Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Microsoft announced that it will drop support for the Remote Desktop app (available via the Microsoft Store) on May 27 and replace it with its new Windows App. [...]
Source: BleepingComputer
March 11th, 2025 (3 months ago)
Description: Microsoft has published guidance for users of Microsoft Publisher as it will no longer be supported after October 2026 and removed from Microsoft 365. [...]
Source: BleepingComputer
March 10th, 2025 (3 months ago)
Description: Written by: Dhanesh Kizhakkinan, Nino Isakovic Executive Summary This blog post presents an in-depth exploration of Microsoft's Time Travel Debugging (TTD) framework, a powerful record-and-replay debugging framework for Windows user-mode applications. TTD relies heavily on accurate CPU instruction emulation to faithfully replay program executions. However, subtle inaccuracies within this emulation process can lead to significant security and reliability issues, potentially masking vulnerabilities or misleading critical investigations—particularly incident response and malware analysis—potentially causing analysts to overlook threats or draw incorrect conclusions. Furthermore, attackers can exploit these inaccuracies to intentionally evade detection or disrupt forensic analyses, severely compromising investigative outcomes.  The blog post examines specific challenges, provides historical context, and analyzes real-world emulation bugs, highlighting the critical importance of accuracy and ongoing improvement to ensure the effectiveness and reliability of investigative tooling. Ultimately, addressing these emulation issues directly benefits users by enhancing security analyses, improving reliability, and ensuring greater confidence in their debugging and investigative processes. Overview We begin with an introduction to TTD, detailing its use of a sophisticated CPU emulation layer powered by the Nirvana runtime engine. Nirvana translates guest instructions into host-level mi...
Source: Google Threat Intelligence
March 10th, 2025 (3 months ago)
Description: Microsoft has removed a compatibility hold that prevented some AutoCAD users from installing the Windows 11 2024 Update due to launch and crash issues. [...]
Source: BleepingComputer
March 10th, 2025 (3 months ago)
Description: Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.
Source: Dark Reading
March 7th, 2025 (3 months ago)

CVE-2025-24043

Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346 Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. Affected Packages The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below WinDbg WinDbg Package name Affected version Patched version dotnet-sos < 9.0.607501 9.0.607501 dotnet-dump < 9.0.557512 9.0.607501 dotnet-debugger-extensions 9.0.557512 9.0.607601 Advisory FAQ How do I know if I am affected? If you you are using the affected version listed in affected packages, you're exposed to the vulnerability. How do I fix the issue? To fix the issue please install the latest version of WinDbg. If your application references the vulnerable package, update the package reference to the patched version. Other Information Reporting Security Issues If you have found a potential security issue, please email details to [email protected]....

EPSS Score: 0.03%

Source: Github Advisory Database (Nuget)
March 7th, 2025 (3 months ago)

CVE-2025-24043

Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346 Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. Affected Packages The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below WinDbg WinDbg Package name Affected version Patched version dotnet-sos < 9.0.607501 9.0.607501 dotnet-dump < 9.0.557512 9.0.607501 dotnet-debugger-extensions 9.0.557512 9.0.607601 Advisory FAQ How do I know if I am affected? If you you are using the affected version listed in affected packages, you're exposed to the vulnerability. How do I fix the issue? To fix the issue please install the latest version of WinDbg. If your application references the vulnerable package, update the package reference to the patched version. Other Information Reporting Security Issues If you have found a potential security issue, please email details to [email protected]....

EPSS Score: 0.03%

Source: Github Advisory Database (Nuget)
March 7th, 2025 (3 months ago)

CVE-2025-24043

Description: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346 Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. Affected Packages The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below WinDbg WinDbg Package name Affected version Patched version dotnet-sos < 9.0.607501 9.0.607501 dotnet-dump < 9.0.557512 9.0.607501 dotnet-debugger-extensions 9.0.557512 9.0.607601 Advisory FAQ How do I know if I am affected? If you you are using the affected version listed in affected packages, you're exposed to the vulnerability. How do I fix the issue? To fix the issue please install the latest version of WinDbg. If your application references the vulnerable package, update the package reference to the patched version. Other Information Reporting Security Issues If you have found a potential security issue, please email details to [email protected]....

EPSS Score: 0.03%

Source: Github Advisory Database (Nuget)
March 7th, 2025 (3 months ago)
Description: Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors
Source: TheHackerNews
March 7th, 2025 (3 months ago)