Scroll Top

Apple and Microsoft Issue Critical Security Software Patches for Their Operating Systems

Apple and Microsoft Issue Critical Security Software Patches for Their Operating Systems
WindowsUpdateAppleUpdate 13March2025
0 0
By Mike Sulmonetti Bugs Issues Security Blog March 13, 2025

APPLE Software Patch

About Apple Security Updates

“For our customers protection, Apple doesn’t disclose 0r confirm security issues until an investigation has been done and patches or software releases are available.  Keeping your software up to date is one of the most important things you can do to maintain your Apple products security”. (Source: Apple Support)

As of 3/11/25 Apples emergency patch fixes a vulnerability CVE-2025024201 which has been exploited in zero-day attacks.

“Maliciously crafted web content may be able to break out of Web Content sandbox,” Apple added. “This is an out-of-bounds write issue that Apple first fixed in iOS 17.2 while blocking the zero-day attempts”. (Source: Apple Support)

Updates with patches include iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, and vision 2.3.2.

Apple has not released a lot of detail for security reasons.  The vulnerabilities could allow high impact attacks like RCE Remote Code Execution, Privilege Escalation, data theft and device takeover.

All Apple users are advised to upgrade their Apple products as soon as possible.

 

Microsoft Patch Tuesday

Microsoft Patches 57 Security Vulnerabilities

On March 11, 2025 Microsoft released a Patch Tuesday update addressing 57 vulnerabilities, including six critical flaws and several zero-day vulnerabilities that were actively exploited.

The six critical flaws had RCE Remote Code Execution Issues:

  1. CVE 2025-24057 Microsoft Office
  2. CVE 2025-26645 Remote Desktop Client
  3. CVE 2025-24064 DNS Server Role (Windows Server)
  4. CVE 2025-24035 Remote Desktop Services (RDS)
  5. CVE 2025 24045 Remote Desktop Services (RDS)
  6. CVE 2025-24084 Windows Subsystem for Linux (WSL)

Of the seven Zero Day Vulnerabilities six are being exploited currently:

  1. CVE 2025-24983 Win32 Kernel Subsystem Elevation of Privilege
  2. CVE 2025-24985 Windows Fast Fat RCE
  3. CVE 2025-24991 & CVE 2025-24993 NTFS Zero Day
  4. CVE 2025-26633 Microsoft Management Console
  5. CVE 2025-26630 Microsoft Access

Immediate Action Recommends:

  1. Patch immediately, especially systems running Windows 10, 11, and Windows Server.
  2. Audit usage of VHD files and removable media to minimize potential attack surfaces.
  3. Educate users on avoiding suspicious attachments or unexpected USB devices.
  4. Monitor for abnormal system behavior that could hint at privilege escalation or memory exploitation.

To learn more about Topgallant Partners or to Read More Security Blog Posts Click on the Link Below.

http://www.topgallant-partners.com

0
Mike Sulmonetti / About Author
Account Manager Cybersecurity Sales Consulting. Mike has been in High Technology sales consulting for 30+ years, of which 15 years have been solely focused on cybersecurity consulting. He is very passionate about helping customers bolster their cybersecurity programs. In his spare time Mike likes to Ski, Golf, Mountain Bike and go Boating.
More posts by Mike Sulmonetti

Leave a comment

Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required