Exposures, Exposed! Weekly Round-up January 13 – January 19

Welcome to this week’s edition of Exposures Exposed! In a world full of evolving risks, it's essential to stay ahead of the threats that can compromise your security. Each week, our experts uncover critical vulnerabilities and exposures that could catch you off guard. Stay informed, strengthen your defenses, and ensure your security remains uncompromised.

Microsoft Patch Tuesday Update Addresses 161 Vulnerabilities??

Microsoft issued its largest Patch Tuesday update of the decade on January 14, fixing 161 vulnerabilities, including eight zero-day flaws. Three zero-days in Windows Hyper-V NT Kernel VSP have been exploited in the wild, enabling privilege escalation to SYSTEM-level access. The update also addresses critical flaws in Microsoft Access, Windows App Package Installer, and Windows Themes.??

The patches cover a wide range of products, including Office applications, .NET Framework, Visual Studio, and SharePoint. Security experts emphasize the importance of timely updates, particularly for the actively exploited Hyper-V vulnerabilities, which could compromise entire host environments.??

The Takeaway: Apply Microsoft’s January updates immediately to mitigate critical risks. Learn more here.??

Six Rsync Vulnerabilities Disclosed, Patches Now Available??

Six vulnerabilities in the Rsync file-synchronization tool were disclosed Wednesday, including critical and high-severity flaws that could result in remote code execution and data leakage. The vulnerabilities affect Rsync versions 3.3.0 and earlier, with patches available in version 3.4.0.??

The most severe flaw, CVE-2024-12084, has a CVSS score of 9.8 and stems from improper handling of checksum lengths exceeding 16 bytes, potentially allowing attackers to execute remote code. CVE-2024-12085, with a CVSS score of 7.5, involves checksum manipulation leading to information leakage. Both vulnerabilities can be exploited through anonymous read-only access to an Rsync server.??

Four medium-severity vulnerabilities, including file leakage and path traversal issues, were also disclosed. These flaws could lead to privilege escalation, unauthorized file writes, and data exposure.??

The Takeaway: Update to Rsync version 3.4.0 immediately to mitigate these risks. Learn more here.??

Google Releases Chrome 132 With Sixteen Security Fixes??

Google announced the release of Chrome 132 on Tuesday, addressing 16 security vulnerabilities. Thirteen of these flaws were reported by external researchers, including five high-severity issues affecting components like the V8 JavaScript engine, Navigation, Skia, Metrics, and Tracing.??

The most critical issues include an out-of-bounds memory access in V8 (CVE-2025-0434) and an inappropriate implementation in Navigation (CVE-2025-0435), with researchers earning $7,000 for each discovery. Medium-severity flaws, including a race condition in Frames and an inappropriate implementation in Fullscreen, received $5,000 rewards. Lower-severity issues, such as inappropriate implementations in Extensions and Navigation, were also addressed.??

Chrome 132 is rolling out as version 132.0.6834.83/84 for Windows and macOS, and 132.0.6834.83 for Linux. Google advises users to update their browsers immediately to ensure protection.??

The Takeaway: Update Chrome to version 132.0.6834.83/84 to address security risks. Learn more here.??

SAP Fixes Critical Vulnerabilities in NetWeaver and BusinessObjects??

SAP has released patches to address two critical vulnerabilities in its NetWeaver web application server, including CVE-2025-0070 and CVE-2025-0066, both rated 9.9 in severity. These flaws could allow attackers to escalate privileges and access restricted information, compromising confidentiality, integrity, and availability.??

Additionally, SAP addressed 12 medium and high-severity vulnerabilities, including CVE-2025-0063, a SQL injection flaw in NetWeaver, and CVE-2025-0061, a session hijacking vulnerability in BusinessObjects. The vulnerabilities affect key enterprise platforms used for ERP systems, analytics, and secure communication.??

SAP strongly recommends that customers prioritize applying the latest patches to safeguard their systems. These updates are essential to protecting enterprises across industries like finance, healthcare, and manufacturing, where SAP products play a vital role.??

The Takeaway: Apply SAP’s latest patches immediately to secure critical systems. Learn more here.??

CISA Adds BeyondTrust Flaw to Exploited Vulnerabilities Catalog??

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-12686, a medium-severity vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products, to its Known Exploited Vulnerabilities catalog. The flaw, with a CVSS score of 6.6, enables attackers with administrative privileges to execute operating system commands as a site user.??

This follows the inclusion of CVE-2024-12356, a critical flaw in the same product, last month. Both vulnerabilities are linked to a December 2024 cyber incident where attackers exploited a compromised Remote Support SaaS API key, targeting the U.S. Treasury Department. The breach has been attributed to a Chinese state-sponsored group, Silk Typhoon.??

CISA also added CVE-2023-48365, a critical vulnerability in Qlik Sense exploited by the Cactus ransomware group. Federal agencies must apply patches by February 3, 2024, to mitigate these threats.??

The Takeaway: Apply patches for BeyondTrust and Qlik Sense vulnerabilities immediately. Learn more here.??

Critical Vulnerabilities Discovered in SimpleHelp Remote Support Software??

Organizations using SimpleHelp for remote IT support must update their server installations immediately to address three critical vulnerabilities that could enable remote attackers to execute code on host systems.??

The vulnerabilities include CVE-2024-57727, a path traversal flaw allowing attackers to download sensitive server files; CVE-2024-57728, which permits file uploads that could result in remote code execution; and CVE-2024-57726, which enables privilege escalation to admin. Researchers from Horizon3.ai identified these flaws, emphasizing that nearly 3,500 internet-facing SimpleHelp servers are at risk, though the number of unpatched systems remains unknown.??

SimpleHelp has released version 5.5.8 to resolve these issues, with patches available for earlier versions. Users are also advised to change administrator and technician passwords and limit login IP addresses for enhanced security.??

The Takeaway: Update SimpleHelp servers and implement security measures immediately. Learn more here.??

Juniper Networks Releases Patches for Multiple Vulnerabilities

Juniper Networks released security updates for the Junos OS platform, addressing high-severity vulnerabilities. Patches resolve an out-of-bounds read flaw in the routing protocol daemon (RPD) tracked as CVE-2025-21598, which could lead to denial-of-service (DoS) when processing malformed BGP packets. Users are advised to disable packet receive trace options as a workaround.

Another critical patch addresses CVE-2025-21599, a defect in the Juniper Tunnel Driver, which could allow attackers to cause a DoS condition through malformed IPv6 packets.

Juniper also released patches for vulnerabilities in OpenSSH, including CVE-2024-6387, and updates for third-party components in Junos Space.

The Takeaway: Apply Juniper’s security patches to protect your systems. Learn more here.

That’s all for this week – have any exposures to add to our list? Let us know!

Read our article "10 Cybersecurity Trends to Watch in 2025 and How to Prepare":