Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.

August’s patch batch from Redmond includes an update for CVE-2025-53786, a vulnerability that allows an attacker to pivot from a compromised Microsoft Exchange Server directly into an organization’s cloud environment, potentially gaining control over Exchange Online and other connected Microsoft Office 365 services. Microsoft first warned about this bug on Aug. 6, saying it affects Exchange Server 2016 and Exchange Server 2019, as well as its flagship Exchange Server Subscription Edition.

Ben McCarthy, lead cyber security engineer at Immersive, said a rough search reveals approximately 29,000 Exchange servers publicly facing on the internet that are vulnerable to this issue, with many of them likely to have even older vulnerabilities.

McCarthy said the fix for CVE-2025-53786 requires more than just installing a patch, such as following Microsoft’s manual instructions for creating a dedicated service to oversee and lock down the hybrid connection.

“In effect, this vulnerability turns a significant on-premise Exchange breach into a full-blown, difficult-to-detect cloud compromise with effectively living off the land techniques which are always harder to detect for defensive teams,” McCarthy said.

CVE-2025-53779 is a weakness in the Windows Kerberos authentication system that allows an unauthenticated attacker to gain domain administrator privileges. Microsoft credits the discovery of the flaw to Akamai researcher Yuval Gordon, who dubbed it “BadSuccessor” in a May 2025 blog post. The attack exploits a weakness in “delegated Managed Service Account” or dMSA — a feature that was introduced in Windows Server 2025.

Some of the critical flaws addressed this month with the highest severity (between 9.0 and 9.9 CVSS scores) include a remote code execution bug in the Windows GDI+ component that handles graphics rendering (CVE-2025-53766) and CVE-2025-50165, another graphics rendering weakness. Another critical patch involves CVE-2025-53733, a vulnerability in Microsoft Word that can be exploited without user interaction and triggered through the Preview Pane.

One final critical bug tackled this month deserves attention: CVE-2025-53778, a bug in Windows NTLM, a core function of how Windows systems handle network authentication. According to Microsoft, the flaw could allow an attacker with low-level network access and basic user privileges to exploit NTLM and elevate to SYSTEM-level access — the highest level of privilege in Windows. Microsoft rates the exploitation of this bug as “more likely,” although there is no evidence the vulnerability is being exploited at the moment.

Feel free to holler in the comments if you experience problems installing any of these updates. As ever, the SANS Internet Storm Center has its useful breakdown of the Microsoft patches indexed by severity and CVSS score, and AskWoody.com is keeping an eye out for Windows patches that may cause problems for enterprises and end users.

GOOD MIGRATIONS

Windows 10 users out there likely have noticed by now that Microsoft really wants you to upgrade to Windows 11. The reason is that after the Patch Tuesday on October 14, 2025, Microsoft will stop shipping free security updates for Windows 10 computers. The trouble is, many PCs running Windows 10 do not meet the hardware specifications required to install Windows 11 (or they do, but just barely).

If the experience with Windows XP is any indicator, many of these older computers will wind up in landfills or else will be left running in an unpatched state. But if your Windows 10 PC doesn’t have the hardware chops to run Windows 11 and you’d still like to get some use out of it safely, consider installing a newbie-friendly version of Linux, like Linux Mint.

Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer produced in the last decade.

There are many versions of Linux available, but Linux Mint is likely to be the most intuitive interface for regular Windows users, and it is largely configurable without any fuss at the text-only command-line prompt. Mint and other flavors of Linux come with LibreOffice, which is an open source suite of tools that includes applications similar to Microsoft Office, and it can open, edit and save documents as Microsoft Office files.

If you’d prefer to give Linux a test drive before installing it on a Windows PC, you can always just download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you don’t see an option for that after restarting, try restarting again and hitting the F8 button, which should open a list of bootable drives. Here’s a fairly thorough tutorial that walks through exactly how to do all this.

And if this is your first time trying out Linux, relax and have fun: The nice thing about a “live” version of Linux (as it’s called when the operating system is run from a removable drive such as a CD or a USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will return the system back to its original state.

