VULNERA Pulse

SimpleHelp — SimpleHelp

CVE-2024-57727 / Added: Feb. 13, 2025

HIGH CVSS 7.50 EPSS Score 31.38 EPSS Percentile 97.07

SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

Headlines

• Feb. 14, 2025 - U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
• Feb. 14, 2025 - PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
• Feb. 7, 2025 - Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
• Feb. 6, 2025 - Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
• Feb. 6, 2025 - SimpleHelp RMM flaws exploited to breach corporate networks
• Jan. 29, 2025 - Attackers exploit SimpleHelp RMM Software flaws for initial access
• Jan. 29, 2025 - Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
• Jan. 28, 2025 - Hackers exploiting flaws in SimpleHelp RMM to breach networks
• Jan. 28, 2025 - SimpleHelp RMM Vulnerabilities Exploited in Latest Cyberattack Campaign
• Jan. 20, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

Back to top ↑

Mitel — SIP Phones

CVE-2024-41710 / Added: Feb. 12, 2025

HIGH CVSS 7.20 EPSS Score 1.18 EPSS Percentile 85.13

Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Headlines

• Feb. 15, 2025 - U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
• Jan. 31, 2025 - Aquabotv3: The Mirai-Based Botnet Exploiting CVE-2024-41710 for DDoS Attacks
• Jan. 30, 2025 - New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
• Jan. 30, 2025 - New Aquabotv3 botnet malware targets Mitel command injection flaw
• Jan. 29, 2025 - Aquabot variant v3 targets Mitel SIP phones
• Jan. 29, 2025 - Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws
• Jan. 29, 2025 - Beware of DDoSes from Mirai-based botnet of Mitel phones

Back to top ↑

Apple — iOS and iPadOS

CVE-2025-24200 / Added: Feb. 12, 2025

MEDIUM CVSS 6.10 EPSS Score 1.04 EPSS Percentile 84.08

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Headlines

• Feb. 17, 2025 - ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
• Feb. 16, 2025 - Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged
• Feb. 15, 2025 - U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 11, 2025 - Apple Releases Urgent Patch for USB Vulnerability
• Feb. 11, 2025 - Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
• Feb. 11, 2025 - Apple fixes zero-day flaw exploited in "extremely sophisticated" attack (CVE-2025-24200)
• Feb. 11, 2025 - Apple Update Mitigates “Extremely Sophisticated” Zero-Day Exploit
• Feb. 10, 2025 - Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’
• Feb. 10, 2025 - Apple fixes zero-day exploited in 'extremely sophisticated' attacks
• Feb. 8, 2025 - UK Is Ordering Apple to Break Its Own Encryption

Back to top ↑

Zyxel — DSL CPE Devices

CVE-2024-40891 / Added: Feb. 11, 2025

HIGH CVSS 8.80 EPSS Score 4.13 EPSS Percentile 92.21

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

Headlines

• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - Swap EOL Zyxel routers, upgrade Netgear ones!
• Feb. 4, 2025 - Zyxel won’t patch newly exploited flaws in end-of-life routers
• Feb. 3, 2025 - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
• Feb. 2, 2025 - newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION
• Feb. 2, 2025 - Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers
• Jan. 31, 2025 - Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)
• Jan. 29, 2025 - Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
• Jan. 29, 2025 - Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
• Jan. 29, 2025 - Hackers exploit critical unpatched flaw in Zyxel CPE devices
• Jan. 29, 2025 - Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
• Jan. 29, 2025 - Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Back to top ↑

Zyxel — DSL CPE Devices

CVE-2024-40890 / Added: Feb. 11, 2025

HIGH CVSS 8.80 EPSS Score 4.13 EPSS Percentile 92.21

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Headlines

• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 5, 2025 - Swap EOL Zyxel routers, upgrade Netgear ones!
• Feb. 4, 2025 - Zyxel won’t patch newly exploited flaws in end-of-life routers
• Jan. 31, 2025 - Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)
• Jan. 29, 2025 - Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
• Jan. 29, 2025 - Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
• Jan. 29, 2025 - Hackers exploit critical unpatched flaw in Zyxel CPE devices
• Jan. 29, 2025 - Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
• Jan. 29, 2025 - Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Back to top ↑

