architecture Archives

Winsage

June 19, 2026

Windows Platform Security and the Race to Secure AI Agents

Microsoft has introduced the Microsoft Execution Containers (MXC) SDK to establish Windows as a reliable operating system for autonomous agents, focusing on containment, identity, and manageability. The MXC framework serves as a policy-driven execution layer for agents on Windows and Windows Subsystem for Linux (WSL), allowing developers to set access permissions using JSON or TypeScript. It employs process and session isolation for agent containment and identity. Future enhancements will include micro-VM support for high-risk tasks and integration with Windows 365 for cloud PC workloads. IT teams can manage MXC policies through Entra ID and Intune, while Defender and Purview provide protection and observability. The MXC framework is built on Microsoft's security initiatives, including Secure Boot and passwordless sign-in, allowing agents to inherit a secure foundation. However, early commentary expresses caution regarding MXC's perception as a comprehensive security solution, noting issues with overly permissive policies and the lack of outbound network filtering. Other platforms, such as Linux, are also enhancing security for agents with kernel-level isolation and secure environments like NVIDIA's OpenShell runtime. Various projects are focusing on agent sandboxes within Kubernetes, employing technologies like gVisor and Kata Containers for isolation. Overall, no singular dominant platform security model for AI agents has emerged, with Windows' MXC still considered nascent compared to existing solutions in Linux and Kubernetes ecosystems.

Winsage

June 19, 2026

Microsoft and Adobe team up and make Photoshop 20% faster on Windows

Microsoft is collaborating with Adobe to enhance the performance of Photoshop, a widely used image editing software. The partnership focuses on optimizing operations within Photoshop, which is primarily developed in C++ and compiled using Microsoft’s Visual C++ (MSVC) compiler. Microsoft aims to improve performance for CPU-intensive tasks, particularly those that are latency-sensitive, such as brush responsiveness and file-opening tasks. The engineering team activated MSVC’s "peak-performance" compilation mode and explored profile-guided optimization (PGO) to refine executables. However, due to the complexity PGO introduced, they shifted to Sample-based Profile Guided Optimizations (SPGO), which uses hardware performance samples from actual release binaries. This method allows for greater flexibility in data collection and typically yields performance improvements of 5% to 15%. By combining MSVC’s peak-performance mode with SPGO, the teams achieved a 20% performance boost on x64 Windows systems and a 13% enhancement on Arm architecture. These optimizations resulted in improved responsiveness for critical tasks in Photoshop, enhancing the user experience in professional creative workflows.

Tech Optimizer

June 18, 2026

Announcing Lakebase Search: agent-native retrieval built into Lakebase Postgres

Lakebase Search is a hybrid vector and full-text retrieval system integrated into Lakebase, now in beta on AWS and Azure. It utilizes two Postgres extensions: lakebase_vector and lakebase_text, allowing agents to operate on a single data backend. Agents manage four times more databases than human users and require real-time access to indexed data. The system features a tiered architecture that stores cold data in cost-effective object storage while keeping active data in local NVMe, significantly reducing costs. The lakebase_vector extension offers 32x compression for vectors, allowing a billion vectors to fit into under 10GB of RAM. The lakebase_text extension provides BM25 relevance ranking without high RAM usage. Benchmarking shows that Lakebase Search can efficiently handle large-scale workloads, achieving high recall and low latency with reduced resource requirements compared to traditional architectures. The system allows for continuous search experimentation and dedicated retrieval engines for each agent, enhancing operational efficiency and scalability.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

A Brief History Of Unix Commands On Windows: CoreUtils (Again)

The interaction between Unix/Linux and Windows has historically been marked by significant differences in their architectures and philosophies. Unix uses a fork() function for process management, while Windows employs CreateProcess(), complicating the implementation of Unix-like tools on Windows. Early solutions to bridge this gap included the MKS Toolkit, which provided Unix-like commands for Windows, and UWIN from AT&T Bell Labs, which aimed to create a Unix interface layer on Windows. Cygwin offered a compatibility DLL to run Unix software on Windows, but required rebuilding from source. Microsoft's initiatives included POSIX, Interix, and later Services for UNIX. The introduction of the Windows Subsystem for Linux (WSL) allowed users to run a Linux userland directly on Windows, with WSL 2 incorporating a real Linux kernel. Recently, Microsoft released Coreutils for Windows, providing native builds of Unix-style tools to enhance cross-platform consistency.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

AppWizard

June 16, 2026

1 Million Users Donate To Rescue Session Messenger From Shutdown

Session, a decentralized encrypted messenger, has over a million monthly users and has secured its future through community donations after facing a funding crisis earlier this year. The Session Technology Foundation had to reduce its paid staff and warned of a potential closure in July due to a significant financial shortfall. However, the community raised sufficient funds to prevent shutdown, allowing development to continue until at least 2027. The majority of contributions came from everyday users passionate about privacy communication. Session operates without requiring phone numbers and uses a decentralized network to enhance privacy. Under the leadership of Jason Rhinelander, the team is focusing on new features like post-quantum encryption. The organization also aims to achieve self-sustainability with a new paid Pro tier. Co-founder Chris McCabe's public appeal for support in March preceded staff layoffs on April 9, and Ethereum co-founder Vitalik Buterin previously donated 128 Ether (ETH) to assist the foundation.

Winsage

June 16, 2026

Microsoft’s new Outlook takes 10 seconds to do what Outlook Classic does instantly on Windows

Microsoft's Outlook for Windows is facing criticism for its notification handling, particularly in the new Outlook version built on the WebView2 framework. Users experience a delay of approximately 10 seconds when clicking on email notifications, compared to the near-instantaneous access provided by Outlook Classic, which allows users to open new emails in about five seconds. The new Outlook consumes significantly more memory and CPU resources, using between 490 MB and 636 MB of RAM, while Outlook Classic operates within 117 MB to 148 MB. Despite updates aimed at improving the new Outlook, the core issue of notification handling remains unresolved. Microsoft is working on enhancements, but the performance limitations of the WebView2 architecture continue to affect user experience. Outlook Classic will continue to be supported until April 2029.

Winsage

June 16, 2026

Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more

Microsoft rolled out Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Users have reported various issues post-update, including access difficulties with OneDrive and Dropbox, BitLocker recovery lockouts, and blue screens of death (BSOD), particularly the 0xc0430001 error on HP systems. This error may be linked to a previous bug affecting HP devices related to Secure Boot certificate updates. Users experiencing this error are advised to verify the presence of the boot.stl file on their installation media, as it is essential for Secure Boot. Microsoft recommends using the Update WinPE script to ensure the boot.stl file is included or manually transferring it from the WindowsBootEFI directory. Additionally, some Lenovo PC users have reported system freezes after the update. One user identified a conflict between KB5094126 and User Account Control (UAC) that affects OneDrive and Dropbox access in Explorer, noting that enabling UAC resolves the issue.

Winsage

June 16, 2026

The RTX 20 series has officially become Nvidia’s Windows 7

Windows 7 now has a user base of only 0.07%, while 8.54% of Nvidia RTX owners still use the RTX 20 series graphics cards. The RTX 20 series, launched in 2018, introduced technologies like ray tracing and DLSS, which have since evolved and become standard in modern gaming. Despite their decline, both Windows 7 and the RTX 20 series are still utilized by loyal users, with the RTX 20 series being the oldest generation still in use. The RTX 20 series is recognized for laying the groundwork for advancements in PC gaming, and its long-term impact is expected to be significant.