Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers
May 6, 2021
Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers. In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by ...
- US Department of Defense expands its bug hunting programme to networks, IoT and more
May 5, 2021
The US Department of Defense (DOD) has significantly expanded its bug bounty program to all publicly accessible information systems, including not just websites but also networks, frequency-based communication, Internet of Things, and industrial control systems. The DoD bug bounty, which is overseen by the DoD’s Cyber Crime Center (DC3), is now much broader than the “Hack ...
- Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
May 5, 2021
Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code and pivot to other parts of the network for lateral movement, according to ...
- PoC exploit released for Microsoft Exchange bug dicovered by NSA
May 3, 2021
Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Read more… Source: Bleeping Computer
- iOS 14.5.1 update includes security fixes for actively exploited bugs
May 3, 2021
Apple on Monday released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad lineup. The update comes just a week after iOS 14.5 and iPadOS 14.5 were officially released, but there’s a good reason for the back-to-back updates: It includes a fix for two security issues that, according to Apple, are actively being used. According ...
- Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
May 3, 2021
Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior ...