Six -- count 'em, six -- Microsoft zero-days have been confirmed by Microsoft in the latest Patch Tuesday security announcement.
Microsoft issued fixes for 67 security vulnerabilities, including the six zero-days, across its various products as part of this month's Patch Tuesday, SC Media reports.
Most serious of the addressed zero-days is the high-severity remote code execution flaw, tracked as CVE-2025-24993, which was discovered in Windows NTFS alongside other actively exploited bugs, tracked as CVE-2025-24984 and CVE-2025-24991, according to Microsoft.
Other zero-days include the Windows FAT file system flaw, tracked as CVE-2025-24985, Microsoft Management Console security evasion issue, tracked as CVE-2025-26644, and Win32 Kernel Subsystem privilege escalation bug, tracked as CVE-2025-24983.
Dustin Childs, part of Trend Micro's Zero Day Initiative, said both CVE-2025-24993 and CVE-2025-24985 could potentially allow system hijacking if exploited. Microsoft has also patched half a dozen critical flaws, including those affecting Office, Remote Desktop Client and Services, Windows Subsystem for Linux, and Windows DNS. Get patching!
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. Immersive names new CEO: Immersive (formerly Immersive Labs) has appointed Mark Schmitz as its new CEO, succeeding founder James Hadley, who is stepping down as CEO after eight years. Hadley will continue as the Chief Innovation Officer and as a board member. This news comes on the heels of Immersive's rebrand (previously Immersive Labs). Schmitz has more than 25 years of experience, and He most recently served as President at Collibra and Interim CEO at Citrix Systems, and has held senior leadership roles at SAP, Ariba, and Accenture. His expertise spans business operations, sales, customer success, digital transformation, and marketing. Congratulations!
2. Druva, MSFT partner for cloud, data security: Data security firm Druva announced a strategic relationship with Microsoft to help enterprises protect and secure their data against evolving cyber threats. Together, Druva and Microsoft will offer cloud-native and hybrid data protection and cyber resilience integrated with Microsoft Azure cloud services. The announcement also means that Druva now has access to 4 million new customers and is inching closer to an IPO.
3. Chainguard looks to raise funds at $3.5B valuation: Bloomberg reports that venture capital firm Kleiner Perkins is in talks to lead a funding round of $350 million for cybersecurity startup Chainguard Inc., according to people familiar with the matter. The raise would lift the startup's valuation to $3.5 billion, almost tripling it, sources said. Chainguard is based in Kirkland, Washington, and raised $140 million at a valuation of $1.1 billion in July 2024 from investors including Redpoint Ventures, Lightspeed Venture Partners and IVP.
4. Pentera lands $60M Series D funding: Automated security validation firm Pentera announced a $60 million Series D funding round led by Evolution Equity Partners, with participation from Farallon Capital Management, bringing the company's total funding to $250 million. Since its previous funding round in December 2021, Pentera has increased its ARR by more than 300% and expanded its customer base by 200%, with customers including Wyndham Hotels & Resorts and Virgin Airlines.
5. Expel launches MDR for Oracle: Managed detection and response (MDR) provider Expel announced today it is extending its cloud control plane MDR coverage to include Oracle Cloud Infrastructure (OCI). This makes Expel the first MDR services provider to cover OCI environments. This announcement builds on Expel’s MDR offerings for AWS, Google Cloud, Azure, and Kubernetes. Additionally, Expel announced it has joined the Cloud Security Alliance (CSA), to help advance cloud security practices globally.
