Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation - Related to microsoft’s, patch, including, active, 63
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning end-clients that attackers could exploit them to gain elevated access or obtain sensitive information.
The list of identified flaws, which impact versions [website] of the software, is below -.
CVE-2025-22218 (CVSS score: [website] - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs.
(CVSS score: [website] - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs CVE-2025-22219 (CVSS score: [website] - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack.
(CVSS score: [website] - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack CVE-2025-22220 (CVSS score: [website] - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
(CVSS score: [website] - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user CVE-2025-22221 (CVSS score: [website] - A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
(CVSS score: [website] - A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration CVE-2025-22222 (CVSS score: [website] - A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
Security researchers Maxime Escourbiac from Michelin CERT, and Yassine Bengana and Quentin Ebel from Abicom and part of the Michelin CERT team for detecting and reporting the flaws. It's worth noting that the same team spotted two other shortcomings in the same product (CVE-2024-38832 and CVE-2024-38833) in late November 2024.
All the aforementioned vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs version [website] The virtualization services provider makes no mention of these issues being exploited in the wild.
The advisory comes days after Broadcom warned of a high-severity security flaw in VMware Avi Load Balancer (CVE-2025-22217, CVSS score: [website] that could be weaponized by malicious actors to gain database access.
Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an addit......
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the business's Remote Support SaaS in......
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.
CVE-2024-38657 (CVSS score: [website] - External control of a file name in Ivanti Connect Secure before version [website] and Ivanti Policy Secure before version [website] allows a remote authenticated attacker with admin privileges to write arbitrary files.
(CVSS score: [website] - External control of a file name in Ivanti Connect Secure before version [website] and Ivanti Policy Secure before version [website] allows a remote authenticated attacker with admin privileges to write arbitrary files CVE-2025-22467 (CVSS score: [website] - A stack-based buffer overflow in Ivanti Connect Secure before version [website] allows a remote authenticated attacker to achieve remote code execution.
(CVSS score: [website] - A stack-based buffer overflow in Ivanti Connect Secure before version [website] allows a remote authenticated attacker to achieve remote code execution CVE-2024-10644 (CVSS score: [website] - Code injection in Ivanti Connect Secure before version [website] and Ivanti Policy Secure before version [website] allows a remote authenticated attacker with admin privileges to achieve remote code execution.
(CVSS score: [website] - Code injection in Ivanti Connect Secure before version [website] and Ivanti Policy Secure before version [website] allows a remote authenticated attacker with admin privileges to achieve remote code execution CVE-2024-47908 (CVSS score: [website] - Operating system command injection in the admin web console of Ivanti CSA before version [website] allows a remote authenticated attacker with admin privileges to achieve remote code execution.
The shortcomings have been addressed in the below versions -.
The organization introduced it's not aware of any of the flaws being exploited in the wild. However, with Ivanti appliances being repeatedly weaponized by malicious actors, it's imperative that customers take steps to apply the latest patches.
JPCERT/CC, in a study , revealed that it observed CVE-2025-0282 – a now-patched vulnerability affecting Ivanti Connect Secure – being exploited to deliver an updated version of the SPAWN malware framework called SPAWNCHIMERA.
"SPAWNCHIMERA is a malware that combines the updated functions of SPAWNANT, SPAWNMOLE, and SPAWNSNAIL into one," security researcher Yuma Masubuchi stated, adding the modifications include changes to inter-process communication to use UNIX domain sockets and a function to plug the security defect in an attempt to prevent other actors from exploiting it.
Ivanti also acknowledged that its edge products have been "targeted and exploited by sophisticated threat actor attacks" and that it's making efforts to improve its software, implement secure-by-design principles, and raise the bar for potential abuse by adversaries.
"While these products are not the ultimate target, they are increasingly the route that well-resourced nation state groups are focusing their effort on to attempt espionage campaigns against extremely high-value organizations," Ivanti CSO Daniel Spicer expressed.
