![]() |
Description: Microsoft announced that it will drop support for the Remote Desktop app (available via the Microsoft Store) on May 27 and replace it with its new Windows App. [...]
March 11th, 2025 (3 months ago)
|
![]() |
Description: Microsoft has published guidance for users of Microsoft Publisher as it will no longer be supported after October 2026 and removed from Microsoft 365. [...]
March 10th, 2025 (3 months ago)
|
![]() |
Description: Written by: Dhanesh Kizhakkinan, Nino Isakovic
Executive Summary
This blog post presents an in-depth exploration of Microsoft's Time Travel Debugging (TTD) framework, a powerful record-and-replay debugging framework for Windows user-mode applications. TTD relies heavily on accurate CPU instruction emulation to faithfully replay program executions. However, subtle inaccuracies within this emulation process can lead to significant security and reliability issues, potentially masking vulnerabilities or misleading critical investigations—particularly incident response and malware analysis—potentially causing analysts to overlook threats or draw incorrect conclusions. Furthermore, attackers can exploit these inaccuracies to intentionally evade detection or disrupt forensic analyses, severely compromising investigative outcomes.Â
The blog post examines specific challenges, provides historical context, and analyzes real-world emulation bugs, highlighting the critical importance of accuracy and ongoing improvement to ensure the effectiveness and reliability of investigative tooling. Ultimately, addressing these emulation issues directly benefits users by enhancing security analyses, improving reliability, and ensuring greater confidence in their debugging and investigative processes.
Overview
We begin with an introduction to TTD, detailing its use of a sophisticated CPU emulation layer powered by the Nirvana runtime engine. Nirvana translates guest instructions into host-level mi...
March 10th, 2025 (3 months ago)
|
![]() |
Description: Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. [...]
March 10th, 2025 (3 months ago)
|
![]() |
March 10th, 2025 (3 months ago)
|
![]() |
Description: Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.
March 7th, 2025 (3 months ago)
|
CVE-2025-24043 |
[dotnet-sos] Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
WinDbg WinDbg
Package name
Affected version
Patched version
dotnet-sos
< 9.0.607501
9.0.607501
dotnet-dump
< 9.0.557512
9.0.607501
dotnet-debugger-extensions
9.0.557512
9.0.607601
Advisory FAQ
How do I know if I am affected?
If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.
How do I fix the issue?
To fix the issue please install the latest version of WinDbg.
If your application references the vulnerable package, update the package reference to the patched version.
Other Information
Reporting Security Issues
If you have found a potential security issue, please email details to [email protected]....
EPSS Score: 0.03%
March 7th, 2025 (3 months ago)
|
CVE-2025-24043 |
Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
WinDbg WinDbg
Package name
Affected version
Patched version
dotnet-sos
< 9.0.607501
9.0.607501
dotnet-dump
< 9.0.557512
9.0.607501
dotnet-debugger-extensions
9.0.557512
9.0.607601
Advisory FAQ
How do I know if I am affected?
If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.
How do I fix the issue?
To fix the issue please install the latest version of WinDbg.
If your application references the vulnerable package, update the package reference to the patched version.
Other Information
Reporting Security Issues
If you have found a potential security issue, please email details to [email protected]....
EPSS Score: 0.03%
March 7th, 2025 (3 months ago)
|
CVE-2025-24043 |
Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
WinDbg WinDbg
Package name
Affected version
Patched version
dotnet-sos
< 9.0.607501
9.0.607501
dotnet-dump
< 9.0.557512
9.0.607501
dotnet-debugger-extensions
9.0.557512
9.0.607601
Advisory FAQ
How do I know if I am affected?
If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.
How do I fix the issue?
To fix the issue please install the latest version of WinDbg.
If your application references the vulnerable package, update the package reference to the patched version.
Other Information
Reporting Security Issues
If you have found a potential security issue, please email details to [email protected]....
EPSS Score: 0.03%
March 7th, 2025 (3 months ago)
|
![]() |
Description: Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information.
The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors
March 7th, 2025 (3 months ago)
|