clipboard Archives

Winsage

November 8, 2024

The Windows 11 24H2 bug list grows again: 10 reasons to avoid this update for now

Microsoft released the Windows 11 24H2 update on October 1, 2023, which includes enhancements like an upgraded Copilot AI and a refreshed File Explorer. However, the update has several bugs, leading Microsoft to temporarily halt its rollout for certain problematic PCs. Key issues include: 1. The System File Checker (SFC) is caught in a loop of false positives, misidentifying WebView2-related files as corrupted. 2. An 8.63GB update cache cannot be deleted through standard methods, but can be removed using "Windows Update Cleanup." 3. The update conflicts with Easy Anti-Cheat software, causing blue screens for users with Intel's Alder Lake+ processors. 4. Blue screens can also occur due to driver incompatibilities with Intel Smart Sound Technology, certain Western Digital SSDs, and MSI Z890 motherboards. 5. The mouse pointer may disappear in Chromium-based applications when interacting with text input fields. 6. Users have reported erratic internet connectivity, with some unable to receive a valid IP address. 7. Fingerprint sensors may become unresponsive on some devices. 8. The clipboard history feature may malfunction, showing as empty despite copied items. 9. Devices may fail to appear in the network list, affecting file and printer sharing. 10. Users of Copilot+ PCs face difficulties with printer setup and usage, particularly with HP, Canon, and Brother printers. Due to these issues, users are advised to delay installation of the update until fixes are implemented.

Winsage

November 7, 2024

Winos4.0 Malware Found in Game Apps, Targets Windows Users

A newly identified malware framework called "Winos4.0" targets Windows users through game-related applications. It is a sophisticated variant of Gh0strat, capable of executing remote actions and granting attackers control over compromised systems. Winos4.0 is distributed via seemingly harmless applications, which download a BMP file that extracts and activates the Winos4.0 DLL file. The malware establishes persistence by creating registry keys or scheduled tasks. Its capabilities include clipboard monitoring, system information gathering, and detection of antivirus software and security applications. Winos4.0 targets educational institutions, particularly in "Campus Administration." It maintains communication with command-and-control (C2) servers to download encrypted modules and receive commands for actions like document management and screen capture. Fortinet compares Winos4.0 to frameworks like Cobalt Strike and Sliver, noting its encrypted data exchanges and C2 communication. Users are advised to download applications only from reputable sources.

Winsage

November 7, 2024

Latest Windows 11 Insider Preview brings updated Prism emulator for Arm PCs

Microsoft has introduced an updated Prism emulator in the Windows 11 Insider Preview Build 27744, improving compatibility with x86-based applications and games. The new emulator supports additional CPU extensions, enabling applications like Adobe Premiere Pro 2025 and games such as Starfield and Helldivers 2 to run on Arm PCs. Devices with Qualcomm’s Snapdragon X Elite and X Plus SoCs can now run more legacy applications and games without native ARM64 versions. The update also includes a new on-screen gamepad keyboard for better navigation and typing on gaming handhelds and touchscreen devices. The changelog for Build 27744 includes various enhancements and fixes, such as resolving display issues for older NVIDIA GPUs, fixing problems with the Emoji Panel and Clipboard History, improving Windows Sandbox performance, correcting dynamic refresh rate issues, and addressing multiple bugs related to remote desktop connections and app functionalities.

Winsage

November 7, 2024

New Winos4.0 Malware Targeting Windows via Fake Gaming Apps

Cybersecurity researchers at Fortinet’s FortiGuard Labs have identified a malware campaign named Winos4.0 that disguises itself as benign gaming applications targeting Microsoft Windows users. This malware framework is similar to threats like Cobalt Strike and Sliver. Users who download these applications inadvertently install Trojan horses that deploy the Winos4.0 framework, which has been found in various gaming-related tools. The malware appears to focus on the education sector, as indicated by its file description “校园政务” (Campus Administration). Winos4.0 is a re-engineered version of the Gh0stRat remote access trojan and consists of modular components for specific tasks. The attack begins with the retrieval of a BMP file from a remote server, leading to the extraction of a DLL file named “you.dll.” This file downloads additional files, including the main malicious file “libcef.dll,” which injects shellcode to establish a connection with a command and control (C2) server. The malware executes various tasks, such as monitoring system information and maintaining a connection to the C2 server. To protect against such threats, users are advised to download applications only from reputable sources, avoid third-party app stores, and scan new files before execution. Regular device scans are recommended, especially after downloading new content.