Microsoft — Windows

CVE-2025-21418 / Added: Feb. 11, 2025

HIGH CVSS 7.80 EPSS Score 0.05 EPSS Percentile 22.91

Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Headlines

• Feb. 17, 2025 - ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
• Feb. 16, 2025 - Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged
• Feb. 12, 2025 - Microsoft Fixes Another Two Actively Exploited Zero-Days
• Feb. 12, 2025 - Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 12, 2025 - Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Critical Patches Issued for Microsoft Products, February 11, 2025
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

Back to top ↑

Microsoft — Windows

CVE-2025-21391 / Added: Feb. 11, 2025

HIGH CVSS 7.10 EPSS Score 0.09 EPSS Percentile 39.71

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.

Headlines

• Feb. 17, 2025 - ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
• Feb. 16, 2025 - Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged
• Feb. 12, 2025 - Microsoft Fixes Another Two Actively Exploited Zero-Days
• Feb. 12, 2025 - Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 12, 2025 - Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Critical Patches Issued for Microsoft Products, February 11, 2025
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

Back to top ↑

CVE-2024-1709

CRITICAL CVSS 10.00 EPSS Score 95.72 EPSS Percentile 99.59

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Feb. 21, 2024

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.

Vendor Impacted: Connectwise

Product Impacted: Screenconnect

Quotes

• A limited number of organizations
• In-hospital mortality increases by 35 - 41%
• There is not a lack of sophistication here, but a focus on agility and obtaining goals
• This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations
• This subgroup’s historical pattern of exploitation has also led to the compromise of globally diverse organizations that appear to have limited or no utility to Russia’s strategic interests. This pattern suggests the subgroup likely uses an opportunistic

Headlines

• Feb. 13, 2025 - Russia-linked APT Seashell Blizzard is behind the long-running global access operation BadPilot campaign
• Feb. 12, 2025 - Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
• Feb. 12, 2025 - Microsoft fingers Russia's Sandworm in US, UK attacks
• Feb. 12, 2025 - Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
• Feb. 12, 2025 - The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation |
• Feb. 11, 2025 - Cybercrime: A Multifaceted National Security Threat | Google Cloud Blog

CVE-2024-0012

CRITICAL CVSS 9.80 EPSS Score 97.03 EPSS Percentile 99.86

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Nov. 18, 2024

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability.

Vendors Impacted: Paloaltonetworks, Palo Alto Networks

Product Impacted: Pan-Os

Quotes

• A medium-sized software and services company in South Asia
• Palo Alto Networks is not aware of any malicious exploitation of this issue
• As we looked further into the architecture of the management interface, we suspected something was off, even post-patch
• During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks
• Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company
• The attacker then said administrative credentials were obtained from the company's intranet before stealing Amazon S3 cloud credentials from its Veeam server, using them to steal data from its S3 buckets before encrypting computers

Headlines

• Feb. 14, 2025 - Palo Alto Firewall Flaw (CVE-2025-0108): Active Exploits in the Wild, PoC Released
• Feb. 14, 2025 - Chinese spies suspected of ransomware side hustle
• Feb. 13, 2025 - Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware
• Feb. 13, 2025 - China-linked APTs' tool employed in RA World Ransomware attack
• Feb. 13, 2025 - Chinese espionage tools deployed in RA World ransomware attack
• Feb. 13, 2025 - RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
• Feb. 13, 2025 - PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

CVE-2024-55591

CRITICAL CVSS 9.80 EPSS Score 2.63 EPSS Percentile 90.30

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Jan. 14, 2025

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Vendor Impacted: Fortinet

Products Impacted: Fortios, Fortios And Fortiproxy, Fortiproxy

Quotes

• To gain a tunnel to the internal network.network
• Targeted and exploited by sophisticated threat actor attacks
• An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests

