March 2025 – Page 7 – TheWindowsUpdate.com

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and exfiltrate files and system and user information, such as digital wallet data and notes, among others.

The post New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects appeared first on Microsoft Security Blog.

Continue reading New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects→

CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability→

CVE-2025-26633 Microsoft Management Console Security Feature Bypass Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. Continue reading CVE-2025-26633 Microsoft Management Console Security Feature Bypass Vulnerability→

CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability→

CVE-2025-26634 Windows Core Messaging Elevation of Privileges Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network. Continue reading CVE-2025-26634 Windows Core Messaging Elevation of Privileges Vulnerability→

CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

In the Security Updates table added Windows Server 2022, 23H2 Edition (Server Core installation) as it is affected by this vulnerability. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers wh… Continue reading CVE-2022-30170 Windows Credential Roaming Service Elevation of Privilege Vulnerability→

CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-24983 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability→

CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability

Posted on March 11, 2025 by Syndicated News — No Comments ↓

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-24035 Windows Remote Desktop Services Remote Code Execution Vulnerability→