))
PortalFuse Weekly Security Update Report (Windows and Edge Edition) – January 14, 2025
Manage episode 461291140 series 3611991
内容由Kevin Kaminski提供。所有播客内容(包括剧集、图形和播客描述)均由 Kevin Kaminski 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
The January 2025 security updates address several critical vulnerabilities, categorized as follows:
Elevation of Privilege Vulnerabilities:
- CVE-2025-21378 (Windows CSC Service): Heap-based buffer overflow granting SYSTEM privileges.
- CVE-2025-21335 (Windows Hyper-V NT Kernel): Use-after-free condition affecting Hyper-V integration, compromising guest and host environments.
- CVE-2025-21265 & CVE-2025-21310 (Windows Digital Media): Vulnerabilities triggered by physical access and malicious USB drives, escalating privileges.
- CVE-2025-21275 (Windows App Package Installer): Allows bypassing restrictions to gain elevated privileges.
Other vulnerabilities include issues in the Microsoft Brokering File System and Windows Virtualization-Based Security.
Remote Code Execution (RCE) Vulnerabilities:
- CVE-2025-21298 (Windows OLE): Exploitable through crafted emails or documents to run arbitrary code.
- CVE-2025-21296 (BranchCache): Malicious code execution in local network setups.
- CVE-2025-21291 (Windows Direct Show): Exploits malformed media files to trigger RCE.
- CVE-2025-21289 (Windows Shell): Allows code execution through malicious scripts.
Additional RCE vulnerabilities could lead to significant damage if left unpatched.
Information Disclosure Vulnerabilities:
- CVE-2025-21319 (Windows Kernel Memory): Exposes sensitive memory details in logs.
- CVE-2025-21288 (Windows COM Server): Uninitialized COM resources leak heap memory.
- CVE-2025-21210 & CVE-2025-21214 (Windows BitLocker): Risk of exposing encryption keys through physical access or side-channel attacks.
Security Feature Bypass Vulnerabilities:
- CVE-2025-21299 (Windows Kerberos): Bypasses Windows Defender Credential Guard, gaining access to Kerberos tickets.
- CVE-2025-21340 (Windows Virtualization-Based Security): Bypasses hypervisor isolation.
- CVE-2025-21215 & CVE-2024-7344 (Secure Boot): Exploits in the boot process allowing attackers to tamper with security checks.
Denial of Service (DoS) Vulnerabilities:
- CVE-2025-21284 & CVE-2025-21280 (Windows Virtual TPM): Causes system crashes by exploiting the Virtual TPM.
- CVE-2025-21274 (Windows Event Tracing): Crashes logging services, allowing undetected attacks.
- CVE-2025-21207 (Windows Connected Devices Platform Service): Disables network-based device management, causing downtime.
Join us as we discuss the latest CVEs, how they affect you and how to stay protected!
12集单集
分享
