administrative tools Archives

Winsage

May 29, 2026

Microsoft admits modern Windows 11 apps actually resize worse than the old ones, fix coming this summer

Microsoft is working on a solution to address the black tearing issue during window resizing in WinUI 3 applications on Windows 11, with a rollout expected to begin this summer. March Rogers, Microsoft’s Partner Director of Design, confirmed that the Windows team is testing smooth resizing code on native inbox applications before extending the update to the Windows App SDK. The transition to WinUI 3 aims to replace inefficient web applications and improve user experience, with significant components like the Start menu and system-level dialog boxes being upgraded to WinUI 3. Additionally, Microsoft has launched Windows App SDK 2.0 to encourage third-party developers to adopt native app development, addressing previous issues such as bugs and lack of visual features.

Winsage

May 28, 2026

Microsoft tests the 15-character limit of Windows Server admins’ patience

Windows Server 2016 has a bug introduced by the May 12 security update that affects servers with hostnames exactly 15 characters long, causing errors in domain controller discovery. Specifically, calling the DCLocator results in an ERRORINVALIDPARAMETER, hindering applications and tools from locating a domain controller. This issue impacts features like Distributed File System (DFS) Namespace management. Microsoft has not provided a workaround but suggests changing the hostname length. Windows Server 2016 is officially supported until January 12, 2027, with extended support options available. Despite representing only 2.2 percent of all Windows devices, it accounts for 20.3 percent of all servers. Additionally, the May 2026 security update has caused installation failures on some Windows 11 devices due to insufficient EFI System Partition size.

Winsage

May 28, 2026

Windows Server 2016 fails to find domain controller

Microsoft has acknowledged an issue with the May 2026 security update for Windows Server 2016, affecting systems with hostnames of exactly 15 characters, which leads to failed domain controller (DC) lookups. The error occurs during DC lookups, specifically returning the error code ERRORINVALIDPARAMETER. Servers with 14 or 16 character hostnames are not affected. Administrators may face challenges with DFS Namespace management and other functions reliant on DC access. Microsoft is investigating the issue but has not provided a timeline for a fix. Windows Server 2016's mainstream support ended in January 2022, but extended support will continue until January 2027.

Winsage

May 27, 2026

Windows Users Targeted in New Phishing Campaign

Research from FortiGuard Labs has identified a phishing campaign that disguises itself as purchase orders, prompting recipients to open harmful attachments. The campaign begins with a phishing email containing a malicious JavaScript file. When executed, this JavaScript decrypts and runs a PowerShell script that uses process hollowing to inject a .NET downloader module into the trusted Windows process MsBuild.exe. This downloader connects to a remote command and control (C2) server to download and execute additional modules, allowing the attacker to alter the malware's behavior after the initial compromise. The campaign poses significant detection challenges for Windows users due to its use of multiple encryption layers, fileless execution techniques, and process hollowing strategies. Security experts emphasize the need for organizations to enhance their detection capabilities beyond traditional methods, focusing on identifying suspicious activity across various devices and applications. The phishing attack exploits social engineering tactics and blends malicious actions with legitimate administrative tools, complicating detection efforts. Additionally, the human element plays a crucial role in breaches, highlighting the importance of effective communication and collaboration between security teams and other departments to improve security awareness and behavior.

Winsage

May 26, 2026

Microsoft: Domain Controller lookup may fail on Windows Server 2016

Microsoft has acknowledged an issue affecting Windows Server 2016 systems related to domain controller lookups after the installation of the KB5087537 security update released in May 2026. The problem occurs specifically for devices with hostnames that are exactly 15 characters long, causing domain controller discovery to fail and resulting in an ERRORINVALIDPARAMETER during DCLocator calls. This issue may disrupt administrative operations that depend on domain controller lookups, such as DFS Namespace management. Microsoft is investigating the issue but has not provided a timeline for resolution.

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

Winsage

February 24, 2026

Windows 11 Has 4 Powerful Features Most Users Never Turn On (But Should)

Microsoft's Windows 11 includes several built-in features that enhance usability and system management, which can be activated by users: 1. Clipboard History: Allows users to retain multiple copied items and access them with Win + V. To enable, go to Settings > System > Clipboard and toggle on Clipboard history. 2. Snap Layouts: Provides predefined window arrangements for better organization of applications. To ensure it's enabled, go to Settings > System > Multitasking and turn on Snap windows. 3. Show File Extensions: Displays full file names including extensions for better identification of file types. To enable, open File Explorer, select View > Show > File name extensions. 4. Storage Sense: Automates the removal of temporary files and manages storage space. To enable, go to Settings > System > Storage and toggle on Storage Sense. 5. "God Mode": Creates a folder that centralizes access to various administrative tools and settings. To enable, create a new folder on the desktop and rename it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}. These features are built into Windows 11 and do not require third-party applications.