Headlines

• Feb. 12, 2025 - Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
• Feb. 12, 2025 - Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
• Feb. 11, 2025 - Attackers exploit a new zero-day to hijack Fortinet firewalls
• Feb. 11, 2025 - Fortinet warns of new zero-day exploited to hijack firewalls
• Feb. 11, 2025 - Fortinet discloses second firewall auth bypass patched in January

CVE-2024-53704

CRITICAL CVSS 9.80 EPSS Score 96.07 EPSS Percentile 99.65

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: Jan. 9, 2025

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Vendor Impacted: Sonicwall

Products Impacted: Nsa 5700, Nsa 2700, Tz570w, Tz670, Nssp 11700, Nssp 15700, Nsv 470, Sonicos, Tz370, Tz470w, Nssp 10700, Nsa 3700, Tz570, Nssp 13700, Tz470, Tz370w, Nsv 270, Tz270w, Nsv 870, Nsa 6700, Tz570p, Tz80, Nsa 4700, Tz270

Quotes

• Shortly after the PoC was made public
• Targeted and exploited by sophisticated threat actor attacks
• Shortly after the proof-of-concept was made public, Arctic Wolf began observing exploitation attempts of this vulnerability in the threat landscape
• We have identified a firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled, and that should be mitigated immediately by upgrading to the latest firmware

Headlines

• Feb. 14, 2025 - SonicWall firewalls under attack. Patch now
• Feb. 14, 2025 - SonicWall firewall bug targeted in attacks after PoC exploit release
• Feb. 14, 2025 - SonicWall firewall bug leveraged in attacks after PoC exploit release
• Feb. 12, 2025 - Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
• Feb. 11, 2025 - SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

CVE-2023-48788

CRITICAL CVSS 9.80 EPSS Score 96.82 EPSS Percentile 99.81

CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available

Published: March 12, 2024

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Vendor Impacted: Fortinet

Products Impacted: Forticlient Ems, Forticlient Enterprise Management Server

Quotes

• A limited number of organizations
• There is not a lack of sophistication here, but a focus on agility and obtaining goals
• This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations
• This subgroup’s historical pattern of exploitation has also led to the compromise of globally diverse organizations that appear to have limited or no utility to Russia’s strategic interests. This pattern suggests the subgroup likely uses an opportunistic

Headlines

• Feb. 13, 2025 - Russia-linked APT Seashell Blizzard is behind the long-running global access operation BadPilot campaign
• Feb. 12, 2025 - Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries
• Feb. 12, 2025 - Microsoft fingers Russia's Sandworm in US, UK attacks
• Feb. 12, 2025 - Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally
• Feb. 12, 2025 - The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation |

CVE-2025-21418

HIGH CVSS 7.80 EPSS Score 0.05 EPSS Percentile 22.91

CISA Known Exploited

Published: Feb. 11, 2025

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2022, Windows, Windows 11 23h2, Windows 10 22h2, Windows 11 24h2, Windows Server 2016, Windows 10 1809, Windows Server 2022 23h2, Windows 10 1607, Windows Server 2012, Windows 10 21h2, Windows Server 2019, Windows 11 22h2, Windows Server 2008, Windows Server 2025

Quotes

• More likely to be exploited
• An attacker would only be able to delete targeted files on a system
• Valuable to attackers as they allow them to disable security tooling, dump credentials, or move laterally across the network to exploit the increased access
• Requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token
• An authenticated user would need to run a specially-crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system
• At first glance, it ‘only’ allows deleting targeted files, yet the real power lies in pairing it with code execution to escalate privileges. It poses no threat to confidentiality but can strike hard at integrity and availability – leaving servers crippled if key data is removed

Headlines

• Feb. 12, 2025 - Microsoft Fixes Another Two Actively Exploited Zero-Days
• Feb. 12, 2025 - Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 12, 2025 - Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Critical Patches Issued for Microsoft Products, February 11, 2025
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

