Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them.
The four vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Monday are: CVE-2025-60710, a link-following vulnerability in Windows that allows privilege escalation. After initially disclosing this bug in November 2025, Redmond fully fixed it a month later. CVE-2023-36424, a Windows Common Log File System Driver flaw that allows privilege escalation. Microsoft patched this one in November 2023.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Linux vulnerable to privilege escalation
October 15, 2017
An advisory from Cisco issued last Friday, October 13th, gave us the heads-up on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The bug is designated CVE-2017-15265, but its Mitre entry was still marked “reserved” at the time of writing. Cisco, however, had this to say about it before release: “The vulnerability is due to a use-after-free ...
- Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold
October 6, 2017
Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack. Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows ...
- Emergency Apple Patch Fixes High Sierra Password Hint Leak
October 6, 2017
Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said that upon creation of an encrypted container in APFS—Apple’s new ...
- Apache Tomcat Patches Important Remote Code Execution Flaw
October 5, 2017
The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, ...
- Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software
October 2, 2017
Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it. Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, ...
- Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks
September 29, 2017
“Always keep your operating system and software up-to-date.” This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks. However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your ...