"We have enhanced internal scanning, manual exploitation and testing capabilities, increased collaboration and information sharing with the security ecosystem, and further enhanced our responsible disclosure process, including becoming a CVE Numbering Authority."
The development comes as Bishop Fox released full technical details of a now-patched security flaw in SonicWall SonicOS (CVE-2024-53704) that could be exploited to bypass authentication in firewalls and allow attackers to hijack active SSL VPN sessions in order to gain unauthorized access.
As of February 7, 2025, nearly 4,500 internet-facing SonicWall SSL VPN servers remain unpatched against CVE-2024-53704.
In a similar move, Akamai has (CVE-2024-46666 and CVE-2024-46668) that an unauthenticated attacker can exploit to achieve denial-of-service (DoS) and remote code execution. The flaws were resolved by Fortinet on January 14, 2025.
Fortinet has since also revised its advisory for CVE-2024-55591 to highlight another flaw tracked as CVE-2025-24472 (CVSS score: [website] that could result in an authentication bypass in FortiOS and FortiProxy devices via a specially crafted CSF proxy request.
The enterprise credited watchTowr Labs researcher Sonny Macdonald for discovering and reporting the flaw. It's worth noting that the vulnerability has already been patched alongside CVE-2024-55591, meaning no customer action is required if fixes for the latter have already been applied.
Both CVEs cover the same vulnerability but on a different endpoint," Benjamin Harris, CEO of watchTowr, told The Hacker News. "There is one management interface, however this management interface has effectively three sub interfaces.
"The original CVE-2024-55591 vulnerability was scoped to an authentication bypass in only one of these sub interfaces. The 'new' CVE that was disclosed yesterday reflects the same authentication bypass in a different sub interface. The root cause is the same and the same patch resolves CVE-2025-24472.
(The story was updated after publication to include a response from watchTowr Labs.).
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation du......
Nicht nur Cyberkriminelle möchten mittels Schadsoftware auf Mobilgeräten herumschnüffeln und Daten abschnorcheln – auch Regierungen und Gehei......
Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it mentioned has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated crucial, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge browser since the release of last month's Patch Tuesday enhancement.
The upgrade is notable for fixing two actively exploited flaws -.
CVE-2025-21391 (CVSS score: [website] - Windows Storage Elevation of Privilege Vulnerability.
(CVSS score: [website] - Windows Storage Elevation of Privilege Vulnerability CVE-2025-21418 (CVSS score: [website] - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.
"An attacker would only be able to delete targeted files on a system," Microsoft noted in an alert for CVE-2025-21391. "This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable."
Mike Walters, president and co-founder of Action1, noted that the vulnerability could be chained with other flaws to escalate privileges and perform follow-on actions that can complicate recovery efforts and allow threat actors to cover up their tracks by deleting crucial forensic artifacts.
CVE-2025-21418, on the other hand, concerns a case of privilege escalation in [website] that could be exploited to achieve SYSTEM privileges.
It's worth noting that a similar flaw in the same component (CVE-2024-38193) was disclosed by Gen Digital last August as being weaponized by the North Korea-linked Lazarus Group. In February 2024, the tech giant also plugged a Windows kernel privilege escalation flaw (CVE-2024-21338) affecting the AppLocker driver ([website] that was also exploited by the hacking crew.
These attack chains stand out because they go beyond a traditional Bring Your Own Vulnerable Driver (BYOVD) attack by taking advantage of a security flaw in a native Windows driver, thereby obviating the need for introducing other drivers into target environments.
It's currently not known if the abuse of CVE-2025-21418 is linked to the Lazarus Group as well. The [website] Cybersecurity and Infrastructure Security Agency (CISA) has added both the flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by March 4, 2025.
The most severe of the flaws addressed by Microsoft in this month's modification is CVE-2025-21198 (CVSS score: [website], a remote code execution (RCE) vulnerability in the High Performance Compute (HPC) Pack.
