Highlights from the cybersecurity world
1. Emergency fix for a critical bug in the Windows 11 24H2 update.
A significant bug in the latest Windows 11 24H2 updates is causing Blue Screen of Death (BSOD) crashes with the error code “SECURE_KERNEL_ERROR.” First reported in March, the issue worsened after the April 2025 Patch Tuesday update, affecting users globally.
Microsoft has introduced a Known Issue Rollback (KIR) that disables the problematic code and is being pushed to affected devices via Windows Update. Users should keep their devices connected to the internet and restart them multiple times. In managed environments, administrators must update Group Policy manually. As the KIR is a temporary solution, users should regularly check for a permanent fix update. Microsoft is working on it.
2. Automated bots have generated more web traffic than humans for the first time
In a historic shift for internet traffic patterns, automated bots have surpassed human activity, making up 51% of all web traffic in 2024, according to the latest Bad Bot Report. This change is largely driven by the rapid adoption of artificial intelligence and large language models, making bot creation easier.
Notably, malicious bots now account for 37% of internet traffic, up from 32% in 2023, while beneficial bots like search engine crawlers represent the remaining 14%.
To combat these evolving threats, organisations should adopt layered defence strategies, including behavioural analysis and machine learning.
3. Firefox critical update fixes a high-severity vulnerability
Mozilla has released a crucial security update for Firefox to address a serious vulnerability that could result in memory corruption. This patch addresses a race condition in the browser’s HTTP handling that attackers could exploit to execute arbitrary code. Users should update to Firefox 137.0.2 immediately, as the vulnerability does not require user interaction to be exploited. All supported OS systems can get the update.
4. A major Windows 11 vulnerability allows attackers to gain admin control. Update now!
In just 300 milliseconds, an attacker may upgrade from a low-privileged user to full system administrator capabilities thanks to a serious flaw in Windows 11. This flaw exploits a weakness in the “Mobile devices” feature related to the camera functionality. Affected systems can be compromised via a DLL file linked to using a phone's camera as a webcam. Microsoft issued a patch in their March 2025 updates, and users are urged to apply it as soon as possible. Endpoint Detection and Response (EDR) solutions can also detect such attacks through behavioural monitoring.
5. Chrome urgent security update
Google has released an urgent security update for Chrome due to two critical vulnerabilities that could allow attackers to steal sensitive data and access users' systems. The update, which is being distributed worldwide, fixes a "use-after-free" issue in the USB component and a heap buffer overflow in Chrome's Codecs component. All users on outdated versions are urged to update to the latest stable version immediately.
6. Windows 11 users NOT to delete a suspicious empty folder
A new empty folder on Windows systems, typically found at C:\inetpub, has raised user concerns after recent updates. However, Microsoft confirmed it’s an intentional security measure aimed at mitigating a patched vulnerability, even for those not using web server software. The folder appeared following the April 2025 Patch Tuesday updates, and while it may seem suspicious, it enhances security rather than posing a threat.
7. Microsoft disables ActiveX by default
Microsoft has enhanced security in its productivity suite by disabling ActiveX controls by default in Microsoft 365 applications. This update aims to reduce malware risks and will automatically block ActiveX controls in Word, Excel, PowerPoint, and Visio starting April 2025. Organisations needing ActiveX can adjust settings through Group Policy or the Cloud Policy service. The update is currently available to Beta Channel users and Current Channel (Preview) users on Version 2504 or later.
8. Android devices to restart automatically if you don’t use them
Google has launched a key security enhancement for Android devices that automatically reboots phones and tablets after three consecutive days (72 hours) of inactivity. This feature, part of the latest Google Play services update (version 25.14), enhances protection against unauthorised access to user data. After rebooting, devices enter a "Before First Unlock" (BFU) state, which encrypts data and disables biometric authentication until the device PIN is typed.
This move addresses rising concerns about physical device security and will be rolled out to most Android devices in the coming weeks.
9. SSL/TLS Certificates validity to be reduced to 47 days by 2029
A proposal to reduce the maximum validity of SSL/TLS certificates from 398 days to 47 days by 2029 has been approved. This measure, proposed by Apple, will be implemented in three phases: 200 days validity by March 15, 2026; 100 days validity by March 15, 2027, and 47 days validity by March 15, 2029. The last stage will require monthly renewals and drastically reduce DCV reuse periods to 10 days.
Businesses must update their infrastructure and adopt automation solutions to prepare for this shift. The timeline allows for adaptation, but those who do not modernise risk compliance issues and service outages.
10. 100,000 WordPress sites vulnerable to unauthorised access
A critical vulnerability in the SureTriggers WordPress plugin affects over 100,000 WordPress websites, allowing attackers to create unauthorised admin accounts. This flaw impacts all versions up to 1.0.78, specifically on sites where the plugin is activated without a properly configured API key. With admin access, attackers can upload backdoors, inject malware, and redirect users to fraudulent sites. WordPress administrators should update to version 1.0.79 immediately.
11. Enhanced Exchange and SharePoint Server security with antimalware scan
Microsoft has announced a security upgrade for Exchange and SharePoint Servers via Windows Antimalware Scan Interface (AMSI) integration, which intercepts harmful web requests. To enable AMSI protection, organisations should:
- Update to the November 2024 Security Update for Exchange Server or SharePoint Server Subscription Edition Version 25H1.
- Install the most recent security patches.
- Turn on automatic sample submission and cloud-delivered security.
- Use the least-privilege concept to limit access.
- Set notifications for questionable application pool processes as a top priority.
12. Emergency fix for Office 2016 update crashes
Microsoft has released an emergency patch for widespread crashes in Office 2016 applications, particularly affecting MSI-based editions. The fix, released on April 10, 2025, resolves issues with Word, Excel, and Outlook freezing after a previous update. KB 5002700 and KB 5002623 are two updates that customers must apply to restore functionality.
Affected customers can manually download the updates from the Microsoft Download Center, and those still having issues should contact Microsoft Support.
13. Adobe security updates for 12 products
On April 8, 2025, Adobe rolled out security updates for twelve products, including Photoshop, After Effects, and Premiere Pro. These patches address critical vulnerabilities that could lead to code execution, privilege escalation, and denial-of-service attacks. Users should update their software immediately via the Creative Cloud desktop application or the Help menu. IT administrators managing larger environments can use the Creative Cloud Packager for streamlined deployment.
14. Microsoft April 2025 Patch Tuesday
Microsoft's April 2025 Patch Tuesday addresses 121 vulnerabilities, including one zero-day vulnerability that is presently exploited. The security update covers a wide range of software products. Users are urged to update their software immediately, especially considering the number of vulnerabilities addressed.
15. Microsoft strengthens Outlook
Microsoft Outlook will implement stricter authentication requirements for high-volume senders (over 5,000 emails daily) starting May 5, 2025. This initiative aims to enhance inbox protection. The updated policy will require compliance with SPF, DKIM, and DMARC protocols to verify email legitimacy and combat spoofing and phishing. These measures foster a safer email ecosystem, improving deliverability and brand credibility for compliant senders.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!