blogmirnet – My information Resource (blog.mir.net)

Oracle Quarterly Critical Patches Issued April 15th, 2025 – PATCH: NOW

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.

SYSTEMS AFFECTED:

Autonomous Health Framework, versions 23.8.0-23.11.0, 24.1.0-24.11.0, 25.1.0, 25.2.0
GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.10
JD Edwards EnterpriseOne Tools, versions 9.2.0.0-9.2.9.2
Management Cloud Engine, version 24.3.0
MySQL Client, versions 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0
MySQL Cluster, versions 7.6.0-7.6.33, 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0
MySQL Connectors, versions 9.0.0-9.2.0
MySQL Enterprise Backup, versions 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0
MySQL Server, versions 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0
MySQL Shell, versions 8.0.32-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0
MySQL Workbench, versions 8.0.0-8.0.41
Oracle Access Manager, version 12.2.1.4.0
Oracle Agile Engineering Data Management, version 6.2.1
Oracle Application Express, versions 23.2.15, 23.2.16, 24.1.9, 24.1.10, 24.2.3, 24.2.4
Oracle Application Testing Suite, version 13.3.0.1
Oracle Banking APIs, versions 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0
Oracle Banking Corporate Lending Process Management, versions 14.5.0.0.0-14.7.0.0.0
Oracle Banking Digital Experience, versions 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0
Oracle Banking Liquidity Management, version 14.7.0.7.0
Oracle Banking Origination, versions 14.5.0.0.0-14.7.0.0.0
Oracle BI Publisher, versions 7.6.0.0.0, 12.2.1.4.0
Oracle Business Activity Monitoring, version 14.1.2.0.0
Oracle Business Intelligence Enterprise Edition, versions 7.6.0.0.0, 12.2.1.4.0
Oracle Business Process Management Suite, versions 12.2.1.4.0, 14.1.2.0.0
Oracle Coherence, versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0
Oracle Commerce Guided Search, versions 11.3.2, 11.4.0
Oracle Commerce Merchandising, versions 11.3.0, 11.3.1, 11.3.2
Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2, 11.4.0
Oracle Communications Billing and Revenue Management, versions 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0-15.0.1.0.0
Oracle Communications Cloud Native Core Binding Support Function, versions 24.2.0-24.2.2
Oracle Communications Cloud Native Core Certificate Management, version 24.2.2
Oracle Communications Cloud Native Core Console, version 24.2.2
Oracle Communications Cloud Native Core DBTier, versions 24.2.3, 24.2.4, 24.3.0
Oracle Communications Cloud Native Core Network Data Analytics Function, version 24.2.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 24.2.5, 25.1.100
Oracle Communications Cloud Native Core Network Repository Function, version 24.2.3
Oracle Communications Cloud Native Core Policy, versions 24.2.0-24.2.4
Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 24.2.2, 24.2.3, 24.3.0
Oracle Communications Cloud Native Core Service Communication Proxy, versions 24.2.0, 24.2.3, 24.3.0, 25.1.100
Oracle Communications Cloud Native Core Unified Data Repository, versions 22.4.0, 23.1.0-23.4.0, 24.2.3, 25.1.100
Oracle Communications Diameter Signaling Router, version 9.0.0.0
Oracle Communications EAGLE Element Management System, version 46.6
Oracle Communications Element Manager, versions 9.0.0-9.0.3
Oracle Communications Messaging Server, version 8.1.0.26.0
Oracle Communications MetaSolv Solution, version 6.3.1
Oracle Communications Network Analytics Data Director, versions 24.1.0-24.3.0
Oracle Communications Network Charging and Control, versions 12.0.6.0.0, 15.0.0.0.0, 15.0.1.0.0
Oracle Communications Network Integrity, versions 7.3.6, 7.4.0, 7.5.0
Oracle Communications Operations Monitor, version 5.2
Oracle Communications Order and Service Management, versions 7.4.0, 7.4.1, 7.5.0
Oracle Communications Policy Management, version 15.0.0.0.0
Oracle Communications Pricing Design Center, versions 12.0.0.4.0-12.0.0.8.0, 15.0.0.0.0, 15.0.1.0.0
Oracle Communications Service Catalog and Design, versions 8.0.0.4.0, 8.1.0.2.0
