Tech
Microsoft users warned over privilege elevation flaw | Computer Weekly
Microsoft marked the penultimate Patch Tuesday of 2025 with an update lighter than of late, addressing a mere 63 common vulnerabilities and exposures (CVEs) across its product estate – a far cry from many of its recent drops averaging well over 100 – and a solitary zero-day flaw.
Tracked as CVE-2025-62215, this month’s single zero-day is an elevation of privilege (EoP) vulnerability in the Windows Kernel that sits at the core of Microsoft’s operating system. It carries a CVSS score of just 7.0, and is not rated critical in its severity, however, exploitation has been observed in the wild, although no public proof-of-concept has yet been released.
Ben McCarthy, lead cyber security engineer at Immersive, explained that the root cause of the issue stems from two combined weaknesses one a race condition in which more than one process tries to access shared data and change it concurrently, the other a double free memory management error.
“An attacker with low-privilege local access can run a specially crafted application that repeatedly attempts to trigger this race condition,” he explained. “The goal is to get multiple threads to interact with a shared kernel resource in an unsynchronised way, confusing the kernel’s memory management and causing it to free the same memory block twice.
“This successful double-free corrupts the kernel heap, allowing the attacker to overwrite memory and hijack the system’s execution flow.”
McCarthy added: “Organisations must prioritise applying the patch for this vulnerability. While a 7.0 CVSS score might not always top a patch list, the active exploitation status makes it a critical priority. A successful exploit grants the attacker System privileges, allowing them to completely bypass endpoint security, steal credentials, install rootkits, and perform other malicious actions. This is a critical link in an attacker’s post-exploitation playbook.”
In the real world, said Mike Walters, president and co-founder of Action1, there are three core business impacts that would potentially arise from a successful compromise via CVE-2025-62215. Walters highlighted the possibility of mass credential exposure arising from the compromise of critical file servers, lateral movement and ransomware deployment, and regulatory, financial and reputational harm from data leakage or other operational disruption.
“Exploitation is complex,” he noted, “but a functional exploit seen in the wild raises urgency, since skilled actors can reliably weaponise this in targeted campaigns.”
Also high on the agenda for November is CVE-2025-60724 an RCE vulnerability in Graphics Device Interface Plus (GDI+), which carries a CVSS score of 9.8. GDI+ is a relatively low-level component but is responsible for rendering 2D graphics, images and text and therefore provides core functionality multiple Microsoft applications – and countless third-party programs, too.
Adam Barnett, Rapid7 lead software engineer, said this was as close to a zero-day as it was possible to get and likely to affect just about every asset running Microsoft software.
“In the worst-case scenario, an attacker could exploit this vulnerability by uploading a malicious document to a vulnerable web service,” he said.
“The advisory doesn’t spell out the context of code execution, but if all the stars align for the attacker, the prize could be remote code execution as System via the network without any need for an existing foothold. While this vuln almost certainly isn’t wormable, it’s clearly very serious and is surely a top priority for just about anyone considering how to approach this month’s patches.”
Action1’s Walters added: “This is emergency-level: a network-reachable RCE with no user interaction and low attack complexity is among the most dangerous bugs. Server compromise, tenant impact in multi-tenant systems, and the potential for rapid mass exploitation make this a top priority.
“Exploitation may take time to perfect because attackers must build reliable allocator and interpreter manipulations that bypass mitigations like CFG, ASLR, and DEP. Still, GDI+ and image parsing bugs have a history of being weaponised quickly.”
Critically acclaimed bugs
Finally, the docket for security teams this month includes four critical vulnerabilities, highlighted by Dustin Childs of Trend Micro’s Zero Day Initiative (ZDI). These are CVE-2025-30398, a third-party information disclosure flaw in Nuance PowerScribe 360; CVE-2025-60716, an EoP flaw in DirectX Graphics Kernel; CVE-2025-62199, an RCE flaw in Microsoft Office; and CVE-2025-62214, another RCE flaw in Visual Studio.
The new era of Silicon Valley runs on networking—and not the kind you find on LinkedIn.
As the tech industry funnels billions into AI data centers, chip makers both big and small are ramping up innovation around the technology that connects chips to other chips, and server racks to other server racks.
Networking technology has been around since the dawn of the computer, critically connecting mainframes so they can share data. In the world of semiconductors, networking plays a part at almost every level of the stack—from the interconnect between transistors on the chip itself, to the external connections made between boxes or racks of chips.
