))
PortalFuse Weekly Security Update Report (Windows and Edge Edition) – January 14, 2025
Manage episode 461291140 series 3611991
Kevin Kaminski에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Kevin Kaminski 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
The January 2025 security updates address several critical vulnerabilities, categorized as follows:
Elevation of Privilege Vulnerabilities:
- CVE-2025-21378 (Windows CSC Service): Heap-based buffer overflow granting SYSTEM privileges.
- CVE-2025-21335 (Windows Hyper-V NT Kernel): Use-after-free condition affecting Hyper-V integration, compromising guest and host environments.
- CVE-2025-21265 & CVE-2025-21310 (Windows Digital Media): Vulnerabilities triggered by physical access and malicious USB drives, escalating privileges.
- CVE-2025-21275 (Windows App Package Installer): Allows bypassing restrictions to gain elevated privileges.
Other vulnerabilities include issues in the Microsoft Brokering File System and Windows Virtualization-Based Security.
Remote Code Execution (RCE) Vulnerabilities:
- CVE-2025-21298 (Windows OLE): Exploitable through crafted emails or documents to run arbitrary code.
- CVE-2025-21296 (BranchCache): Malicious code execution in local network setups.
- CVE-2025-21291 (Windows Direct Show): Exploits malformed media files to trigger RCE.
- CVE-2025-21289 (Windows Shell): Allows code execution through malicious scripts.
Additional RCE vulnerabilities could lead to significant damage if left unpatched.
Information Disclosure Vulnerabilities:
- CVE-2025-21319 (Windows Kernel Memory): Exposes sensitive memory details in logs.
- CVE-2025-21288 (Windows COM Server): Uninitialized COM resources leak heap memory.
- CVE-2025-21210 & CVE-2025-21214 (Windows BitLocker): Risk of exposing encryption keys through physical access or side-channel attacks.
Security Feature Bypass Vulnerabilities:
- CVE-2025-21299 (Windows Kerberos): Bypasses Windows Defender Credential Guard, gaining access to Kerberos tickets.
- CVE-2025-21340 (Windows Virtualization-Based Security): Bypasses hypervisor isolation.
- CVE-2025-21215 & CVE-2024-7344 (Secure Boot): Exploits in the boot process allowing attackers to tamper with security checks.
Denial of Service (DoS) Vulnerabilities:
- CVE-2025-21284 & CVE-2025-21280 (Windows Virtual TPM): Causes system crashes by exploiting the Virtual TPM.
- CVE-2025-21274 (Windows Event Tracing): Crashes logging services, allowing undetected attacks.
- CVE-2025-21207 (Windows Connected Devices Platform Service): Disables network-based device management, causing downtime.
Join us as we discuss the latest CVEs, how they affect you and how to stay protected!
40 에피소드
공유