Oracle Communications Session Border Controller, versions 9.2.0, 9.3.0, 10.0.0
Oracle Communications Session Report Manager, versions 9.0.0-9.0.3
Oracle Communications Unified Assurance, versions 6.0-6.1
Oracle Communications Unified Inventory Management, versions 7.4.0-7.4.2, 7.5.0-7.5.1, 7.6.0, 7.7.0
Oracle Communications User Data Repository, versions 14.0.0, 15.0.0, 15.0.1, 15.0.2
Oracle Data Integrator, version 12.2.1.4.0
Oracle Database Server, versions 19.3-19.26, 21.3-21.17, 23.4-23.7
Oracle Demantra Demand Management, versions 12.2.6-12.2.14
Oracle Documaker, versions 12.7.1.6, 12.7.2.3, 13.0.0.1
Oracle E-Business Suite, versions 12.2.3-12.2.14, [ECC] 12-13
Oracle Enterprise Communications Broker, versions 4.1.0, 4.2.0
Oracle Enterprise Manager Base Platform, versions 13.5.0.0.0, 24.1.0.0.0
Oracle Essbase, version 21.7.1.0.0
Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.7.8, 8.0.8.6, 8.1.1.4, 8.1.2.5
Oracle Financial Services Behavior Detection Platform, versions 8.0.8.1, 8.1.2.8, 8.1.2.9
Oracle Financial Services Compliance Studio, version 8.1.2.9
Oracle Financial Services Model Management and Governance, version 8.1.2.7.0
Oracle Financial Services Revenue Management and Billing, versions 2.9.0.0.0-7.0.0.0.0
Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition, version 8.0.8
Oracle Fusion Middleware MapViewer, version 12.2.1.4.0
Oracle GoldenGate, versions 19.1.0.0.0-19.26.0.0.250219, 21.3-21.17, 23.4-23.7
Oracle GoldenGate Veridata, versions 12.2.1.4.0-12.2.1.4.241210
Oracle GraalVM Enterprise Edition, versions 20.3.17, 21.3.13
Oracle GraalVM for JDK, versions 17.0.14, 21.0.6, 24
Oracle Graph Server and Client, versions 23.4.3, 23.4.4, 24.3.0, 24.4.0
Oracle Hospitality Cruise Shipboard Property Management System, version 23.2.1
Oracle Hospitality Reporting and Analytics, versions 9.1.34-9.1.36
Oracle Hospitality Simphony, versions 19.1-19.7
Oracle HTTP Server, versions 12.2.1.4.0, 14.1.2.0.0
Oracle Hyperion Financial Reporting, version 11.2.19.0.0
Oracle Hyperion Infrastructure Technology, version 11.2.19.0.0
Oracle Java SE, versions 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24
Oracle JDeveloper, version 12.2.1.4.0
Oracle Managed File Transfer, versions 12.2.1.4.0, 14.1.2.0.0
Oracle NoSQL Database, versions 1.5.0, 1.6.0, 1.6.1
Oracle Outside In Technology, version 8.5.7
Oracle Policy Automation, versions 12.2.0-12.2.36
Oracle Policy Modeling, versions 12.2.0-12.2.36
Oracle REST Data Services, versions 23.1, 23.2, 23.3, 23.4
Oracle Retail Order Broker, version 19.1
Oracle Retail Store Inventory Management, version 16.0.3.16
Oracle Retail Xstore Point of Service, versions 19.0.6, 20.0.5, 21.0.4, 22.0.2, 23.0.2, 24.0.1
Oracle SD-WAN Aware, version 9.0.1.11
Oracle SD-WAN Edge, version 9.1.1.9
Oracle Secure Backup, versions 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1, 18.1.0.2, 19.1.0.0
Oracle Service Bus, version 12.2.1.4.0
Oracle Smart View for Office, version 24.200
Oracle SOA Suite, versions 12.2.1.4.0, 14.1.2.0.0
Oracle Solaris, version 11
Oracle SQL Developer, version 24.3.1.347.1826
Oracle TimesTen In-Memory Database, versions 22.1.1.1.0-22.1.1.30.0
Oracle Utilities Application Framework, versions 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 24.1.0.0.0-24.3.0.0.0
Oracle VM VirtualBox, version 7.1.6
Oracle WebCenter Forms Recognition, version 14.1.1.0.0
Oracle WebCenter Portal, version 12.2.1.4.0
Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0
OSS Support Tools, versions 2.11.0-2.12.46, 8.0-8.18, 18.1-18.4, 19.1-19.4, 20.1-20.4, 22.2, 23.1-23.4, 24.1-24.4, 25.1
PeopleSoft Enterprise CC Common Application Objects, version 9.2
PeopleSoft Enterprise HCM Talent Acquisition Manager, version 9.2
PeopleSoft Enterprise PeopleTools, versions 8.60, 8.61, 8.62
Primavera Gateway, versions 20.12.0-20.12.17, 21.12.0-21.12.15
Primavera P6 Enterprise Project Portfolio Management, versions 22.12.0-22.12.18, 23.12.0-23.12.13, 24.12.0-24.12.2
Primavera Unifier, versions 20.12.0-20.12.16, 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.13, 24.12.0-24.12.3
Siebel Applications, versions 17.0-25.2

