The PortalFuse Microsoft Security Report Podcast

Kevin Kaminski
The PortalFuse Microsoft Security Report Podcast

🎙️ Welcome to the Weekly Security Report 🎙️ — your essential stop for the latest in Windows and Edge security! This podcast is designed to be a time-saving powerhouse, distilling the most critical updates, new features, and emerging vulnerabilities from multiple trusted sources into one convenient, ready-to-reference report. Each week, we dig deep into the data to give you a concise, actionable rundown on the security landscape, helping you stay one step ahead. So whether you’re managing enterprise security, overseeing IT operations, or just a tech enthusiast, our mission is to make it easy to stay informed, protected, and prepared. Plug in, and let’s get into this week’s highlights!

Episodes

  1. JAN 1

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – December 24, 2024

    As the holiday season approaches we managed to break the reports after adding some additional functionality to our AI model. A week late we bring you the final PortalFuse Weekly Security Update of 2024 as no CVEs were detected for this week. This week’s report focuses on critical vulnerabilities affecting Microsoft Edge, derived from the Chromium Open Source Software (OSS). Let us dive into the details and ensure your systems are secure during this festive period. Overview of This Week’s CVEs CVE-2024-12695: Out of Bounds Write in V8 Impact: This critical vulnerability in the V8 JavaScript engine affects Microsoft Edge (Chromium-based). Details: The vulnerability allows an out-of-bounds write, potentially enabling attackers to execute arbitrary code in the context of the current user. The root cause lies in Chromium’s memory handling. Fix: Addressed in Microsoft Edge version 131.0.2903.112, released on December 19, 2024. Recommendation: System administrators should update to this version immediately to mitigate the risk. Additional Information: Refer to Google Chrome Releases for more details. CVE-2024-12694: Use After Free in Compositing Impact: A critical vulnerability in the Compositing feature of Microsoft Edge (Chromium-based). Details: This vulnerability could be exploited by attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation. Fix: Addressed in Microsoft Edge version 131.0.2903.112. Recommendation: Update your Microsoft Edge installations promptly. Additional Information: Refer to Google Chrome Releases. CVE-2024-12693: Out of Bounds Memory Access in V8 Impact: A critical vulnerability due to out-of-bounds memory access in the V8 engine. Details: This issue could allow attackers to execute arbitrary code. It originates from Chromium’s codebase utilized by Microsoft Edge. Fix: Resolved in Microsoft Edge version 131.0.2903.112. Recommendation: Ensure your systems are updated to the latest version. Additional Information: See Google Chrome Releases. CVE-2024-12692: Type Confusion in V8 Impact: A critical vulnerability in the V8 JavaScript engine, stemming from type confusion issues. Details: Exploitation could allow arbitrary code execution, with significant security implications. Fix: Fixed in Microsoft Edge version 131.0.2903.112. Recommendation: Apply the update immediately to secure your environment. Additional Information: Consult Google Chrome Releases. This week’s report highlights four critical vulnerabilities affecting Microsoft Edge, all stemming from Chromium’s codebase. The vulnerabilities include memory handling issues such as out-of-bounds writes, use-after-free conditions, and type confusion, all of which could lead to arbitrary code execution. These issues were promptly addressed with updates to Microsoft Edge version 131.0.2903.112. While serious, they are standard for high-impact CVEs and demonstrate the ongoing need for vigilance in software maintenance. For more information, you can access the full report or listen to our audio podcast summarizing this week’s updates.  Conclusion This week’s vulnerabilities emphasize the critical need for prompt action in applying updates and addressing software flaws to maintain a robust security posture. Microsoft Edge version 131.0.2903.112 addresses all the listed CVEs, making it essential to update immediately. Thank you for following our weekly updates throughout 2024. As we close the year, we wish you a Merry Christmas for your friends and family! Stay secure and enjoy the festivities.