Chip giants like Nvidia, Broadcom, and Marvell already have well-established networking bona fides. But in the AI boom, some companies are seeking new networking approaches that help them speed up the massive amounts of digital information flowing through data centers. This is where deep-tech startups like Lightmatter, Celestial AI, and PsiQuantum, which use optical technology to accelerate high-speed computing, come in.
Optical technology, or photonics, is having a coming-of-age moment. The technology was considered “lame, expensive, and marginally useful,” for 25 years until the AI boom reignited interest in it, according to PsiQuantum cofounder and chief scientific officer Pete Shadbolt. (Shadbolt appeared on a panel last week that WIRED cohosted.)
Some venture capitalists and institutional investors, hoping to catch the next wave of chip innovation or at least find a suitable acquisition target, are funneling billions into startups like these that have found new ways to speed up data throughput. They believe that traditional interconnect technology, which relies on electrons, simply can’t keep pace with the growing need for high-bandwidth AI workloads.
“If you look back historically, networking was really boring to cover, because it was switching packets of bits,” says Ben Bajarin, a longtime tech analyst who serves as CEO of the research firm Creative Strategies. “Now, because of AI, it’s having to move fairly robust workloads, and that’s why you’re seeing innovation around speed.”
Big Chip Energy
Bajarin and others give credit to Nvidia for being prescient about the importance of networking when it made two key acquisitions in the technology years ago. In 2020, Nvidia spent nearly $7 billion to acquire the Israeli firm Mellanox Technologies, which makes high-speed networking solutions for servers and data centers. Shortly after, Nvidia purchased Cumulus Networks, to power its Linux-based software system for computer networking. This was a turning point for Nvidia, which rightly wagered that the GPU and its parallel-computing capabilities would become much more powerful when clustered with other GPUs and put in data centers.
While Nvidia dominates in vertically-integrated GPU stacks, Broadcom has become a key player in custom chip accelerators and high-speed networking technology. The $1.7 trillion company works closely with Google, Meta, and more recently, OpenAI, on chips for data centers. It’s also at the forefront of silicon photonics. And last month, Reuters reported that Broadcom is readying a new networking chip called Thor Ultra, designed to provide a “critical link between an AI system and the rest of the data center.”
On its earnings call last week, semiconductor design giant ARM announced plans to acquire the networking company DreamBig for $265 million. DreamBig makes AI chiplets—small, modular circuits designed to be packaged together in larger chip systems—in partnership with Samsung. The startup has “interesting intellectual property … which [is] very key for scale-up and scale-out networking” said ARM CEO Rene Haas on the earnings call. (This means connecting components and sending data up and down a single chip cluster, as well as connecting racks of chips with other racks.)
Light On
Lightmatter CEO Nick Harris has pointed out that the amount of computing power that AI requires now doubles every three months—much faster than Moore’s Law dictates. Computer chips are getting bigger and bigger. “Whenever you’re at the state of the art of the biggest chips you can build, all performance after that comes from linking the chips together,” Harris says.
His company’s approach is cutting-edge and doesn’t rely on traditional networking technology. Lightmatter builds silicon photonics that link chips together. It claims to make the world’s fastest photonic engine for AI chips, essentially a 3D stack of silicon connected by light-based interconnect technology. The startup has raised more than $500 million over the past two years from investors like GV and T. Rowe Price. Last year, its valuation reached $4.4 billion.
When Google’s self-driving car project began testing in the Bay Area back in 2009, its engineers focused on highways by sending its sensor-laden vehicles cruising down Interstate 280, which runs the length of Silicon Valley’s peninsula.
More than 15 years later, the cars are back on the freeway—this time without drivers. On Tuesday, the project, now an Alphabet subsidiary we all know as Waymo, announced that its robotaxi service would now drive on freeways in the San Francisco Bay Area, Los Angeles, and Phoenix.
The new service marks another technical leap for Waymo, whose robotaxis currently serve five US metros: Atlanta, Austin, Los Angeles, Phoenix, and the San Francisco Bay Area. The company says it will launch in several other US and international cities next year, including Dallas, Miami, Nashville, Las Vegas, Detroit, and London.
Waymo also announced Wednesday that it would begin curbside pickup and drop-off service at San Jose Mineta International Airport, allowing passengers to, theoretically, travel autonomously all the way from San Francisco to San Jose—a service area of some 260 square miles. Waymo has been offering its autonomous taxi service on area service roads since the summer of 2023, but the new freeway service could cut in half the time it takes for a robotaxi to travel from San Francisco to Mountain View, Waymo user experience researcher Naomi Guthrie says.