RISK:
Government:

Large and medium government entities: High
Small government entities: High

Businesses:

Large and medium business entities: High
Small business entities: High

Home users: Low

RECOMMENDATIONS:
We recommend the following actions be taken:

Apply appropriate patches or appropriate mitigations provided by Oracle to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.2: Establish and Maintain a Remediation Process: Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5 : Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 12.1: Ensure Network Infrastructure is Up-to-Date: Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
- Safeguard 18.1: Establish and Maintain a Penetration Testing Program: Establish and maintain a penetration testing program appropriate to the size, complexity, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.
- Safeguard 18.2: Perform Periodic External Penetration Tests: Perform periodic external penetration tests based on program requirements, no less than annually. External penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. Penetration testing requires specialized skills and experience and must be conducted through a qualified party. The testing may be clear box or opaque box.
- Safeguard 18.3: Remediate Penetration Test Findings: Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them. (M1016: Vulnerability Scanning)
- Safeguard 16.13: Conduct Application Penetration Testing: Conduct application penetration testing. For critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning and automated security testing. Penetration testing relies on the skill of the tester to manually manipulate an application as an authenticated and unauthenticated user.
Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
- Safeguard 5.5: Establish and Maintain an Inventory of Service Accounts: Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently
Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040 : Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.

REFERENCES:

Nist Privacy Framework 1.1 Initial Public Draft Release

NIST is pleased to announce the release of the Privacy Framework 1.1 Initial Public Draft (IPD)! The NIST Privacy Framework is a “living” tool meant to evolve to meet stakeholder needs, and the time has come to update to Version 1.1. This update builds on the success of Privacy Framework 1.0 by responding to current privacy risk management needs, realigning with NIST Cybersecurity Framework (CSF) 2.0, and enhancing usability.

The following resources are included with the Privacy Framework 1.1 IPD release:

Privacy Framework 1.1 IPD Highlights video that summarizes the development process and reviews key updates.
Mapping of Privacy Framework 1.0 Core to Privacy Framework 1.1 Core to help organizations trace changes to Core Categories and Subcategories between Framework versions.