CVE-2025-21391

HIGH CVSS 7.10 EPSS Score 0.09 EPSS Percentile 39.71

CISA Known Exploited

Published: Feb. 11, 2025

Windows Storage Elevation of Privilege Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2022, Windows, Windows 11 23h2, Windows 10 22h2, Windows 11 24h2, Windows Server 2016, Windows 10 1809, Windows Server 2022 23h2, Windows 10 1607, Windows 10 21h2, Windows Server 2019, Windows 11 22h2, Windows 10 1507, Windows Server 2025

Quotes

• More likely to be exploited
• An attacker would only be able to delete targeted files on a system
• Valuable to attackers as they allow them to disable security tooling, dump credentials, or move laterally across the network to exploit the increased access
• Requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token
• An authenticated user would need to run a specially-crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system
• At first glance, it ‘only’ allows deleting targeted files, yet the real power lies in pairing it with code execution to escalate privileges. It poses no threat to confidentiality but can strike hard at integrity and availability – leaving servers crippled if key data is removed

Headlines

• Feb. 12, 2025 - Microsoft Fixes Another Two Actively Exploited Zero-Days
• Feb. 12, 2025 - Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
• Feb. 12, 2025 - U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
• Feb. 12, 2025 - Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Critical Patches Issued for Microsoft Products, February 11, 2025
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

CVE-2025-21194

HIGH CVSS 7.10 EPSS Score 0.05 EPSS Percentile 24.42

Risk Context N/A

Published: Feb. 11, 2025

Microsoft Surface Security Feature Bypass Vulnerability

Quotes

• An attacker would only be able to delete targeted files on a system
• Valuable to attackers as they allow them to disable security tooling, dump credentials, or move laterally across the network to exploit the increased access
• Requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token
• An authenticated user would need to run a specially-crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system

Headlines

• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

CVE-2025-21377

MEDIUM CVSS 6.50 EPSS Score 0.09 EPSS Percentile 41.14

Risk Context N/A

Published: Feb. 11, 2025

NTLM Hash Disclosure Spoofing Vulnerability

Vendor Impacted: Microsoft

Products Impacted: Windows Server 2022, Windows 11 23h2, Windows 10 22h2, Windows 11 24h2, Windows Server 2016, Windows 10 1809, Windows Server 2022 23h2, Windows 10 1607, Windows Server 2012, Windows 10 21h2, Windows Server 2019, Windows 11 22h2, Windows Server 2008, Windows 10 1507, Windows Server 2025

Quotes

• An attacker would only be able to delete targeted files on a system
• Valuable to attackers as they allow them to disable security tooling, dump credentials, or move laterally across the network to exploit the increased access
• Requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token
• An authenticated user would need to run a specially-crafted program that ends up executing code with SYSTEM privileges. That’s why these types of bugs are usually paired with a code execution bug to take over a system

Headlines

• Feb. 12, 2025 - Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 12, 2025 - Microsoft takes it easy on February's Patch Tuesday
• Feb. 11, 2025 - Microsoft's February Patch a Lighter Lift Than January's
• Feb. 11, 2025 - February Patch Tuesday delivers 57 packages
• Feb. 11, 2025 - Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
• Feb. 11, 2025 - Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

CVE-2025-24200

MEDIUM CVSS 6.10 EPSS Score 1.04 EPSS Percentile 84.08

CISA Known Exploited Remote Code Execution Public Exploits Available

Published: Feb. 10, 2025

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Vendor Impacted: Apple

Products Impacted: Ipados, Iphone Os, Ios And Ipados

Quotes

• Aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals
• There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption
• A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individual

Headlines

• Feb. 12, 2025 - Microsoft Patch Tuesday, February 2025 Edition –
• Feb. 11, 2025 - Apple Releases Urgent Patch for USB Vulnerability
• Feb. 11, 2025 - Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
• Feb. 11, 2025 - Apple fixes zero-day flaw exploited in "extremely sophisticated" attack (CVE-2025-24200)
• Feb. 11, 2025 - Apple Update Mitigates “Extremely Sophisticated” Zero-Day Exploit
• Feb. 10, 2025 - Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’
• Feb. 10, 2025 - Apple fixes zero-day exploited in 'extremely sophisticated' attacks
• Feb. 8, 2025 - UK Is Ordering Apple to Break Its Own Encryption