"An attacker could exploit this vulnerability by sending a specially crafted HTTPS request to the targeted head node or Linux compute node granting them the ability to perform RCE on other clusters or nodes connected to the targeted head node," Microsoft noted.
Also worth mentioning is another RCE vulnerability (CVE-2025-21376, CVSS score: [website] impacting Windows Lightweight Directory Access Protocol (LDAP) that permits an attacker to send a specially crafted request and execute arbitrary code. However, successful exploitation of the flaw requires the threat actor to win a race condition.
"Given that LDAP is integral to Active Directory, which underpins authentication and access control in enterprise environments, a compromise could lead to lateral movement, privilege escalation, and widespread network breaches," Ben McCarthy, lead cybersecurity engineer at Immersive Labs, showcased.
Elsewhere, the revision also resolves a NTLMv2 hash disclosure vulnerability (CVE-2025-21377, CVSS score: [website] that, if successfully exploited, could permit an attacker to authenticate as the targeted user.
In addition to Microsoft, security updates have also been released by other vendors over the past couple of weeks to rectify several vulnerabilities, including —.
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero......
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Applic......
Microsoft has released the KB5051974 cumulative modification for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windo......
Market Impact Analysis
Market Growth Trend
| 2018 | 2019 | 2020 | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|---|
| 8.7% | 10.5% | 11.0% | 12.2% | 12.9% | 13.3% | 13.4% |
Quarterly Growth Rate
| Q1 2024 | Q2 2024 | Q3 2024 | Q4 2024 |
|---|---|---|---|
| 12.5% | 12.9% | 13.2% | 13.4% |
Market Segments and Growth Drivers
| Segment | Market Share | Growth Rate |
|---|---|---|
| Network Security | 26% | 10.8% |
| Cloud Security | 23% | 17.6% |
| Identity Management | 19% | 15.3% |
| Endpoint Security | 17% | 13.9% |
| Other Security Solutions | 15% | 12.4% |
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity:
Competitive Landscape Analysis
| Company | Market Share |
|---|---|
| Palo Alto Networks | 14.2% |
| Cisco Security | 12.8% |
| Crowdstrike | 9.3% |
| Fortinet | 7.6% |
| Microsoft Security | 7.1% |
Future Outlook and Predictions
The Flaws Patches Secure landscape is evolving rapidly, driven by technological advancements, changing threat vectors, and shifting business requirements. Based on current trends and expert analyses, we can anticipate several significant developments across different time horizons:
Year-by-Year Technology Evolution
Based on current trajectory and expert analyses, we can project the following development timeline:
Technology Maturity Curve
Different technologies within the ecosystem are at varying stages of maturity, influencing adoption timelines and investment priorities:
Innovation Trigger
- Generative AI for specialized domains
- Blockchain for supply chain verification
Peak of Inflated Expectations
- Digital twins for business processes
- Quantum-resistant cryptography
Trough of Disillusionment
- Consumer AR/VR applications
- General-purpose blockchain
Slope of Enlightenment
- AI-driven analytics
- Edge computing
Plateau of Productivity
- Cloud infrastructure
- Mobile applications
Technology Evolution Timeline
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
Expert Perspectives
Leading experts in the cyber security sector provide diverse perspectives on how the landscape will evolve over the coming years:
"Technology transformation will continue to accelerate, creating both challenges and opportunities."
— Industry Expert
"Organizations must balance innovation with practical implementation to achieve meaningful results."
— Technology Analyst
"The most successful adopters will focus on business outcomes rather than technology for its own sake."
— Research Director
Areas of Expert Consensus
- Acceleration of Innovation: The pace of technological evolution will continue to increase
- Practical Integration: Focus will shift from proof-of-concept to operational deployment
- Human-Technology Partnership: Most effective implementations will optimize human-machine collaboration
- Regulatory Influence: Regulatory frameworks will increasingly shape technology development
Short-Term Outlook (1-2 Years)
In the immediate future, organizations will focus on implementing and optimizing currently available technologies to address pressing cyber security challenges:
- Technology adoption accelerating across industries
- digital transformation initiatives becoming mainstream
These developments will be characterized by incremental improvements to existing frameworks rather than revolutionary changes, with emphasis on practical deployment and measurable outcomes.
