an replace for Google Chrome<\/strong> is predicted quickly, which implies Edge<\/strong> may even be in want of its personal replace.<\/p>\n The\u00a0SANS Web Storm Middle<\/strong>\u00a0has a\u00a0clickable breakdown<\/a>\u00a0of every particular person repair from Microsoft, listed by severity and CVSS rating. Enterprise Home windows admins concerned in testing patches earlier than rolling them out ought to control\u00a0askwoody.com<\/a>, which regularly has the thin on any updates gone awry.<\/p>\n As at all times, please don\u2019t neglect to again up your information (if not your total system) at common intervals, and be happy to hold forth within the feedback in case you expertise issues putting in any of those fixes.<\/p>\n [Author\u2019s note: This post was intended to appear on the homepage on Tuesday, Nov. 11. I\u2019m still not sure how it happened, but somehow this story failed to publish that day. My apologies for the oversight.]<\/em><\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":" Microsoft this week pushed safety updates to repair greater than 60 vulnerabilities in its Home windows working programs and supported software program, together with not less than one zero-day bug that’s already being exploited. Microsoft additionally fastened a glitch that prevented some Home windows 10 customers from benefiting from an additional 12 months of safety […]<\/p>\n","protected":false},"author":2,"featured_media":8846,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[406,262,618,6057,1077,211,1078],"class_list":["post-8844","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-edition","tag-krebs","tag-microsoft","tag-november","tag-patch","tag-security","tag-tuesday"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/8844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8844"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/8844\/revisions"}],"predecessor-version":[{"id":8845,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/8844\/revisions\/8845"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/8846"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\")
<\/p>\n