Microsoft patches 7.8-rated zero day in December Patch Tuesday

Microsoft has not officially assigned this a CVE, classifying it as a "feature" or "intended behavior" of URI schemes, which makes it a persistent risk in environments where outbound SMB and NTLM are not strictly restricted.

Microsoft Fixes Exploited Zero Day in Light Patch TuesdayJai Vijayan, Contributing WriterMicrosoft has addressed an exploited zero-day vulnerability in its latest Patch Tuesday release, alongside two additional flaws for which proof-of-concept exploit code has been made public. This marks a significant effort, with over 1,150 vulnerabilities patched within the year.https://https://lnkd.in/exqEq_CV

Decoding CVE-2025-54322: A Deep Dive into the XSpeeder SXZOS Pre-Auth RCE 0‑Day + Video Introduction: A critical zero-day vulnerability, tracked as CVE-2025-54322, was publicly disclosed, revealing a pre-authentication Remote Code Execution (RCE) flaw in XSpeeder SXZOS software. The exploit, which reportedly allows unauthenticated attackers to execute arbitrary code with high privileges, was acknowledged by major entities including Apple and Microsoft. This incident underscores the persistent threat of supply chain and network appliance vulnerabilities being weaponized before patches are available....

ICYMI: Microsoft has dropped its final #PatchTuesday of 2025, and it’s a significant one. Just in time for the holiday slowdown, 56 vulnerabilities have been fixed, admins are urged to patch up before signing off for the year. Stay safe and happy patching, #TeamNightwing Full breakdown 🔗: https://lnkd.in/eJ6ydQzk

Microsoft will pay awards to vulnerabilities in third-party or open source code if it impacts its own systems or products https://lnkd.in/gd9X6c8m

Operation PCPcat Exposed: How Hackers Hijacked 59,000 Nextjs Servers and Your Action Plan to Stop Them + Video Introduction: A large-scale, automated cyber-attack dubbed "Operation PCPcat" has successfully compromised over 59,000 Next.js application servers in a 48-hour window, exploiting critical Remote Code Execution (RCE) vulnerabilities. This campaign moves beyond data snooping to achieve full server takeover, deploying persistent backdoors and credential harvesters targeting environment files, cloud configurations, and SSH keys. This incident underscores the critical intersection of modern web framework security and robust server hardening....

🚨 Hackers Love December. Do You Know Why? 🚨 As the year ends, Microsoft has released the latest Windows cumulative update and Malicious Software Removal Tool. But here’s the catch: 📅 Many organizations enforce change freeze periods in December. ⚠️ Hackers know this—and often exploit unpatched systems during these weeks. ⏳ If you delay patching, you risk exposing your servers and damaging your organization’s reputation. ✅ What Smart Teams Do 👉Apply patches before the freeze period begins. 👉Review all KB articles to understand performance impact. 👉Test in staging before production rollout. 👉Document and communicate patch schedules clearly. 👉 Think smart, act fast. Timely patching isn’t just maintenance—it’s your frontline defence. Let’s step into the new year with secure, resilient environments. 💪 Note: Effective patch management is critical during year-end freeze periods. How is your team handling this challenge? Sharing insights can help us all create a more resilient environment. 👍

Attackers are exploiting a remote code execution vulnerability in React 19 to execute arbitrary code on servers, exposing organizations to immediate compromise. This enables attackers to gain initial access via a crafted request. Organizations must immediately patch React 19 and monitor for malicious activity, as this vulnerability enables attackers to gain initial access. 💥⚠️ #CyberNewsLive https://lnkd.in/exEB48T9

🚨 Microsoft patches critical BFS vulnerability (CVE-2025-29970) 🚨 The Brokering File System (bfs.sys), introduced for Win32 App Isolation, just got real attention. Researchers found a use-after-free flaw in BfsCloseStorage: improper cleanup of DirectoryBlockList exposes the system to privilege escalation risks. Why does it matter? BFS is a key security boundary for sandboxed apps. Exploitation is brutal (narrow timing window, token requirements), but local attackers with AppSilo tokens could weaponize this. Takeaway: ✅ Apply latest Windows updates immediately ✅ Review AppContainer/AppSilo isolation strategies ✅ Monitor IOCTL calls for BFS As Microsoft pushes deeper into app isolation, BFS drivers become prime targets. Defense = patch + proactive hardening. #CyberSecurity #Microsoft #CVE202529970 #PrivilegeEscalation #WindowsSecurity #DFIR #VulnerabilityManagement #AppIsolation #Infosec

Microsoft's 2025 Patch Tuesday exposed 1,246 CVEs, including 158 critical vulnerabilities, with 41 zero-days. Elevation of privilege and remote code execution flaws put organizations at heightened risk of compromise. Defenders should prioritize patching critical vulnerabilities, especially zero-days, to prevent immediate exploitation and lateral movement. 🛡️ #CyberNewsLive https://lnkd.in/e6Ck_6Fu