code Archives

Winsage

May 13, 2026

Disgruntled researcher releases two more Microsoft zero-days

An anonymous researcher known as Nightmare-Eclipse has revealed two new vulnerabilities affecting Windows systems, named YellowKey and GreenPlasma, shortly after Microsoft's latest Patch Tuesday update. YellowKey is a "BitLocker bypass" that allows attackers with physical access to gain unrestricted shell access to protected machines. Experts have expressed concerns about YellowKey's potential to transform laptop theft into a serious breach notification scenario, and suggested mitigations such as implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse has also hinted that YellowKey could function as a backdoor allegedly introduced by Microsoft, although this claim remains unsubstantiated. GreenPlasma is a privilege escalation flaw for which partial exploit code has been released, but it currently triggers a User Account Control (UAC) consent prompt, requiring attackers to invest time in weaponizing it. There is no known mitigation for GreenPlasma, making it crucial for organizations to patch their systems promptly once Microsoft addresses the issue. Nightmare-Eclipse has previously disclosed five zero-day vulnerabilities this year, including BlueHammer, and has characterized their actions as a response to a perceived violation of trust. The researcher has indicated the existence of a "dead man's switch," suggesting that more disclosures could follow if their demands are not met.

Winsage

May 13, 2026

Former Windows boss reveals why modern Windows 11 apps feel slower, says Microsoft once gave every engineer a stopwatch

Steven Sinofsky, former head of the Windows Division at Microsoft, discussed the company's engineering culture and its focus on resource management from 1980 to 2000, where every engineer was given a physical stopwatch to measure various performance metrics. This practice emphasized optimizing software for speed and efficiency, a stark contrast to modern applications that consume significant RAM due to shifts in market dynamics and hardware advancements. The current trend prioritizes rapid feature deployment over optimization, leading to performance issues in applications. Microsoft is responding to criticism by enhancing the performance of Windows 11, focusing on native desktop applications and optimizing core components, including the Start menu and File Explorer. They are also testing new CPU scheduling profiles to reduce micro-lags during user interactions.

Tech Optimizer

May 13, 2026

Databricks Syncs Postgres to Lakehouse Natively

Databricks has introduced Native Lakehouse Sync, currently in public preview, which enables direct replication of data from Lakebase Postgres into Unity Catalog managed tables, simplifying data transfer without traditional pipeline complexities. This feature operates natively within Lakebase, utilizing its Write-Ahead-Log (WAL) and requiring minimal setup time. It does not negatively impact Postgres performance or incur additional costs, and schema changes are automatically propagated. Native Lakehouse Sync supports agent-first development by scaling down when idle and integrating monitoring functions. Data transferred to Unity Catalog is immediately accessible for AI-native analytics and benefits from unified governance features. Every data operation is captured as SCD Type 2 history by default, facilitating compliance and audit processes. The setup of Lakebase and activation of sync is quick, allowing existing and future tables to be available in Unity Catalog within a minute.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

May 13, 2026

Microsoft aims to speed Windows with ‘leap forward’ in WinUI 3 perf

Microsoft has announced a 25 percent improvement in the performance of WinUI 3, specifically in File Explorer components. There has been a 41 percent reduction in memory allocations and a 45 percent decrease in function calls. Some optimizations may involve breaking changes, which will initially be optional for developers. The enhancements are intended to become the default in future iterations of WinUI and the Windows App SDK. Despite these improvements, developers have expressed concerns about WinUI 3's performance, noting it is slower than WPF and UWP. The reliance on WinRT interop for component actions is seen as a significant factor hindering speed. Additionally, there are historical tensions regarding the adoption of Microsoft's frameworks within the Windows and Office teams, leading to skepticism about their reliability.

AppWizard

May 13, 2026

Build A Ring Farm codes (May 2026)

Players in Build A Ring Farm can use exclusive codes to acquire rare seeds and cash, which can be spent on new seeds and upgrades. The game features codes such as 100KVISITS (cash), UPDATE1 (three strong fertilizers), and 2KLIKES (one tropical seed pack). To redeem codes, players must open the game, access the settings menu, enter the code, and click redeem. The codes are specific to Build A Ring Farm and are released during significant milestones or events. Players can find more codes by following updates related to player engagement and game enhancements.

Winsage

May 13, 2026

Linux gains more critical Windows apps … 3D Movie Maker and Space Cadet Pinball

Several notable Windows applications, including Space Cadet Pinball and Microsoft 3D Movie Maker, have been successfully ported to Linux. Space Cadet Pinball, originally part of the Microsoft Plus Pack for Windows 95, has been decompiled and rebuilt, now available across 14 platforms, including Linux, thanks to Muzychenko Andrey. The source code for Microsoft 3D Movie Maker was released by Microsoft, and a new fork has been developed by Mark Cave-Ayland and Ben Stone, enabling it to run on Linux. Their project also includes bug fixes, 64-bit compatibility, and builds for ARM64 Windows, with plans for a Raspberry Pi version.

AppWizard

May 13, 2026

Your Google Keep notes might soon be easier to move to Markdown apps

Google Keep is testing a new feature that allows users to export notes to Markdown format in version 5.26.191.01.90 of the Android app. The "Export to Markdown" option is expected to be accessible through the three-dot menu after long-pressing a note, but it is currently in the early stages as a debug option. Despite this, Google Keep does not yet support native Markdown editing.

AppWizard

May 13, 2026

Playground Games Confirms Forza Horizon 6 PC Leak Came From a Reviewer, an Influencer, or an Insider

A leak regarding the PC version of Forza Horizon 6 was confirmed by Playground Games to have originated from an individual with early access, not a pre-load issue. The company announced strict enforcement actions against anyone accessing the leaked build, including potential franchise-wide and hardware bans. SteamDB indicated that the file list for the game appeared on their platform due to a token dumper, clarifying they do not share keys or facilitate downloads. Playground Games can trace the leaker using unique identifiers in review codes. The official release date for Forza Horizon 6 is set for May 19.

Winsage

May 13, 2026

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Organizations using S/4HANA for critical functions should prioritize remediation efforts as SAP has confirmed there is no alternative workaround for existing vulnerabilities. They must implement specified correction instructions or support packages. Additionally, SAP has issued a HotNews note (#3733064) with a CVSS score of 9.6, indicating a high-severity vulnerability in SAP Commerce Cloud due to missing authentication checks. This vulnerability allows unauthenticated users to execute malicious actions, including configuration uploads and code injections, potentially leading to arbitrary server-side code execution. Organizations are advised to take immediate action to protect their systems.