The PortalFuse Microsoft Intune and Security Report Podcast

The January 2025 security updates address several critical vulnerabilities, categorized as follows:
Elevation of Privilege Vulnerabilities:
CVE-2025-21378 (Windows CSC Service): Heap-based buffer overflow granting SYSTEM privileges.
CVE-2025-21335 (Windows Hyper-V NT Kernel): Use-after-free condition affecting Hyper-V integration, compromising guest and host environments.
CVE-2025-21265 & CVE-2025-21310 (Windows Digital Media): Vulnerabilities triggered by physical access and malicious USB drives, escalating privileges.
CVE-2025-21275 (Windows App Package Installer): Allows bypassing restrictions to gain elevated privileges.
Other vulnerabilities include issues in the Microsoft Brokering File System and Windows Virtualization-Based Security.
Remote Code Execution (RCE) Vulnerabilities:
CVE-2025-21298 (Windows OLE): Exploitable through crafted emails or documents to run arbitrary code.
CVE-2025-21296 (BranchCache): Malicious code execution in local network setups.
CVE-2025-21291 (Windows Direct Show): Exploits malformed media files to trigger RCE.
CVE-2025-21289 (Windows Shell): Allows code execution through malicious scripts.
Additional RCE vulnerabilities could lead to significant damage if left unpatched.
Information Disclosure Vulnerabilities:
CVE-2025-21319 (Windows Kernel Memory): Exposes sensitive memory details in logs.
CVE-2025-21288 (Windows COM Server): Uninitialized COM resources leak heap memory.
CVE-2025-21210 & CVE-2025-21214 (Windows BitLocker): Risk of exposing encryption keys through physical access or side-channel attacks.
Security Feature Bypass Vulnerabilities:
CVE-2025-21299 (Windows Kerberos): Bypasses Windows Defender Credential Guard, gaining access to Kerberos tickets.
CVE-2025-21340 (Windows Virtualization-Based Security): Bypasses hypervisor isolation.
CVE-2025-21215 & CVE-2024-7344 (Secure Boot): Exploits in the boot process allowing attackers to tamper with security checks.
Denial of Service (DoS) Vulnerabilities:
CVE-2025-21284 & CVE-2025-21280 (Windows Virtual TPM): Causes system crashes by exploiting the Virtual TPM.
CVE-2025-21274 (Windows Event Tracing): Crashes logging services, allowing undetected attacks.
CVE-2025-21207 (Windows Connected Devices Platform Service): Disables network-based device management, causing downtime.
Join us as we discuss the latest CVEs, how they affect you and how to stay protected!

As the holiday season approaches we managed to break the reports after adding some additional functionality to our AI model. A week late we bring you the final PortalFuse Weekly Security Update of 2024 as no CVEs were detected for this week.
This week’s report focuses on critical vulnerabilities affecting Microsoft Edge, derived from the Chromium Open Source Software (OSS). Let us dive into the details and ensure your systems are secure during this festive period.
Overview of This Week’s CVEs
CVE-2024-12695: Out of Bounds Write in V8
Impact: This critical vulnerability in the V8 JavaScript engine affects Microsoft Edge (Chromium-based).
Details: The vulnerability allows an out-of-bounds write, potentially enabling attackers to execute arbitrary code in the context of the current user. The root cause lies in Chromium’s memory handling.
Fix: Addressed in Microsoft Edge version 131.0.2903.112, released on December 19, 2024.
Recommendation: System administrators should update to this version immediately to mitigate the risk.
Additional Information: Refer to Google Chrome Releases for more details.
CVE-2024-12694: Use After Free in Compositing
Impact: A critical vulnerability in the Compositing feature of Microsoft Edge (Chromium-based).
Details: This vulnerability could be exploited by attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation.
Fix: Addressed in Microsoft Edge version 131.0.2903.112.
Recommendation: Update your Microsoft Edge installations promptly.
Additional Information: Refer to Google Chrome Releases.
CVE-2024-12693: Out of Bounds Memory Access in V8
Impact: A critical vulnerability due to out-of-bounds memory access in the V8 engine.
Details: This issue could allow attackers to execute arbitrary code. It originates from Chromium’s codebase utilized by Microsoft Edge.
Fix: Resolved in Microsoft Edge version 131.0.2903.112.
Recommendation: Ensure your systems are updated to the latest version.
Additional Information: See Google Chrome Releases.
CVE-2024-12692: Type Confusion in V8
Impact: A critical vulnerability in the V8 JavaScript engine, stemming from type confusion issues.
Details: Exploitation could allow arbitrary code execution, with significant security implications.
Fix: Fixed in Microsoft Edge version 131.0.2903.112.
Recommendation: Apply the update immediately to secure your environment.
Additional Information: Consult Google Chrome Releases.
This week’s report highlights four critical vulnerabilities affecting Microsoft Edge, all stemming from Chromium’s codebase. The vulnerabilities include memory handling issues such as out-of-bounds writes, use-after-free conditions, and type confusion, all of which could lead to arbitrary code execution. These issues were promptly addressed with updates to Microsoft Edge version 131.0.2903.112. While serious, they are standard for high-impact CVEs and demonstrate the ongoing need for vigilance in software maintenance.
For more information, you can access the full report or listen to our audio podcast summarizing this week’s updates. 
Conclusion
This week’s vulnerabilities emphasize the critical need for prompt action in applying updates and addressing software flaws to maintain a robust security posture. Microsoft Edge version 131.0.2903.112 addresses all the listed CVEs, making it essential to update immediately.
Thank you for following our weekly updates throughout 2024. As we close the year, we wish you a Merry Christmas for your friends and family! Stay secure and enjoy the festivities.

A quiet week so far for the holidays. Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week.
Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week. These vulnerabilities underscore the importance of timely updates to ensure system security and user safety. With these fixes in place, users can mitigate significant risks posed by these flaws.
CVE-2024-12382 Use After Free in Translate
Vulnerability Description: This flaw affects the Translate feature in Microsoft Edge, which is built on Chromium OSS. An attacker exploiting this vulnerability could execute arbitrary code within the context of the current user. The issue arises from improper memory management.
Resolution: Microsoft has addressed this vulnerability in Edge version 131.0.2903.99, released on December 12, 2024. The update aligns with Chromium’s fixes, ensuring system integrity.
Action Required: System administrators should prioritize updating to this version of Microsoft Edge immediately. For further details, refer to the Microsoft Edge Security Release Notes.
CVE-2024-12381 Type Confusion in V8
Vulnerability Description: This type confusion vulnerability in Chromium’s V8 JavaScript engine could enable an attacker to execute arbitrary code. As with CVE-2024-12382, this issue impacts Microsoft Edge due to its dependency on Chromium OSS.
Resolution: The fix was incorporated in the same Edge release (version 131.0.2903.99) on December 12, 2024.
Action Required: Ensure all systems using Microsoft Edge are updated to version 131.0.2903.99 to mitigate risks.
Both vulnerabilities illustrate the interconnected nature of software ecosystems like Chromium-based browsers. Proactive updates are critical in minimizing exposure to such risks.
 
We then turn to another significant development—the resolution of issues with WPF applications using IMEs. We also cover open issues with dual boot Linux systems and the WinApp SDK.
Give us a few minutes of your time to get the latest updates for Edge.

