Microsoft just fixed over 107 flaws including one serious zero-day — update your PC right now
Bleeping Computer reports that of the total flaws that were fixed, thirteen were rated critical. Of those thirteen critical flaws, nine were remote code execution style vulnerabilities, three were information disclosure attacks and one was an elevation of privilege.
The style of bugs from the total number of vulnerabilities breaks down to:
The zero-day vulnerability (tracked as CVE-2025-53779)is a Windows Kerberos Elevation of Privilege Vulnerability. It's a flaw in Kerberos that would permit authenticated hackers to have domain administrator privileges over a network. However, according to Microsoft, the attacker would require elevated access to two dMSA attributes in order to exploit the vulnerability.
The two attributes are msds-groupMSAMembership, which would allow the user to utilize the dMSA and msds-ManagedAccountPreceededByLink, where the attacker needs write access to the attribute which allows them to specify a user that the dMSA can act on behalf of.
Microsoft has attributed the discovery of the flaw to Yuval Gordon of Akamai who published a technical report on the flaw in May.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
36 minutes ago
- Tom's Guide
Love retro smartphones? This leaker is turning old iPhones into art
Sonny Dickson is known for leaking the latest information about upcoming smartphones. We've covered several Sonny leaks on Tom's Guide over the years, and his track record is quite solid. But Dickson isn't just here to spill the beans about upcoming phones. He's also a fan of the past, which is why his new product, called Collectible Phones, is designed to take discarded smartphones from the past and transform them into art. As soon as I saw the first framed phone, I had to know more about the project. I did some digging and found that it's not just about making art, but there's a "commitment to sustainability" motivating the project. We generate a significant amount of e-waste, so finding a way to repurpose old phones is beneficial. It could introduce a whole new item to collect — people collect retro games and other old tech, so why not phones? I asked Dickson what inspired him to start the project. "Everything I saw on the market just wasn't very good, poor layouts, low-quality parts, or sloppy presentation," he said in an interview with Tom's Guide. "I knew I could create something that truly celebrated the technology and history of these devices, with the quality and attention to detail they deserved." Currently, the website has a deconstructed original iPhone for sale. It's a conversation piece to have on the wall, and it gives you a little history of the first iPhone. Every detail, from the dimensions to the specs of the camera, is laid out. If you've ever wanted to take an original iPhone apart but were too afraid to, this $349 art piece is worth a look. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. And it's not just the art pieces — Dickson's website features a wide selection of vintage phones for sale, all of which are fully intact and in good condition. You can get an original iPhone, the T-Mobile G1, the first Android phone and more. The prices are reasonable for these phones, with the G1 selling for only $167. But these phones aren't easy to find, as Dickson says that getting them is "extremely hard, especially if you're looking for perfect back housings and original components in great condition." As soon as you start talking about collecting, you have to think about rarity. Every collectible item, from trading cards to Funko Pops, has its value connected to rarity. If collecting old phones takes off, some devices are going ot be harder to come by than others. "The 4GB iPhone 2G is one of the rarest. It was only on the market for a short time before Apple replaced it with the 8GB version. Finding one in pristine condition can feel like hunting for some sort of treasure," said Dickson regarding the rarest phone. If you have one of those kicking around your home, you may have a piece of history that not everyone can get their hands on.
Forbes
37 minutes ago
- Forbes
Microsoft Issues Free Update Offer To Millions Of Windows Users
Microsoft has now issued its free update offer to millions more Windows 10 users. After this mandatory update to KB5063709, you should see the option to 'Enroll in Extended Support Updates,' which will run until October 2026. Per Windows Latest, 'there's a new Enroll Now link inside the Windows Update page.' You still have several options to extend security support, including paying $30 which could cover as many as 10 PCs on a single account. Most users will opt for the free update offer though, linking the ESU to their Microsoft account and OneDrive. Microsoft confirmed this was coming back in July, blogging that 'individuals will begin to see an enrollment wizard through notifications and in Settings, making it simple to select the best option for you and enroll in ESU directly from your personal Windows 10 PC.' As Windows Latest confirms, 'more users should see the toggle' after this update. 'If you weren't seeing the option to extend updates earlier,' the website explains, 'you should try looking again after today's update.' It hasn't all been smooth sailing for the well-publicized ESU enrollment wizard. Some users reported 'immediately crashes' when it's clicked. This was a central Microsoft issue that is now fixed. It's not all good news — at least not for Microsoft. Because 'all activated licenses of Windows 10 are eligible for ESU,' the accelerating progress that was being made pushing Windows 10 holdouts to switch has shifted into a sharp reverse. A month ago we heralded Windows 11's achievement in finally overtaking Windows 10 after years of frustration. It did seem that the flip would continue all the way through to the 250 million or so PCs ineligible for the upgrade. But that's not to be. As I warned might happen, this free ESU u-turn has triggered a reversal in Windows 11's recent fortunes, at least according to Statcounter's indicative data. And while it's still marginally head of its retiring sibling, Windows 11 is moving in the wrong direction. A free ESU is laudable, but it should have been limited to PCs that cannot upgrade. Right now, it seems we may just have delayed a cliff edge, meaning we all get to go again next summer with the upgrade nags and cybersecurity warnings. We will know more over the coming weeks, but Windows 10 could be about to reclaim its crown.