    13 min

  2. 12/18/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – December 17, 2024

    A quiet week so far for the holidays. Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week. Two critical security vulnerabilities affecting Microsoft Edge, stemming from the Chromium project, were addressed this week. These vulnerabilities underscore the importance of timely updates to ensure system security and user safety. With these fixes in place, users can mitigate significant risks posed by these flaws. CVE-2024-12382 Use After Free in Translate Vulnerability Description: This flaw affects the Translate feature in Microsoft Edge, which is built on Chromium OSS. An attacker exploiting this vulnerability could execute arbitrary code within the context of the current user. The issue arises from improper memory management. Resolution: Microsoft has addressed this vulnerability in Edge version 131.0.2903.99, released on December 12, 2024. The update aligns with Chromium’s fixes, ensuring system integrity. Action Required: System administrators should prioritize updating to this version of Microsoft Edge immediately. For further details, refer to the Microsoft Edge Security Release Notes. CVE-2024-12381 Type Confusion in V8 Vulnerability Description: This type confusion vulnerability in Chromium’s V8 JavaScript engine could enable an attacker to execute arbitrary code. As with CVE-2024-12382, this issue impacts Microsoft Edge due to its dependency on Chromium OSS. Resolution: The fix was incorporated in the same Edge release (version 131.0.2903.99) on December 12, 2024. Action Required: Ensure all systems using Microsoft Edge are updated to version 131.0.2903.99 to mitigate risks. Both vulnerabilities illustrate the interconnected nature of software ecosystems like Chromium-based browsers. Proactive updates are critical in minimizing exposure to such risks.   We then turn to another significant development—the resolution of issues with WPF applications using IMEs. We also cover open issues with dual boot Linux systems and the WinApp SDK. Give us a few minutes of your time to get the latest updates for Edge.

    14 min

  3. 12/12/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – December 10, 2024

    Welcome to "Addressing Critical CVEs: Enhancing System Security," your go-to podcast for the latest system vulnerabilities and security patch updates. In this episode, we delve into Microsoft's December 2024 updates, which tackle a range of critical vulnerabilities, from remote code execution to elevation of privilege and denial of service. Remote Code Execution: This week, we explore several Remote Code Execution (RCE) vulnerabilities that highlight the increasing sophistication of exploits targeting core system services. Notable patches include: CVE-2024-49132: A Windows Remote Desktop Services RCE vulnerability caused by a race condition, allowing attackers to execute arbitrary code remotely without user interaction. CVE-2024-49127: An LDAP RCE vulnerability that lets attackers execute code within SYSTEM context. CVE-2024-49122: An MSMQ RCE vulnerability enabling remote code execution via crafted MSMQ packets. Elevation of Privilege: We also discuss Elevation of Privilege (EoP) vulnerabilities, which are increasingly targeting local privilege escalation pathways. Key patches include: CVE-2024-49114: A Cloud Files Mini Filter Driver vulnerability allowing SYSTEM level privilege escalation. CVE-2024-49111: A WwanSvc vulnerability exploitable for sensitive resource access. CVE-2024-49088: A Windows Common Log File System Driver vulnerability enabling privilege escalation through buffer over-read flaws. Denial of Service: Closing out 2024, we address Denial of Service (DoS) vulnerabilities, particularly those exploiting directory-related services like LDAP. Critical patches include: CVE-2024-49121: An LDAP DoS vulnerability interrupting directory lookups and authentication. CVE-2024-49113: An out-of-bounds read vulnerability in LDAP causing resource exhaustion. CVE-2024-49126: A Windows Defender DoS vulnerability leading to resource exhaustion and system crashes. Key KB Articles: We transition to the Knowledge Base (KB) articles that provide crucial context for applying these fixes. Highlights include: KB5048703: Enhances security within the Windows 10 ecosystem. KB5048652: Focuses on improving stability for Windows 10 Version 22H2. KB5048794: Enhances performance and stability for Windows 11 enterprise environments. KB5048685: Applies to Windows 11 Enterprise and Education versions, addressing vulnerabilities in the OpenSSH subsystem and improving GPU-intensive task performance. Wrapping Up: As we transition into 2025, prioritizing regular patch management, vulnerability assessments, and staying informed about emerging threats will be crucial for ensuring robust IT infrastructure resilience. Thank you for tuning in to this Patch Tuesday report. Your dedication to securing systems is appreciated. Wishing you a secure and Merry Christmas from everyone at PortalFuse to you and your family!