NIST welcomes stakeholder feedback on the Privacy Framework 1.1 IPD by June 13, 2025. For more information, including a comment template and instructions for submitting feedback, please click the button below.

To receive periodic updates and hear about other opportunities to engage, subscribe to our Privacy Engineering mailing list. If you have questions, please contact us at [email protected].

Create AI assistants in Microsoft Copilot Studio—register now

Free Training

Adapt your skills and master the tools you’ll need to thrive in an AI-powered world at a free Microsoft Power Platform Virtual Training Day from Microsoft Learn. Join us at Create Agents in Microsoft Copilot Studio to design conversational apps using AI.

Discover how to build custom agents, manage topics and trigger phrases, configure nodes, and control variables and entities. Additionally, you’ll learn how to work with generative AI and collect data from sources like Microsoft Dataverse to configure and publish agents across multiple channels, including Microsoft Teams. Plus, gain insights to enhance productivity and efficiency while building your own agent experiences using Copilot Studio.

After completing this training, you’ll be eligible to take the Microsoft Power Platform Fundamentals certification at 50% off the exam price.

You’ll have the opportunity to: Explore how to build intelligent, conversational apps based on generative AI and large language models (LLMs). Learn the basic principles of developing and customizing topics and trigger phrases to guide conversations.

Find out how to create agents for Microsoft Copilot to address specific business needs. Discover how to pull data from multiple sources via Dataverse to boost agent performance.

Explore how AI and LLMs help boost productivity and increase collaboration through solutions like Microsoft 365 and Microsoft Teams.

Chat with Microsoft experts—ask questions and get answers to help you build agents. Join us at an upcoming Create Agents in Microsoft Copilot Studio event:
April 28, 2025
11:00 AM – 1:30 PM | (GMT-05:00) Central Time US & Canada
12:00 PM – 2:30 PM | (GMT-04:00) Eastern Time US & Canada
10:00 AM – 12:30 PM | (GMT-06:00) Mountain Time US & Canada
9:00 AM – 11:30 AM | (GMT-07:00) Pacific Time US & Canada

Delivery Language: English
Closed Captioning Language(s): English

Announcing the Microsoft AI Skills Fest: Save the date!

et’s unlock the future together with 50 days of AI discovery and learning—and let’s attempt to set a world record at the same time!

*Updated as of March 28, 2025

The best way to learn something new is by taking it one step at a time. We know all this talk of AI can be overwhelming, so how about we take it one skill at a time? At Microsoft, our mission has always been to create technology that empowers others to innovate and solve real-world problems. And it’s no different with AI—we want to help you learn to use this powerful technology to make your life easier, especially as it becomes an integral part of our daily lives. Sometimes, starting is the hardest part, so we want to make that part simple for you.

This is why we’re excited to announce the Microsoft AI Skills Fest, a global event this April and May, designed to bring learners across the globe together to build their AI skills, from beginner explorers to the technologically gifted. Together, we can learn a new AI skill and maybe even set a groundbreaking record at the same time! An image of a timeline describing the Microsoft AI Skills Fest

Everyone everywhere is invited

The AI Skills Fest is designed with you in mind, offering a wide variety of AI training for everyone, regardless of background or expertise. Join us to build your AI skills and unlock new opportunities for productivity, innovation, and growth.

Tech professionals. Learn how to quickly build AI-powered solutions using Microsoft’s AI apps and services. Gain skills and experience working with agents, AI security, Azure AI Foundry, GitHub Copilot, Microsoft Fabric, and more.
Business professionals. Find out how much easier your work life can be when you use Microsoft Copilot to simplify tasks and let your creativity loose!
Students. Explore technical skills to bring your ideas to life, with AI learning experiences for all skill levels and interests.
Business leaders. Empower your teams with AI skills for future success through curated upskilling opportunities.

Let’s earn a GUINNESS WORLD RECORDS™ title together on April 8, 2025!

The Microsoft AI Skills Fest will begin with a spectacular Kickoff Celebration on April 8, 2025. Starting in Australia at 9 AM Australian Eastern Standard Time and wrapping up in the United States at 4 PM Pacific Daylight Time, this 24-hour, globe-spanning event will feature a variety of AI learning activities designed to engage and inspire learners of all experience levels.

Together, we’ll have a once-in-a-lifetime opportunity to attempt a GUINNESS WORLD RECORDS™ title for most users to take an online multi-level artificial intelligence lesson in 24 hours. Don’t miss this unique chance to learn, compete, and celebrate your achievements—and to be part of these unprecedented and record-setting global festivities.

Check out the learning experiences we’ve prepared for this day.

Mark your calendar and register now.

Join our free Microsoft 365 Copilot training for nonprofit organizations

We’re excited to invite you to our upcoming Microsoft 365 Copilot QuickStart Training for nonprofits.

This beginner-friendly session will help you start using Microsoft 365 Copilot as your own AI assistant and unleash the power of AI in your daily tasks. We’ll cover the basics of Copilot, the art of ‘Prompting’ for the best results, and provide hands-on demos to show how you can use Copilot.

Select sessions are available in English, French, German, and Spanish.

Date: April 24, 2025 Time: 9:00 AM–11:30 AM PST Register here
You can view the full calendar of sessions and register here. Even if you don’t have a Copilot license yet, you can still watch the demos and try the exercises once you receive your license.
Share this invitation with your colleagues and friends to invite them to join.

Advanced Fee Loan Scam

Threat actors can use phone numbers obtained from past data breaches and public records to randomly call or send messages claiming to be a member of a loan processing team and providing a loan offer that appears too good to be true. They may provide vague details, impose urgent demands, or require advanced fees of a purported loan offer with the intent of stealing personally identifiable information (PII) and financial information, including Social Security numbers and bank account numbers.

The NJCCIC received reports of an advanced fee loan scam in which threat actors posed as lenders, guaranteed the loan approval without official credit checks, offered low rates or fees, and asked for money upfront. The victims submitted a supposed loan application and paid a deposit via peer-to-peer money transfer platforms typically used with these scams. The deposits were nominal due to a false claim of a low credit score or based on a percentage of the fake loan amount. In one scam, the victim applied for a loan and paid a $1,350 deposit via Zelle. In another scam, the victim was offered a several million-dollar loan with a reasonable rate and a four percent deposit. Once the victims paid the deposits, the so-called lenders stole their information and funds and never responded to the victims’ subsequent inquiries. Threat actors can use this stolen information to impersonate victims, apply for loans or lines of credit, access bank accounts, and steal additional funds.

Back to Basics with MFA, VPNs, and Firewalls

Threat actors typically initiate their cyberattacks by performing reconnaissance against an organization’s people, processes, and technology. They primarily seek to exploit vulnerabilities in people and software to gain initial access. The threat actors then attempt to access internal systems. VPNs and firewalls are often targeted by threat actors as they serve as primary gateways to these internal systems and networks and provide remote access to organizations. Successful cyberattacks can have cascading impacts, including operational disruptions, financial losses, and the loss of confidentiality, integrity, and availability of data and information systems.

Credentials (usernames and passwords) provide a way to authenticate users and control access to online accounts, email systems, network resources, and more. Threat actors attempt to harvest or steal these credentials and gain initial access primarily through phishing and other methods, such as keylogging malware, brute force attacks, man-in-the-middle (MITM) attacks, and credential stuffing attacks. The convenient practice of password reuse across multiple accounts is risky behavior that can result in account compromises. Credential harvesting and password reuse allow threat actors to easily compromise accounts, escalate privileges, exploit vulnerabilities, move laterally within a network, deploy malware, and access data. As highlighted by recent Medusa and Hellcat ransomware attacks, users are advised to activate MFA for all accounts and services, including email and VPNs.