“Freeway driving is one of those things that’s very easy to learn, but very hard to master,” Waymo co-CEO Dmitri Dolgov told reporters last week. Highways are predictable, with (mostly) clear signs and lane lines, and a limited set of vehicles and players (trucks, cars, motorcycles, trailers) that a vehicle’s software must learn to recognize and predict. But Waymo executives said that, despite a year of employee- and guest-only highway testing, safety emergencies on highways are relatively rare, so the team was unable to collect as much real-world data as it needed to train its vehicles to operate safely there. Complicating the project was the fact that highway crashes, at high speeds, are subject to the laws of phsyics—and so more likely to maim or kill.
To get ready for highways, Waymo executives say, engineers supplemented real-world driving data and training with data collected on private, closed courses, and data created in simulations. Two onboard computers help create system “redundancies,” meaning the vehicles will have computer backup if something goes wrong. The vehicles have been trained to exit highways in the case of emergencies, but will be able to pull over as well. Waymo execs also say they have and will work with law enforcement and first responders, including highway patrols, to create procedures for vehicles and riders stranded on highway shoulders, where hundreds of Americans are killed every year.
Product highlight: the new Sedomat 6010 Controller
At their booth Sedo Treepoint will display the new Sedomat 6010 controller, a cost-effective yet powerful addition to the successful current Sedomat 6000/8000 Series. Compact, modular and designed for seamless integration, the new Series brings premium automation capabilities to a wider range of applications
At ITMA ASIA 2025 (Hall 8, Booth B410), Sedo Treepoint will showcase its latest textile automation and digitalisation solutions under the theme ‘Textile solutions together.’
Highlights include the new Sedomat 6010 Controller, MES expert systems, cloud-based Connect, and ColorMasterConnect, driving efficiency, sustainability, and quality in textile production.
Digital connectivity with MES and web-based solutions
Besides hardware, Sedo Treepoint will present its MES expert systems SedoMaster, SedoExpert and EnergyMaster, enabling real-time data exchange, centralized planning and connectivity across machines, ERP systems and chemical dosing units. Key features such as automatic production planning (APS) and process-wide optimizations help enhance efficiency and overall production performance.
With Connect, Sedo Treepoint introduces a new cloud-based solution for the entire textile industry. Designed to go beyond dyeing and finishing, Connect enables manufacturers across all textile sectors to benefit from centralized data access, real-time insights and scalable digital infrastructure without heavy upfront investment.
Alongside this, ColorMasterConnect will be presented as a web-based application. It provides intuitive, device-independent tools for color management, ensuring flexible, agile and accurate processes in production.
Innovation with purpose
“Automation and AI are powerful when combined with human expertise,” says Werner Volkaert, CEO of Sedo Treepoint. That’s why Sedo Treepoints solutions are designed to combine intelligent automation with deep industry expertise, delivering real value where it matters most. Helping manufacturers this way using resources efficiently, safely and consistently, is the main impact for ensuring higher quality, shorter lead times and long-term competitiveness.
Discover the future of textile automation
Visit Sedo Treepoint and their partner Smart Indigo at Hall 8, Booth B410, to experience the Sedomat 6010 Controller and new solutions like Connect and ColorMasterConnect. Discover how these innovations help textile manufacturers optimize production, reduce lead times and achieve consistent, high-quality results.
Click here to know more about ITMA Asia + CITME, Singapore 2025.
Note: The headline, insights, and image of this press release may have been refined by the Fibre2Fashion staff; the rest of the content remains unchanged.
Fibre2Fashion News Desk (HU)
Queen Camilla watches ‘The Dying Swan’ at palace event
Falcons owner Blank, Atlanta get 17th NWSL team
Malone Souliers names Blahnik, Vuitton and Lauren veteran as its new CEO
-
Business1 week agoFirst new Amazon electric heavy goods vehicles hit UK roads
-
Sports1 week agoShaheen Afridi Eyes First ODI Series Win as Pakistan Captain – SUCH TV
-
Tech1 week agoThe Security Interviews: Colin Mahony, CEO, Recorded Future | Computer Weekly
-
Fashion1 week agoGermany’s Adidas achieves highest-ever quarterly sales in Q3 2025
-
Tech1 week agoNokia, Rohde & Schwarz collaborate on AI-powered 6G receiver | Computer Weekly
-
Tech1 week agoOur Favorite Gaming Headset for Xbox Owners Is Discounted
-
Business1 week agoReeves lays ground for painful Budget, but will it be worth it?
-
Business1 week agoSetback for expatriates? Delhi HC upholds mandatory EPFO membership; what this means for foreign staff – The Times of India