Mid-Term Outlook (3-5 Years)
As technologies mature and organizations adapt, more substantial transformations will emerge in how security is approached and implemented:
- Significant transformation of business processes through advanced technologies
- new digital business models emerging
This period will see significant changes in security architecture and operational models, with increasing automation and integration between previously siloed security functions. Organizations will shift from reactive to proactive security postures.
Long-Term Outlook (5+ Years)
Looking further ahead, more fundamental shifts will reshape how cybersecurity is conceptualized and implemented across digital ecosystems:
- Fundamental shifts in how technology integrates with business and society
- emergence of new technology paradigms
These long-term developments will likely require significant technical breakthroughs, new regulatory frameworks, and evolution in how organizations approach security as a fundamental business function rather than a technical discipline.
Key Risk Factors and Uncertainties
Several critical factors could significantly impact the trajectory of cyber security evolution:
Organizations should monitor these factors closely and develop contingency strategies to mitigate potential negative impacts on technology implementation timelines.
Alternative Future Scenarios
The evolution of technology can follow different paths depending on various factors including regulatory developments, investment trends, technological breakthroughs, and market adoption. We analyze three potential scenarios:
Optimistic Scenario
Rapid adoption of advanced technologies with significant business impact
Key Drivers: Supportive regulatory environment, significant research breakthroughs, strong market incentives, and rapid user adoption.
Probability: 25-30%
Base Case Scenario
Measured implementation with incremental improvements
Key Drivers: Balanced regulatory approach, steady technological progress, and selective implementation based on clear ROI.
Probability: 50-60%
Conservative Scenario
Technical and organizational barriers limiting effective adoption
Key Drivers: Restrictive regulations, technical limitations, implementation challenges, and risk-averse organizational cultures.
Probability: 15-20%
Scenario Comparison Matrix
| Factor | Optimistic | Base Case | Conservative |
|---|---|---|---|
| Implementation Timeline | Accelerated | Steady | Delayed |
| Market Adoption | Widespread | Selective | Limited |
| Technology Evolution | Rapid | Progressive | Incremental |
| Regulatory Environment | Supportive | Balanced | Restrictive |
| Business Impact | Transformative | Significant | Modest |
Transformational Impact
Technology becoming increasingly embedded in all aspects of business operations. This evolution will necessitate significant changes in organizational structures, talent development, and strategic planning processes.
The convergence of multiple technological trends—including artificial intelligence, quantum computing, and ubiquitous connectivity—will create both unprecedented security challenges and innovative defensive capabilities.
Implementation Challenges
Technical complexity and organizational readiness remain key challenges. Organizations will need to develop comprehensive change management strategies to successfully navigate these transitions.
Regulatory uncertainty, particularly around emerging technologies like AI in security applications, will require flexible security architectures that can adapt to evolving compliance requirements.
Key Innovations to Watch
Artificial intelligence, distributed systems, and automation technologies leading innovation. Organizations should monitor these developments closely to maintain competitive advantages and effective security postures.
Strategic investments in research partnerships, technology pilots, and talent development will position forward-thinking organizations to leverage these innovations early in their development cycle.
Technical Glossary
Key technical terms and definitions to help understand the technologies discussed in this article.
Understanding the following technical concepts is essential for grasping the full implications of the security threats and defensive measures discussed in this article. These definitions provide context for both technical and non-technical readers.
API beginner
How APIs enable communication between different software systemsplatform intermediate
interface intermediate
firewall intermediate
zero-day intermediate
Timeline showing vulnerability discovery to patch developmentSOC intermediate
malware beginner
Common malware types and their characteristicsRelated Articles