Threat actors also attempt to exploit software vulnerabilities, especially in VPNs and firewalls and other edge devices, to infiltrate systems and networks. Multiple security advisories were issued during the first quarter of 2025, including the Ivanti Connect Secure, Policy Secure, and ZTA Gateways remote code execution vulnerability, the Cisco Meraki MX and Z Series AnyConnect VPN denial of service vulnerability, the Fortinet unverified password change vulnerability, and the OpenVPN denial of service vulnerability. Additionally, at least five VPN services have been linked to a sanctioned Chinese firm, inadvertently impacting millions of free VPN users in the United States. There was also a significant surge in Palo Alto Networks scanner activity, suggesting a coordinated effort to test network defenses and exploit vulnerable systems. Furthermore, threat actors exploited two Fortinet vulnerabilities in Fortigate firewall appliances that led to a series of intrusions deploying the SuperBlack ransomware variant.

The combination of weak credentials without MFA and unpatched or misconfigured systems creates a ticking timebomb for organizations to have threat actors compromise accounts and infiltrate perimeter security devices, resulting in cyber incidents such as ransomware and large-scale attacks.

Recommendations

Participate in security awareness training to help better understand cyber threats, provide a strong line of defense, and identify red flags in potentially malicious communications.

Use strong, unique passwords and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes. Keep systems up to date and apply patches after appropriate testing.

Utilize network segmentation to isolate valuable assets and help prevent the spread of ransomware and malware.

Enforce the Principle of Least Privilege, disable unused ports and services, and use web application firewalls (WAFs).

Maintain robust and up-to-date endpoint detection tools on every endpoint.
Consider leveraging behavior-based detection tools rather than signature-based tools.

Encrypt sensitive data at rest and in transit. Establish a comprehensive data backup plan that includes performing scheduled backups regularly, keeping an updated copy offline in a separate and secure location, and testing regularly.

Create and test continuity of operations plans (COOPs) and incident response plans. Review the Ransomware: Risk Mitigation Strategies

Employ tools such as haveibeenpwned.com to determine if your PII has been exposed via a public data breach.

Join us to create your own custom copilot with Azure AI

Free Training

Adapt your skills and master the tools you’ll need to thrive in an AI-powered world at a free Microsoft Azure Virtual Training Day from Microsoft Learn.

Join us at Develop Your Own Custom Copilots with Azure AI to learn how to create a custom copilot. You’ll review and compare language models to select the best one for your endpoint and learn how to deploy these models into your chat applications.

You’ll also explore using Azure AI prompt flow to fine-tune and enhance model performance. Discover optimization strategies, including prompt engineering and Retrieval Augmented Generation, to tailor your model using your data. After completing this training, you’ll be eligible to take the Microsoft Azure AI Fundamentals certification exam at 50% off the exam price.

You’ll have the opportunity to:
Learn how to configure language model deployments.

Explore optimization strategies to improve model performance.

Understand how to build a custom copilot using prompt flows and ground it with your data.

Chat with Microsoft experts—ask questions and get answers on building your copilot.
Join us at an upcoming two-part Develop Your Own Custom Copilots with Azure AI event:
May 07, 2025
11:00 AM – 2:00 PM | (GMT-05:00) Central Time US & Canada
12:00 PM – 3:00 PM | (GMT-04:00) Eastern Time US & Canada
10:00 AM – 1:00 PM | (GMT-06:00) Mountain Time US & Canada
9:00 AM – 12:00 PM | (GMT-07:00) Pacific Time US & Canada

May 08, 2025
11:00 AM – 1:45 PM | (GMT-05:00) Central Time US & Canada
12:00 PM – 2:45 PM | (GMT-04:00) Eastern Time US & Canada
10:00 AM – 12:45 PM | (GMT-06:00) Mountain Time US & Canada
9:00 AM – 11:45 AM | (GMT-07:00) Pacific Time US & Canada