Krebs on Security – ​Read More

The need for online anonymity has never been greater. As surveillance capabilities grow more sophisticated and data collection becomes ubiquitous, users are turning to anonymous browsers to protect their privacy. Traditional browsers like Firefox and Brave offer privacy modes and tracker blocking, while browsers such as Tor provide anonymity through onion routing. However, the landscape of anonymous browsers is nuanced, and choosing the right tool requires a careful understanding of their trade-offs and technical capabilities.

Tor Browser remains the benchmark for network anonymity, routing traffic through multiple volunteer nodes to obscure user location and activity. This approach provides strong defenses against network-level surveillance and censorship. However, Tor’s latency and compatibility challenges make it less practical as a daily driver for most users. Its strict design and slower speeds can impede usability, limiting its appeal to activists, security researchers, and those with specific anonymity needs rather than everyday privacy-focused internet users.

Mainstream privacy browsers like Brave improve on traditional privacy features by blocking trackers and third-party cookies, but they operate within legal jurisdictions that can impose data collection demands and surveillance. Brave’s business model, tied to advertising and cryptocurrency rewards, means that users remain participants in a commodified attention economy, limiting the level of true anonymity and directly linking the user to their browsing activity.

Other privacy-focused browsers, such as Mullvad, offer a streamlined experience with robust privacy defaults but largely rely on standard network connections and local software installation, without advanced compartmentalization or decentralized infrastructure. Firefox, while open source and configurable, does not natively provide multi-layered session isolation or the ability to customize network routing on a per-tab basis.

Then there is Tiger404, which presents a fundamentally different architecture designed for digital sovereignty and operational anonymity. It combines the compatibility and performance advantages of a Chromium-based browser engine with advanced features like disposable, physically isolated anonymous browser containers and granular network isolation. Each session operates as a sandboxed container with unique fingerprints and distinct proxy or multi-hop routing configurations, preventing cross-session correlation and making fingerprinting significantly more difficult, and browsing the internet anonymously a reality.

Moreover, Tiger404’s cloud-native architecture offers a significant security advantage through physical isolation and airgapping of the browsing environment. Unlike traditional browsers installed directly on a user’s device—which can leave behind residual data, cached files, and system-level artifacts that can be exploited or traced—Tiger404 runs sessions in isolated containers hosted remotely. This approach effectively “airgaps” the browser from the local machine, so that browsing activities do not interact with the device’s operating system or storage.

This physical separation dramatically reduces the risk of data leakage or compromise through malware, keyloggers, or forensic analysis of local storage. It also mitigates threats stemming from compromised devices or insider attacks, since sensitive browsing data never touches the user’s hardware. Users gain the ability to close a session and erase all traces instantly, with no lingering footprints left behind on their computers or mobile devices.

In contrast, locally installed browsers—even those with strong privacy settings—are vulnerable to leaving behind identifiable artifacts such as cookies, browsing history, cached files, or browser fingerprints that can be collected or analyzed. Furthermore, local installations are subject to OS-level compromises, making it easier for attackers or surveillance actors to monitor activity or extract data.

By separating the browsing environment from the endpoint device, Tiger404 provides an operational security model closer to airgapped systems used in high-security environments. This approach not only protects user anonymity but also elevates overall system security, enabling safer anonymous browsing without sacrificing accessibility or convenience.

Tiger404’s isolated browsing sessions make managing multiple social accounts more straightforward and secure. By compartmentalizing each identity within its own sandboxed container, users can easily keep profiles separate without risk of cross-contamination or linkage, simplifying account management while preserving anonymity.

While no anonymous browser is a silver bullet, Tiger404 addresses many of the limitations found in both mainstream and specialized options by balancing usability, operational security, and network-level anonymity. It provides a practical solution for users who require strong, consistent anonymity without sacrificing everyday functionality.

In conclusion, navigating the landscape of anonymous browsers requires a clear understanding of their inherent trade-offs. While Tor delivers unparalleled network anonymity, its practical limitations often restrict everyday use. Mainstream browsers prioritize convenience but cannot guarantee full anonymity due to inherent design and jurisdictional constraints. Tiger404 sets a new standard by embracing a sovereignty-first philosophy, combining robust anonymity with seamless usability. It empowers users to reclaim control over their digital footprint without compromise, offering a powerful, adaptable solution for those who demand true online privacy in today’s complex digital environment.

Secjuice – ​Read More