Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
May 1, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans Related story: CISA Releases ...
- CISA Releases One Industrial Control Systems Medical Advisory
April 27, 2023
CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...
- Microsoft is busy rewriting core Windows code in memory-safe Rust
April 27, 2023
Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. David “dwizzle” Weston, director of OS security for Windows, announced the arrival of Rust in the operating system’s kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. Read more… Source: The Register
- Clop, LockBit ransomware gangs behind PaperCut server attacks
April 26, 2023
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer
- Cisco discloses XSS zero-day flaw in server management tool
April 26, 2023
Cisco disclosed today a zero-day vulnerability in the company’s Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks. This server management utility enables admins to perform migration or upgrade tasks on servers in their organization’s inventory. Read more… Source: Bleeping Computer
- Abuse of the Service Location Protocol May Lead to DoS Attacks
April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS ...