network-security

Microsoft’s September Patch Tuesday delivered a broad, operationally important set of security updates on September 9, 2025, covering Windows, Microsoft Office, SQL Server and related platform components — with industry trackers reporting roughly 80–86 CVEs patched and several high‑priority...

Microsoft’s Security Response Center lists CVE-2025-54095 as an out-of-bounds read in the Windows Routing and Remote Access Service (RRAS) that can disclose memory contents to a remote attacker over the network. (msrc.microsoft.com) Background / Overview Routing and Remote Access Service (RRAS)...

Microsoft has added built‑in auditing to help administrators safely roll out two proven SMB server hardening features—SMB Server signing and SMB Server Extended Protection for Authentication (EPA)—so that organizations can discover compatibility gaps before they require those hardening controls...

Microsoft confirmed that parts of its Azure cloud experienced increased latency and routing disruption after multiple undersea fiber-optic cables in the Red Sea were damaged, forcing traffic to be rerouted through longer, less direct paths and raising fresh questions about the fragility of...

CISA’s KEV catalog grew again this week with the addition of two high‑risk router flaws tied to active exploitation, underscoring an uncomfortable reality for IT teams: inexpensive consumer and small‑office routers remain a prime target for adversaries and can pose outsized risk to enterprise...

Windows 11 gives enthusiasts a stronger baseline, but a Virtual Private Network (VPN) remains the most practical way to extend that protection across networks, locations, and services—turning a secure machine into a truly private and travel‑ready workspace. Overview Microsoft has repeatedly...

August’s security headlines were dominated by a clutch of high-impact flaws — from archive utilities and consumer networking gear to enterprise-grade management consoles and cloud AI services — that together made rapid triage and patching unavoidable for defenders. Background The August 2025...

Urgent: What CVE-2025-55229 Means for Windows — A Deep Dive for Admins and Power Users By WindowsForum.com Staff Reporter — August 21, 2025 Summary — quick take Microsoft has published a vulnerability tracked as CVE-2025-55229 that affects Windows certificate handling: an improper verification...

Cisco has pushed an urgent patch for a maximum‑severity remote code execution flaw in its Secure Firewall Management Center (FMC) software that allows an unauthenticated attacker to inject and execute arbitrary shell commands on affected appliances when RADIUS authentication is enabled for...

Siemens’s RUGGEDCOM CROSSBOW Station Access Controller (SAC) has been identified as vulnerable to multiple memory‑corruption flaws in the embedded SQLite component that—if left unpatched—could allow remote attackers to crash devices or execute arbitrary code; Siemens recommends updating affected...

On August 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), together with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA) and several international partners, published detailed guidance aimed at helping...

Microsoft’s advisory for CVE-2025-53719 describes an information‑disclosure bug in the Windows Routing and Remote Access Service (RRAS) caused by the use of an uninitialized resource, and administrators should treat any RRAS host exposed to untrusted networks as high priority for inspection and...

Title: New LSASS DoS (CVE-2025-53716) — What admins need to know now By WindowsForum.com security desk — August 12, 2025 Summary A null-pointer dereference vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) — tracked as CVE-2025-53716 in Microsoft’s Security Update...

Microsoft has published an advisory for CVE-2025-50169, a race-condition flaw in the Windows SMB implementation that Microsoft says can allow an unauthorized attacker to execute code over a network by exploiting concurrent access to a shared resource with improper synchronization. The...

Title: CVE-2025-50162 — RRAS Heap-Based Buffer Overflow: What Windows admins need to know (deep-dive, triage & hardening guide) Summary (TL;DR) A heap-based buffer overflow has been disclosed in Microsoft’s Routing and Remote Access Service (RRAS) allowing remote code execution on affected...

A critical heap-based buffer overflow in the Windows Routing and Remote Access Service (RRAS) — tracked as CVE-2025-50160 by Microsoft — allows an attacker who can reach a vulnerable RRAS instance over the network to achieve remote code execution in the context of the service, with the potential...