administrators

Winsage
May 21, 2025
Microsoft has open-sourced its Windows Subsystem for Linux (WSL) code, announced during the Build 2025 developer conference. WSL allows users to run Linux distributions natively on Windows, facilitating integration between Linux tools and the Windows environment. Since its introduction in 2016, WSL has become essential for developers needing Linux utilities without leaving Windows. As of the 2024 StackOverflow developer survey, 16.8% of programmers use WSL, surpassing traditional Linux distributions. The initial version, WSL 1, had performance limitations, but WSL 2 introduced a full Linux kernel in a lightweight virtual machine, improving compatibility and performance. The majority of WSL's codebase is now available on GitHub under the MIT License, including key command-line tools and Linux-side daemons. Some components remain closed source, but the move reflects a significant shift in Microsoft's open-source collaboration approach. Users can access various Linux distributions on WSL, including Fedora, Debian, openSUSE, and Ubuntu.
Winsage
May 19, 2025
Many users are experiencing issues with Windows 10 versions 22H2 and Windows 10 Enterprise LTSC 2021, particularly those with Intel Trusted Execution Technology (TXT) on tenth-generation or later Intel processors with vPro support. Users who have BitLocker enabled and installed the KB5058379 patch released on May 13 may need their BitLocker recovery keys due to a bug causing lsass.exe to terminate unexpectedly, leading to an Automatic Repair cycle or a reboot loop. Microsoft has acknowledged the issue and is working on an Out-of-band update. Meanwhile, workarounds, such as disabling TXT, pose security risks. Microsoft also announced significant layoffs affecting thousands of employees.
Winsage
May 16, 2025
The Windows 10 KB5058379 cumulative update, released on May 13, 2025, has caused unexpected BitLocker recovery prompts for some users after installation and reboot. Reports indicate that affected devices, including those from Lenovo, Dell, and HP, automatically boot into the Windows Recovery Environment and display the BitLocker recovery screen. Users have experienced various issues, such as needing BitLocker keys to start up or devices refusing to start. A workaround involves disabling Intel Trusted Execution Technology (TXT) in the BIOS. Microsoft has not publicly acknowledged the issue but support representatives are aware and working on a resolution. Microsoft has provided steps to resolve the issue, including disabling Secure Boot and virtualization technologies, checking Microsoft Defender System Guard Firmware Protection status, and disabling firmware protection via Group Policy or Registry Editor.
Winsage
May 15, 2025
The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.
Winsage
May 14, 2025
A vulnerability identified as CVE-2025-30397 can be exploited when Microsoft Edge is in “Internet Explorer” mode, which is typically not the default setting but may be necessary for certain users. Another vulnerability, CVE-2025-29831, can only be exploited during a restart of the Remote Desktop Protocol (RDP) service. SAP has released 18 Security Notes to address various vulnerabilities, including critical authorization issues, remote code execution, information disclosure, and cross-site scripting.
Winsage
May 14, 2025
Microsoft has identified a memory corruption vulnerability in its Scripting Engine, designated as CVE-2025-30397. This vulnerability allows unauthorized remote code execution and is classified as “Important” under CWE-843 (Type Confusion). It was disclosed in the May 2025 Patch Tuesday updates and arises from improper handling of resource types. Exploitation occurs when a user clicks a specially crafted URL in Microsoft Edge's Internet Explorer Mode, potentially compromising system confidentiality, integrity, and availability. Although the attack complexity is high, successful exploitation has been confirmed in the wild. Microsoft has issued patches for all supported Windows versions, and users are advised to apply these updates and consider disabling Internet Explorer Mode to reduce risk.
Winsage
May 14, 2025
Microsoft has addressed a zero-day vulnerability in the Windows Desktop Window Manager (DWM) Core Library, identified as CVE-2025-30400, which allows attackers to gain SYSTEM-level privileges on affected systems. This "Elevation of Privilege" vulnerability, arising from a "use-after-free" memory corruption issue, was actively exploited prior to the release of a patch on May 13, 2025. The vulnerability permits an authorized attacker to execute code with SYSTEM privileges by exploiting improper memory management within the DWM process. Microsoft classified the severity of this vulnerability as "Important" and assigned it a CVSS score of 7.8. Users and administrators are strongly advised to apply the latest updates to mitigate the risk of exploitation.
Tech Optimizer
May 12, 2025
pgpro_pwr is a database workload monitoring tool for database administrators (DBAs) to identify resource-demanding operations. It was launched in 2017 as pg_profile by Andrey Zubkov, who moved from being a DBA to an engineer at Postgres Professional. pg_profile is compatible with open-source PostgreSQL and has been integrated into PostgreSQL 17 as of 2024, while pgpro_pwr offers advanced statistical insights and is included in Postgres Pro releases. Both tools monitor database workload metrics through continuously incrementing counters, capturing values at intervals and archiving differences. They do not provide alerting capabilities but are useful for assessing system stability, analyzing load testing outcomes, and identifying system-intensive activities. The tools consist of repository tables, data collection functions, reporting functions, and service tables. To use them, one must install the extension, configure roles, and set up parameters. Reports can be generated for workload statistics over time and comparisons between different time intervals. Examples of report types include wait event statistics and advanced vacuum statistics. Future plans include submitting a patch to introduce vacuum statistics to vanilla PostgreSQL.
Tech Optimizer
May 12, 2025
Defendnot is a tool that disables Windows Defender by using the Windows Security Center (WSC) API, presenting itself as a legitimate antivirus solution. It was created by a developer named “es3n1n” and follows the removal of a previous tool called “no-defender.” The tool engages directly with WSC, which disables Windows Defender when third-party antivirus software is installed to avoid conflicts. Defendnot was developed through reverse engineering of the WSC service and involves understanding how WSC verifies processes. It registers a phantom antivirus product using COM interfaces and undocumented Windows APIs, leading Windows to disable its built-in protection. The tool requires administrative privileges to operate and adds itself to autorun to maintain its functionality after a reboot. Security experts express concern about its potential misuse by malware authors, while it also provides insights into vulnerabilities in Microsoft’s security architecture.
Search