Tech Optimizer

February 16, 2026

Researchers Uncover OysterLoader, an Advanced Obfuscated Loader Powering Rhysida Attacks

OysterLoader, a sophisticated malware loader also known as Broomstick and CleanUp, has emerged as a significant threat since mid-2024. It is a multi-stage downloader linked to ransomware attacks and data theft, particularly associated with the Rhysida ransomware group. Written in C++, it infiltrates systems through malicious websites that impersonate legitimate software download platforms, tricking victims into executing a signed Microsoft Installer (MSI) that launches the malware. OysterLoader employs a four-stage infection chain designed to evade detection. The first stage uses a packer named TextShell to load hidden code into memory, creating an illusion of legitimacy through harmless Windows API calls. The second stage decompresses a concealed payload using a modified LZMA algorithm. The third stage functions as a downloader and environment tester, establishing contact with its command-and-control (C2) server via HTTPS. In the final stage, OysterLoader installs a malicious DLL that executes every 13 minutes through the Windows Task Scheduler, communicating with multiple hardcoded servers and transmitting critical system information. The malware uses customized Base64 encoding and variable communication endpoints to evade detection. Its primary objective is to ensure persistence and facilitate the delivery of additional payloads, including ransomware and credential stealers. Security analysts predict that OysterLoader will remain a formidable threat through 2026, particularly for organizations downloading administrative tools from unverified sources. Indicators of Compromise (IOC): - Mutex: h6p#dx!&fse?%AS! - Task: COPYING3 (rundll32 DllRegisterServer) - C2 Domain: grandideapay[.]com/api/v2/facade - RC4 Key: vpjNm4FDCr82AtUfhe39EG5JLwuZszKPyTcXWVMHYnRgBkSQqxzBfb6m75HZV3UyRY8vPxDna4WC2KMAgJjQqukrFdELXeGNSws9SBFXnYJ6ExMyu97KCebD5mTwaUj42NPAvHdkGhVtczWgfrZ3sLyRZg4HuX97AnQtK8xvpLU2CWDhVq5PEfjTNz36wdFasecBrkGSDApf83d6NMyaJCsvcRBq9ZYKthjuw5S27EVzWrPHgkmUxFL4bQSgMa4F - IP: 85.239.53.66

Winsage

January 21, 2026

Copilot AI: What You’re Missing on Windows 10 PCs — Virtualization Review

Microsoft's Copilot AI experience differs significantly between Windows 11 and Windows 10. On Windows 11, Copilot is integrated at the system level, allowing it to perform tasks such as opening specific Settings pages, toggling system settings, launching built-in applications, and providing contextual guidance with UI navigation. In contrast, Windows 10 users can only access Copilot through browser-based interfaces, limiting its functionality to providing written instructions without the ability to execute actions or interact with local system features. Copilot on Windows 10 lacks awareness of the operating system and cannot manage system configurations or settings directly, while Windows 11 allows for direct interaction with cloud-managed settings.

Winsage

January 19, 2026

Windows 11 Pro Upgrade Gains And Limits Revealed

Upgrading from Windows 11 Home to Pro does not significantly change the day-to-day experience, as both editions share a similar interface, performance, and core features like Copilot, File Explorer tabs, and enhanced Game Mode. Security features, including Secure Boot and Windows Defender, are consistent across both editions. The Pro edition offers additional administrative tools for enhanced security, remote access, and device management, making it suitable for users managing multiple PCs or needing corporate resource access. Key features of Pro include the ability to join Active Directory domains, centralized control over settings, full BitLocker capabilities, Remote Desktop hosting, and virtualization tools like Hyper-V and Windows Sandbox. Pro also supports higher hardware limits, accommodating up to 2TB of RAM and multiple CPU sockets. The pricing for Windows 11 Home is typically 9.99, while Pro is 9.99, with an upgrade fee of .99 from Home to Pro. Upgrading from eligible Windows 10 devices does not incur additional costs. Users who should consider upgrading to Pro include those managing multiple PCs, requiring Remote Desktop, or needing to comply with encryption policies. In contrast, gamers or casual users may find Home sufficient, as both editions provide the same gaming capabilities and interface without performance differences.