Delivery Language: English
Closed Captioning Language(s): English
Register here

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution – PATCH: NOW

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLEGENCE:
There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

Chrome prior to 135.0.7049.84/.85 for Windows and Mac
Chrome prior to 135.0.7049.84 for Linux

RISK:
Government:

Large and medium government entities: High
Small government entities: Medium

Businesses:

Large and medium business entities: High
Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Details of the vulnerability are as follows:

Tactic: Initial Access (TA0001):

Technique: Drive-By Compromise (T1189):

Use after free in Site Isolation (CVE-2025-3066)

Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:

Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
- Safeguard 9.1: Ensure Use of Only Fully Supported Browsers and Email Clients: Ensure only fully supported browsers and email clients are allowed to execute in the enterprise, only using the latest version of browsers and email clients provided through the vendor.
Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
Restrict execution of code to a virtual environment on or in transit to an endpoint system. (M1048: Application Isolation and Sandboxing)
Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
- Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
- Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
- Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

REFERENCES:

Google:
https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_8.html

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3066

Critical Patches Issued for Microsoft Products, April 8, 2025 – PATCH: NOW – TLP: CLEAR

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

Visual Studio Code
Windows Standards-Based Storage Management Service
Windows Local Security Authority (LSA)
Windows NTFS
Windows Routing and Remote Access Service (RRAS)
Windows Update Stack
Windows Telephony Service
Windows DWM Core Library
Microsoft Edge (Chromium-based)
Azure Local Cluster
Windows Hello
Windows BitLocker
Windows USB Print Driver
Windows Digital Media
Windows Cryptographic Services
Microsoft Office
Windows Kerberos
Windows Kernel
Windows Secure Channel
Windows Local Session Manager (LSM)
Windows LDAP – Lightweight Directory Access Protocol
Windows upnphost.dll
Windows Media
Windows Remote Desktop Services
Windows Subsystem for Linux
Windows Defender Application Control (WDAC)
RPC Endpoint Mapper Service
Windows Win32K – GRFX
ASP.NET Core
Windows TCP/IP
Microsoft Virtual Hard Drive
Microsoft Streaming Service
Windows Mark of the Web (MOTW)
Windows HTTP.sys
Remote Desktop Gateway Service
Windows Universal Plug and Play (UPnP) Device Host
Remote Desktop Client
Azure Local
Windows Bluetooth Service
Windows Hyper-V
Windows Installer
Windows Kernel-Mode Drivers
Windows Shell
OpenSSH for Windows
Windows Virtualization-Based Security (VBS) Enclave
Windows Power Dependency Coordinator
Windows Security Zone Mapping
Windows Resilient File System (ReFS)
Windows Active Directory Certificate Services
System Center
Microsoft Office Word
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Edge for iOS
Microsoft AutoUpdate (MAU)
Visual Studio
Visual Studio Tools for Applications and SQL Server Management Studio
Outlook for Android
Active Directory Domain Services
Windows Mobile Broadband
Windows Kernel Memory
Power Automate
Azure Portal Windows Admin Center
Dynamics Business Central
Microsoft Office OneNote
Windows Common Log File System Driver

RISK:
Government:

Large and medium government entities: High
Small government entities: Medium

Businesses:

Large and medium business entities: High
Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.

A full list of all vulnerabilities can be found in the Microsoft link in the References section.

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:

Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
- Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
- Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources. (M1017: User Training)
- Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.
Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040 : Behavior Prevention on Endpoint)
- Safeguard 13.2 : Deploy a Host-Based Intrusion Detection Solution: Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
- Safeguard 13.7 : Deploy a Host-Based Intrusion Prevention Solution: Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.

REFERENCES:

Microsoft:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr
https://msrc.microsoft.com/update-guide

Everyone everywhere is invited

Let’s earn a GUINNESS WORLD RECORDS™ title together on April 8, 2025!

Let’s earn a GUINNESS WORLD RECORDS™ title together on April 8, 2025!