Welcome to "Addressing Critical CVEs: Enhancing System Security," your go-to podcast for the latest system vulnerabilities and security patch updates. In this episode, we delve into Microsoft's December 2024 updates, which tackle a range of critical vulnerabilities, from remote code execution to elevation of privilege and denial of service.
Remote Code Execution: This week, we explore several Remote Code Execution (RCE) vulnerabilities that highlight the increasing sophistication of exploits targeting core system services. Notable patches include:
CVE-2024-49132: A Windows Remote Desktop Services RCE vulnerability caused by a race condition, allowing attackers to execute arbitrary code remotely without user interaction.
CVE-2024-49127: An LDAP RCE vulnerability that lets attackers execute code within SYSTEM context.
CVE-2024-49122: An MSMQ RCE vulnerability enabling remote code execution via crafted MSMQ packets.
Elevation of Privilege: We also discuss Elevation of Privilege (EoP) vulnerabilities, which are increasingly targeting local privilege escalation pathways. Key patches include:
CVE-2024-49114: A Cloud Files Mini Filter Driver vulnerability allowing SYSTEM level privilege escalation.
CVE-2024-49111: A WwanSvc vulnerability exploitable for sensitive resource access.
CVE-2024-49088: A Windows Common Log File System Driver vulnerability enabling privilege escalation through buffer over-read flaws.
Denial of Service: Closing out 2024, we address Denial of Service (DoS) vulnerabilities, particularly those exploiting directory-related services like LDAP. Critical patches include:
CVE-2024-49121: An LDAP DoS vulnerability interrupting directory lookups and authentication.
CVE-2024-49113: An out-of-bounds read vulnerability in LDAP causing resource exhaustion.
CVE-2024-49126: A Windows Defender DoS vulnerability leading to resource exhaustion and system crashes.
Key KB Articles: We transition to the Knowledge Base (KB) articles that provide crucial context for applying these fixes. Highlights include:
KB5048703: Enhances security within the Windows 10 ecosystem.
KB5048652: Focuses on improving stability for Windows 10 Version 22H2.
KB5048794: Enhances performance and stability for Windows 11 enterprise environments.
KB5048685: Applies to Windows 11 Enterprise and Education versions, addressing vulnerabilities in the OpenSSH subsystem and improving GPU-intensive task performance.
Wrapping Up: As we transition into 2025, prioritizing regular patch management, vulnerability assessments, and staying informed about emerging threats will be crucial for ensuring robust IT infrastructure resilience.
Thank you for tuning in to this Patch Tuesday report. Your dedication to securing systems is appreciated. Wishing you a secure and Merry Christmas from everyone at PortalFuse to you and your family!

This week’s updates balance critical fixes with quality-of-life improvements. By staying informed and proactively addressing vulnerabilities, you’re not only securing your systems but also laying a foundation for smoother operations as the year ends.
Let us know if this breakdown resonates with you or if you’d like deeper dives into specific topics. Stay secure and see you next week!

This week’s report includes nine new CVEs related to Microsoft Edge, all of which have been addressed in the latest version (131.0.2903.48) released on November 19, 2024. The vulnerabilities range from inappropriate implementation issues to insufficient policy enforcement and arbitrary code execution. Additionally, several key known issues impacting Windows 10 and 11 are currently under investigation. Be sure to review the details below to understand their impact on your environment.

Welcome to the PortalFuse Patch Tuesday blog post for November 2024!
As always, this report brings the latest and most critical security updates from Microsoft to help system administrators and security professionals keep their environments secure. The updates this month cover a wide range of vulnerabilities, impacting various Microsoft products and services, including Windows, Microsoft Edge, and Windows Server. Below, we'll break down the key vulnerabilities by impact and exploitation complexity, so you can quickly grasp which areas need your immediate attention.
You can read the full report here.

Welcome to this week’s PortalFuse Weekly Security Update Report. This briefing provides an overview of the latest patch and security developments for Microsoft Windows and Edge. It has been a relatively quiet week for Windows and Edge, but some rumors swirled around issues affecting Microsoft Server with an upgrade being classified as an update. No rest for the weary! Our goal and scope here is Windows and Edge to ensure you have the essential information needed to keep your systems secure and running smoothly.
https://portalfuse.io/blog/portalfuse-weekly-security-update-report-windows-and-edge-edition-november-5-2024

This weekly briefing highlights the key vulnerabilities addressed in Microsoft Edge during October 16-22, 2024. System administrators are encouraged to review this summary, which categorizes the vulnerabilities by type and severity, and to take appropriate action to ensure their systems are up to date.

Welcome to this week’s security briefing on critical updates for Microsoft Windows and Edge. This edition focuses on six vulnerabilities, including two newly identified ones. Key risks include remote code execution (RCE) and elevation of privilege vulnerabilities, with solutions detailed to assist system administrators in prioritizing immediate action.