Vulnerability Disclosure
The latest Vulnerability Disclosure coverage — news, analysis, and updates from the WindowsNews.AI desk.
Milesight Gateway Vuln CVE-2025-4043 Enables Code Execution at Boot
In the rapidly evolving landscape of industrial control systems (ICS), security remains a paramount concern for organizations operating across critical infrastructure sectors. A recent cybersecurity...
Remote attackers crash Windows servers via unauthenticated WDS TFTP flood in under seven minutes
Overview A critical zero-click vulnerability has been identified in Microsoft's Windows Deployment Services (WDS), posing a significant threat to enterprise networks. This flaw allows remote...
Legacy Windows Telnet Zero-Click Flaw Grants Remote Admin Access via NTLM Bypass
Overview Microsoft’s Telnet Server, a legacy component rooted in the early days of Windows networking, is now the focus of serious cybersecurity concerns due to the discovery of a critical...
Critical Vulnerabilities in MicroDicom DICOM Viewer Expose Medical Data and Patient Safety to Grave Risks
Introduction Recent security advisories have uncovered critical vulnerabilities within the widely used MicroDicom DICOM Viewer software, posing significant threats to patient data privacy and the...
CISA Urges Immediate Patching for Critical SAP Vulnerability (CVE-2025-31324) Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies and private organizations to patch a critical SAP vulnerability actively being...
Critical Vulnerabilities in Delta ISPSoft PLC Software: Mitigating Risks in Industrial Automation
Introduction In the dynamic and increasingly interconnected world of industrial automation, the security of software that programs and configures Industrial Control Systems (ICS)—particularly...
CISA alerts on critical flaws in Rockwell, Delta, Lantronix ICS gear.
On April 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) took significant action by publishing three new advisories targeting vulnerabilities in Industrial Control Systems...
Exploitation of Windows NTLM Vulnerability CVE-2025-24054 in Widespread Cyberattacks
Overview In March 2025, Microsoft released a security update addressing a critical vulnerability in the Windows NT LAN Manager (NTLM) authentication protocol, identified as CVE-2025-24054. Despite...
Microsoft's April 2025 Windows Update Introduces Security Flaw via Directory Junctions
In April 2025, Microsoft's Patch Tuesday updates aimed to address several security vulnerabilities in Windows operating systems. Among these was a fix for CVE-2025-21204, a privilege escalation...
Schneider Electric Uni-Telway Driver Vulnerability: Critical ICS Security Threat
In the ever-evolving landscape of cybersecurity, a newly disclosed vulnerability in Schneider Electric’s Uni-Telway Driver has raised significant concerns among experts and organizations relying on...
Critical Siemens TeleControl Server Vulnerability (CVE-2024-39859) Exposes ICS Risks
In the ever-evolving landscape of industrial cybersecurity, a recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has brought to light a critical vulnerability in Siemens...