windows

CVE-2025-50165: Windows Graphics Component Flaw

CVE-2025-50165 is a critical remote code execution flaw in the Windows Graphics Component, specifically in windowscodecs.dll. It allows an attacker to exploit Windows systems via a malicious JPEG image embedded in standard documents. The vulnerability affects recent versions of Windows, including Server 2025 and Windows 11 24H2, but was patched by Microsoft in August 2025. Users are advised to apply the updates immediately. Zscaler ThreatLabz has also released protection for this vulnerability.

https://www.zscaler.com/blogs/security-research/cve-2025-50165-critical-flaw-windows-graphics-component

DanaBot Malware Is Back to Infecting Windows After 6-month Break

DanaBot malware returns after 6-month hiatus, with version 669 using Tor for command-and-control. It's a banking trojan evolved into an info stealer, disrupted by law enforcement in May but now active again. It targets credentials and cryptocurrency data via nefarious emails and malvertising. Organizations can mitigate risks by updating security tools and blocking new threats identified by Zscaler.

https://www.bleepingcomputer.com/news/security/danabot-malware-is-back-to-infecting-windows-after-6-month-break/

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

Microsoft released an out-of-band security update for a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Service. CISA urges organizations to identify vulnerable servers, apply the update, and reboot. If immediate application isn't possible, disable WSUS or block ports 8530/8531. The vulnerability is now in CISA's Known Exploited Vulnerabilities Catalog. Report incidents to CISA's Operations Center.

https://www.cisa.gov/news-events/alerts/2025/10/24/microsoft-releases-out-band-security-update-mitigate-windows-server-update-service-vulnerability-cve

Microsoft Patches Windows to Eliminate Secure Boot Bypass Threat

Microsoft patched a Secure Boot vulnerability (CVE-2024-7344) that allowed attackers with privileged access to bypass protections and load malicious firmware. This threat persisted for over seven months and affected various recovery software. While Microsoft removed the vulnerable digital signatures in a recent update, it remains unclear if Linux systems were also impacted. Concerns have been raised about the safety of third-party UEFI apps.

https://arstechnica.com/security/2025/01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/

Windows 11 Bitlocker Encryption Bypassed to Extract Volume Encryption Keys

Researchers have bypassed Windows 11's BitLocker encryption, extracting Full Volume Encryption Keys (FVEKs) from RAM during physical access attacks. This vulnerability arises from capturing memory contents during system operation, allowing key retrieval. Techniques, such as maintaining power to RAM, are used to prevent data loss during attacks. Secure Boot, while protective, has known bypass methods. Key extraction involves creating a bootable USB, restarting the system, and analyzing memory dumps for sensitive data. Despite Microsoft's security measures, residual keys can remain in memory, emphasizing that no encryption is entirely secure against physical access. Users should enhance hardware security and organizations should improve physical access controls.

Windows 11 BitLocker Encryption Bypassed To Extract Volume Encryption Keys

Scroll to Top