Yahoo
an hour ago
- Yahoo
Market still ‘very dynamic': WSP CEO
This story was originally published on Construction Dive. To receive daily news and insights, subscribe to our free daily Construction Dive newsletter. WSP announced a $1 billion, seven-year partnership with Microsoft at the beginning of 2025 to accelerate the digitization of the architecture, engineering and construction industry via artificial intelligence. That alliance is now paying off, CEO Alexandre L'Heureux said on a second-quarter earnings call Aug. 7. 'In our bidding group … we believe that very soon we will be able to reduce some of our human output by close to 80%,' L'Heureux said. 'So that's not de minimis, because we have bidding groups across each and every segment and across each and every country. So that's an example of where we feel we can make a tremendous improvement and reduce human intervention.' It's not just AI creating those results, though: In the past decade, the Montreal-based construction giant's revenue per employee has seen constant growth while labor became cheaper, according to L'Heureux. 'Our revenue at the moment is growing much faster than our headcount,' L'Heureux said. 'That's why today, unlike perhaps five, six, seven years ago, I am not talking as much about headcount as we used to. To me, it's becoming more irrelevant.' Although the market is still 'very, very dynamic,' WSP has not seen much election-related disruption amid recent or upcoming votes in major markets including New Zealand, the U.K., Australia, Canada and the U.S., according to L'Heureux. Even with regime change in the U.S. and U.K., infrastructure spending remains a top priority for both of those countries, L'Heureux said. Although President Donald Trump's administration has brought some shifts in priorities — for instance, away from renewables and towards fossil fuels — he aims to facilitate and expedite investment. Projects and sectors Data centers and related projects remain hot, with 'robust activity across all of our geographies,' according to L'Heureux. 'Mandates encompass site acquisition, due diligence, master planning for new AI factories, greenfield data center design projects, brownfield data center upgrades and the growing power and water infrastructure demand,' L'Heureux said. WSP has also seen 'tremendous growth in power generation,' L'Heureux said, citing thermal and nuclear energy in particular. To that end, Power Engineers, the Hailey, Idaho-based engineering and environmental consulting firm it purchased in August 2024, had an organic growth rate of 16% this quarter. 'It was a must-do deal, and I'm extremely pleased that we completed this acquisition. It's very, very strategic for our platform,' L'Heureux said. 'I'm feeling very bullish on this acquisition and very bullish around this [power generation] sector.' Water continues to benefit from investment across most of WSP's geographies, L'Heureux said. The firm recently secured a role in an Ontario wastewater treatment plant expansion, as well as a major PFAS project for the U.S. Air Force in the Midwest that 'shows our strong position in the combined defense and water markets,' according to L'Heureux. Despite the Trump administration's reversal of environmental projects and protections, WSP's environmental backlog has continued to grow, even in the U.S., L'Heureux said. In particular, WSP's biodiversity and marine expertise are in high demand in Canada. The transportation infrastructure sector, including rail, continued to perform well, per L'Heureux. WSP won a role in the $3.9 billion Hampton Roads Bridge-Tunnel project in Virginia, as well as in the new terminal of Perth International Airport in Australia. By the numbers WSP reported revenues of $4.5 billion Canadian dollars ($3.3 billion) in its second quarter earnings, up 14.6% from CA$3.9 billion in Q2 2024. The firm's profits grew to CA$279 million in Q2 2025, up nearly 52% from the same period last year. Backlog stood at CA$16.3 billion, a 10.9% increase from Q2 2024. That was due mostly to continued strong performance in Canada, the Americas and Europe, Middle East, India and Africa, according to WSP CFO Alain Michaud, and to the fact that WSP reduced its presence in the Asia-Pacific region in the first half of the year after its performance slowed. 'Clients are recognizing the expertise that we bring to the table,' L'Heureux said. 'It allows us to be more selective in the projects that we undertake, but it also allows us to charge for the great work that our engineers are doing.' More M&A Although L'Heureux noted last quarter that election-related uncertainty was dampening the M&A market, he said his firm is continuing to pursue merger and acquisition opportunities. In June WSP acquired Lexica, a U.K.-headquartered consulting firm specializing in healthcare and life sciences, which adds 90 experts to the firm's Planning, Property and Advisory business in the region and forms a new Healthcare and Life Sciences Advisory team. WSP also announced an agreement in June to purchase the U.K.-based consultancy Ricardo, which delivers strategic advisory and engineering solutions that intersect the global transport, energy and environment agenda. Recommended Reading M&A activity cools amid instability: WSP
