Microsoft has released security updates for Windows 10 and Windows 11, which include new features and address various vulnerabilities. Notably, the updates introduce a blocklist for vulnerable kernel drivers and highlight known issues affecting SSH connections and Citrix configurations. Affected: Windows 10, Windows 11, Citrix
Keypoints :
- Microsoft has provided security updates for Windows 10 (KB5049981) and Windows 11 (KB5050009, KB5050021).
- The updates include a blocklist file for vulnerable kernel drivers to prevent privilege escalation.
- Known issues include SSH service failures due to the update and installation problems for devices with specific Citrix configurations.
- Windows 11 version 24H2 has a new build number of 26100.2605.
- File Explorer enhancements allow sharing content with Android devices via Phone Link.
- Improvements in voice-to-text and text-to-speech functionalities have been made.
- Multiple vulnerabilities have been identified, including remote code execution vulnerabilities.
MITRE Techniques :
- TA0001 – Initial Access: Exploitation of vulnerabilities in Microsoft Digest Authentication (CVE-2025-21294).
- TA0001 – Initial Access: Exploitation of SPNEGO extension negotiation (CVE-2025-21295).
- TA0001 – Initial Access: Exploitation of BranchCache vulnerabilities (CVE-2025-21296).
- TA0001 – Initial Access: Exploitation of Windows OLE vulnerabilities (CVE-2025-21298).
- TA0001 – Initial Access: Exploitation of RMCAST vulnerabilities (CVE-2025-21307).
Indicator of Compromise :
- [file hash] CVE-2025-21294
- [file hash] CVE-2025-21295
- [file hash] CVE-2025-21296
- [file hash] CVE-2025-21298
- [file hash] CVE-2025-21307
- Check the article for all found IoCs.
Full Research: https://wezard4u.tistory.com/429384