ngCERT SECURITY ADVISORY ON MULTIPLE MEDIUM – LOW VULNERABILITIES IN MICROSOFT WINDOWS COMPONENTS AND DELL FIRMWARE

Advisory ID:   ngCERT-2025-100002

SUMMARY

ngCERT has detected about 78 (medium to low) vulnerabilities primarily impacting Microsoft Windows components like Windows Digital Media and Secure Boot, as well as Dell firmware. These weaknesses include elevation of privilege (EoP), security feature bypasses, and improper access controls, with CVSS v3.1 scores from 4.3 to 8.1 (low to high severity). Most of these require local access, but exploitation could lead to system compromise or data exposure. Although the vulnerabilities have been patched, there is an urgent need for these systems to be updated and the patches applied to safeguard against exploits and possible cyberattacks.

Damage:      Critical

Probability:  High 

Platform(s):  Microsoft Windows, Dell Firmware

DESCRIPTION

The vulnerabilities mainly affect Microsoft Windows 10/11 and Server 2019/2022, with some impacting Dell firmware and older non-Microsoft products. Key details include:

a) Windows Digital Media (EoP):Over 40 CVEs, such as (CVE-2025-21229 and CVE-2025-21255), involve improper input validation or out-of-bounds reads, allowing local attackers to gain SYSTEM-level privileges.

b)  Windows Secure Boot:CVE-2025-21211 allows bypassing Secure Boot via flaws in DBX update validation, enabling unsigned bootloader execution.

c)  Dell Firmware: CVE-2024-52537 permits high-privileged attackers to exploit symlink issues in the Dell Client Platform Firmware Update Utility for privilege escalation.

d) Other Microsoft Issues:CVEs like CVE-2024-55541 (audio driver buffer overflow) and CVE-2024-51456 (SMB Remote Code Execution) cover Denial-of-Service (DoS), kernel exploits, and remote code execution.

e)  Legacy/Other Vendors: Older CVEs such as CVE-2023-50946 in OpenSSH, CVE-2021-29669 in Zyxel) involve RCE, EoP, or information disclosure in non-Microsoft products.

CONSEQUENCES

Successful exploitation of these flaws could result in:

1. Privilege Escalation: Local attackers could gain SYSTEM access, enabling malware persistence, data theft, or network lateral movement.
2. System Integrity Loss: Secure Boot bypass (CVE-2025-21211) allows rootkits or tampered firmware to evade boot protections.
3. Service Disruption: Denial of Service (DoS) issues, such as (CVE-2024-55541), may crash services or leak kernel memory.
4. Chained Attacks: These flaws could enable ransomware or APTs. No active exploits are reported as of October 2025, but local access increases insider threat risks.

SOLUTION/MITIGATION

To mitigate these vulnerabilities, ngCERT recommends the following measures:

1. Apply Patches: Install Microsoft January 2025 updates via Windows Update or WSUS. For CVE-2024-52537, update Dell firmware using Dell Command Update.
2. Enhance Access Controls: Enforce least privilege, disable untrusted media playback, and use AppLocker/WDAC to block unsigned binaries.
3. Monitor and Harden: Enable Secure Boot and TPM 2.0; use EDR tools to detect privilege escalation. Apply upstream patches for legacy CVEs such as OpenSSH.
4. Verify Systems: Scan for vulnerable versions with tools like Qualys or Tenable. Check Microsoft Security Response Centre for updates.
5. Best Practices: Segment networks, adopt zero-trust, and test patches in staging environments. Isolate or retire end-of-support systems.

HYPERLINK

• https://msrc.microsoft.com/update-guide
• https://www.tenable.com/blog/microsofts-september-2025-patch-tuesday-addresses-80-cves-cve-2025-55234
• https://www.rapid7.com/blog/post/em-patch-tuesday-september-2025/
• https://isc.sans.edu/diary/31590