Winsage

November 7, 2024

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Hackers are targeting Windows users with the Winos4.0 framework, which is distributed through seemingly harmless game-related applications. This toolkit has capabilities similar to well-known post-exploitation frameworks like Sliver and Cobalt Strike. Initially, a threat actor named Void Arachne attracted victims with modified software like VPNs and Google Chrome for the Chinese market, but recent tactics involve using games and game-related files. The infection process begins when a legitimate installer is executed, downloading a DLL file from “ad59t82g[.]com.” This triggers a multi-step infection process involving the download of a DLL named you.dll, which fetches additional files and modifies the Windows Registry for persistence. The second phase involves injected shellcode that loads APIs and connects to a command-and-control (C2) server, while the third phase retrieves encoded data from the C2 server. The final stage includes loading a login module that performs various malicious actions, such as collecting system information, checking for anti-virus software, gathering data on cryptocurrency wallet extensions, maintaining a backdoor connection to the C2 server, and exfiltrating sensitive information through methods like taking screenshots and stealing documents. Winos4.0 can identify various security tools, including Kaspersky, Avast, and Malwarebytes, allowing it to adjust its behavior based on the environment. Fortinet describes Winos4.0 as a powerful tool for controlling compromised systems, with reports from Fortinet and Trend Micro providing indicators of compromise (IoCs) related to this threat.

Winsage

November 7, 2024

Windows 11 Canary Build 27744 returns the Gamepad keyboard, and fixes old dGPUs

Microsoft has released Windows 11 Insider Preview Build 27744 in the Canary Channel, providing a unified experience and eliminating the previous dual-experience model. This build enhances the Prism emulator for Windows on Arm, allowing a wider range of 64-bit x86 applications to run, including support for additional CPU features. The update enables previously incompatible games and creative software to function on Arm devices. Key changes include the simplification of the Start menu, a new Gamepad keyboard layout for the on-screen keyboard, and updates to Task Manager and Settings. Several fixes have been implemented, addressing issues with NVIDIA GPUs, the Emoji Panel, Windows Sandbox performance, and various graphics and app-related bugs. Known issues include potential problems with Windows Hello PIN on new Copilot+ PCs and desktop background display across multiple monitors. Users are encouraged to provide feedback on their experience.

Winsage

November 7, 2024

Windows 11 Arm PCs are getting even better at emulation with the latest beta build

Windows 11 build 27744 in the Canary channel enhances the Prism emulator, allowing broader support for x86-based applications on Arm devices. This update includes support for additional CPU extensions such as AVX, AVX2, BMI, FMA, and F16C, improving compatibility with various applications, including Adobe Premiere Pro 2025. The new features are limited to 64-bit x86 applications, with future updates expected to address the limitations for 32-bit apps. Additionally, the build introduces a new gamepad keyboard, reinstates the option to detach a virtual hard disk from the Settings app, and includes minor improvements to Task Manager. Fixes address issues with NVIDIA GPUs, the Emoji Panel, Clipboard History, Windows Sandbox performance, dynamic refresh rates, and remote desktop connections. Users in the Canary channel can access the update by checking for updates on their PCs.

Winsage

November 6, 2024

Announcing Windows 11 Insider Preview Build 27744 (Canary Channel)

Windows 11 Insider Preview Build 27744 has been released to the Canary Channel. This build introduces enhanced support for 64-bit x86 applications in the Prism emulator, allowing previously incompatible applications, including Adobe Premiere Pro 25, to run on Arm devices. The virtual CPU for x64 emulated applications now supports various x86 instruction set architecture extensions, such as AVX and FMA. Changes include the simplification of the "All apps" section in the Start menu, a new Gamepad keyboard layout for the on-screen keyboard, redesigned Task Manager dialogs, and the return of the detach virtual hard disk button. Fixes address issues with NVIDIA GPUs, the Emoji Panel, Windows Sandbox performance, and various bugs affecting graphics and application stability. Known issues include potential loss of Windows Hello PIN and biometrics for new Copilot+ PC users joining the Canary Channel and desktop background display problems across multiple monitors. Insiders are reminded that features in the Canary Channel may not be released and can change during development.

Winsage

November 4, 2024

Windows 11 24H2 Update Removes Xbox Gamepad Keyboard Feature After Bugs Plagued It

Microsoft has withdrawn the 'Gamepad keyboard' feature from the upcoming Windows 11 24H2 update due to unresolved bugs. The feature, aimed at enhancing text input for Xbox controllers and other gaming devices, was disabled in the latest preview update, and users can no longer access it. Microsoft has not provided specific details about the bugs and has omitted the feature from their release notes, indicating a delay in its rollout. The Gamepad keyboard was first introduced in September 2024 and was expected to be part of the October update. Despite this setback, Microsoft has stated that the feature will return in future updates.

Winsage

November 3, 2024

5 ways to take copying and pasting to the next level on Windows

- Windows users can copy and paste using CTRL + C and CTRL + V shortcuts. - Clipboard history can be enabled to retain a list of the last 25 copied items, accessible by pressing WIN + V. - PowerToys Advanced Paste allows users to choose how to paste copied content, including options for plain text, Markdown, or JSON, activated with Windows key + Shift + V. - PowerToys Advanced Paste includes an AI feature for summarization, translation, or style adjustments, requiring an API key from OpenAI. - To paste without formatting, users can use Ctrl + Shift + V in certain applications or Ctrl + Alt + V in Microsoft Office, or use the "Paste as plain text" option. - Windows supports Optical Character Recognition (OCR) to extract text from images using the Photos app or Snipping Tool.