    14 min

  4. 11/29/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – November 26, 2024

    This week’s updates balance critical fixes with quality-of-life improvements. By staying informed and proactively addressing vulnerabilities, you’re not only securing your systems but also laying a foundation for smoother operations as the year ends. Let us know if this breakdown resonates with you or if you’d like deeper dives into specific topics. Stay secure and see you next week!

    13 min

  5. 11/21/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – November 19, 2024

    This week’s report includes nine new CVEs related to Microsoft Edge, all of which have been addressed in the latest version (131.0.2903.48) released on November 19, 2024. The vulnerabilities range from inappropriate implementation issues to insufficient policy enforcement and arbitrary code execution. Additionally, several key known issues impacting Windows 10 and 11 are currently under investigation. Be sure to review the details below to understand their impact on your environment.

    11 min

  6. 11/13/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) - November 12, 2024

    Welcome to the PortalFuse Patch Tuesday blog post for November 2024! As always, this report brings the latest and most critical security updates from Microsoft to help system administrators and security professionals keep their environments secure. The updates this month cover a wide range of vulnerabilities, impacting various Microsoft products and services, including Windows, Microsoft Edge, and Windows Server. Below, we'll break down the key vulnerabilities by impact and exploitation complexity, so you can quickly grasp which areas need your immediate attention. You can read the full report here.

    26 min

  7. 11/06/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – November 5, 2024

    Welcome to this week’s PortalFuse Weekly Security Update Report. This briefing provides an overview of the latest patch and security developments for Microsoft Windows and Edge. It has been a relatively quiet week for Windows and Edge, but some rumors swirled around issues affecting Microsoft Server with an upgrade being classified as an update. No rest for the weary! Our goal and scope here is Windows and Edge to ensure you have the essential information needed to keep your systems secure and running smoothly. https://portalfuse.io/blog/portalfuse-weekly-security-update-report-windows-and-edge-edition-november-5-2024

    12 min

  8. 10/30/2024

    PortalFuse Weekly Security Update Report (Windows and Edge Edition) – October 16-22, 2024

    This weekly briefing highlights the key vulnerabilities addressed in Microsoft Edge during October 16-22, 2024. System administrators are encouraged to review this summary, which categorizes the vulnerabilities by type and severity, and to take appropriate action to ensure their systems are up to date.

    6 min

  9. 10/30/2024

    PortalFuse Weekly Security Report Oct-15 2024

    Welcome to this week’s security briefing on critical updates for Microsoft Windows and Edge. This edition focuses on six vulnerabilities, including two newly identified ones. Key risks include remote code execution (RCE) and elevation of privilege vulnerabilities, with solutions detailed to assist system administrators in prioritizing immediate action.

    11 min
  • 9 Episodes

About

🎙️ Welcome to the Weekly Security Report 🎙️ — your essential stop for the latest in Windows and Edge security! This podcast is designed to be a time-saving powerhouse, distilling the most critical updates, new features, and emerging vulnerabilities from multiple trusted sources into one convenient, ready-to-reference report. Each week, we dig deep into the data to give you a concise, actionable rundown on the security landscape, helping you stay one step ahead. So whether you’re managing enterprise security, overseeing IT operations, or just a tech enthusiast, our mission is to make it easy to stay informed, protected, and prepared. Plug in, and let’s get into this week’s highlights!

Information

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada