Summary

  • Redmond has released security updates to fix at least 67 of its Windows operating systems and software.
  • One of the flaws is already being exploited, with software blueprints for a pervasive Windows bug also now public.
  • The sole zero-day flaw this month affects the Windows implementation of WebDAV, an HTTP extension for remotely managing files and directories on a server.
  • While it’s not enabled by default in Windows, it still offers a relevant target.
  • Additionally, Microsoft warns that a Windows Server Message Block (SMB) client vulnerability is likely to be exploited due to it being publicly accessible and having a high CVSS risk score of 8.8.
  • This month’s notable patches also include fixes for ten “critical” Microsoft remote code execution flaws, and a fix for a newly discovered Windows Server 2025 weakness that lets attackers act with the privileges of any user in Active Domain.

By BrianKrebs

Original Article