command Archives

Winsage

May 14, 2025

Microsoft fixes Linux boot issues on dual-boot Windows systems

Microsoft addressed a boot issue affecting dual-boot systems running Linux alongside Windows after the August 2024 Windows security updates, which caused Linux systems to fail to boot due to a Secure Boot Advanced Targeting (SBAT) update. This issue impacted various Windows operating systems, including Windows 10, Windows 11, and Windows Server 2012 and later. The problem arose from a detection mechanism that failed to recognize some customized dual-boot setups, leading to error messages such as "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation." Microsoft confirmed that the boot issues would be resolved with the May 2025 Patch Tuesday security updates and provided a temporary workaround in late August, advising users to delete the SBAT update. On September 19, Microsoft stopped the automatic application of the problematic SBAT update and recommended a command to prevent future SBAT updates. The issue was specific to the August 2024 security and preview updates, and subsequent updates starting with September 2024 did not contain the problematic settings.

Winsage

May 14, 2025

13 Windows tricks that will make you a pro

Windows Terminal is a modern command interface introduced in Windows 11 and updated in Windows 10, serving as a shell for Command Prompt and PowerShell. It allows users to open multiple tabs and access unique commands for each environment. Certain system settings and Windows registry modifications are easier through Terminal. The built-in tool Winget enables users to install, update, and uninstall applications from the Microsoft Store. For example, to install Microsoft PowerToys, the command is: PLACEHOLDER4e6e62aa140fd021. Users can view available features by typing PLACEHOLDER156ddf6fbe029a6a, and can get help with specific commands by appending PLACEHOLDER6c47266b38ce590a. To install software for all users, the command is modified with PLACEHOLDER2401129c8584a179. Updating applications can be done with the command winget upgrade –all –silent, although administrative privileges may be required. Chocolatey is another package manager available for software management, though its installation is more complex.

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

AppWizard

May 14, 2025

The Android Show I/O Edition: Everything that was announced from Android 16 to Android XR

Google is unveiling key features ahead of the Google I/O event, including Material 3 Expressive (M3), which focuses on enhancing user experience through color, shape, size, motion, and containment. M3 will introduce a vibrant UI for smartphones and wearables, featuring a new "tear away" notification system and playful animations. The Pixel Watch will have animations that follow the display's curvature, and Wear OS 6 will allow users to customize color schemes and watch faces. Google's Gemini AI will be integrated into more devices, replacing Google Assistant and enhancing interactions on Wear OS, Google TV, Android Auto, and Android XR. Gemini will provide hands-free assistance for Wear OS users and facilitate natural conversations in Android Auto. It will also improve content discovery on Google TV and offer real-time planning assistance in Extended Reality devices. To combat online scams, Google is introducing privacy tools with Android 16, including enhanced warning systems in caller and Google Messages apps, AI-driven detection of fraudulent messages, and a Key Verifier program for secure end-to-end encrypted communication. Google Play Protection will implement live threat detection for malicious app changes.

AppWizard

May 13, 2025

Turkish spies caught exploiting zero-day for over a year

Microsoft reported that Turkish espionage operatives have been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger app to gather intelligence on the Kurdish military in Iraq. This operation, attributed to the group Marbled Dust, began in April 2024. The vulnerability is a directory traversal flaw in version 2.0.62 of the app, and many users have not yet updated to the patched version released in December. Marbled Dust has used this flaw to access sensitive user data and deploy malicious files within the Output Messenger server. The group has a history of targeting entities opposing Turkish interests and has evolved its tactics by leveraging this vulnerability for unauthorized access. Srimax and Microsoft are advising users to upgrade to version V2.0.63 to mitigate the risks associated with the exploit.

Tech Optimizer

May 13, 2025

If I would ever install an antivirus, this open-source tool would be my choice, and here is why

ClamAV is a free, open-source antivirus tool that allows public scrutiny of its code, ensuring security and integrity. It is compatible with multiple platforms, including Linux, Windows, and macOS, and is suitable for self-hosted servers and virtual machines. ClamAV includes features like SigTool for managing the virus signature database and ClamBC for advanced dynamic detection capabilities. It operates through a command-based interface, which may be intimidating for some users, and requires initial configuration. Despite its thorough scanning process, it may not perform as quickly as other antivirus solutions. ClamAV is recognized for its ability to identify a wide array of potential threats without financial investment.

Winsage

May 13, 2025

How to install and use Ollama to run AI LLMs on your Windows 11 PC

The current landscape of artificial intelligence interactions includes cloud-based tools like ChatGPT and Copilot, but some users, especially developers, prefer running large language models (LLMs) locally. Ollama provides a solution for this preference. To run LLMs effectively, hardware requirements include a GPU, with larger models needing more computational power. For example, Google's Gemma 3 has a 1 billion parameter model requiring 2.3GB of VRAM and a 4 billion parameter version needing over 9GB. Meta's Llama 3.2 has similar requirements. A modern PC with at least 8GB of RAM and a dedicated GPU can utilize Ollama. To install Ollama on Windows 11, users download the installer from the official website or GitHub and follow the installation process. Once installed, it operates in the background, indicated by an icon in the taskbar, and can be accessed via localhost:11434 in a web browser. Ollama primarily uses a command-line interface (CLI), requiring users to use PowerShell or WSL. Key commands include "ollama pull" to install LLMs and "ollama run" to execute them. For instance, to install the 1 billion parameter Google Gemma 3 LLM, users would enter "ollama pull gemma3:1b". Running the models opens a chatbot interface for user interaction, and exiting can be done by typing "/bye". Setting up Ollama is user-friendly and requires minimal technical expertise.

Winsage

May 12, 2025

Microsoft Releases Detailed Guide to Fix Windows Blue Screen Errors

Microsoft has released an official guide to address the Blue Screen of Death (BSOD) issues in Windows 11 and Windows 10, updated on May 11, 2025, following a significant global outage in July 2024 caused by a problematic CrowdStrike update. The guide categorizes troubleshooting into basic and advanced steps, highlighting common error codes like PAGEFAULTINNONPAGEDAREA (0x00000050). Approximately 75% of stop errors are attributed to faulty drivers, making driver verification essential. Basic troubleshooting includes removing recently added hardware, booting into Safe Mode, checking Device Manager for problematic components, ensuring 10-15% free disk space, installing the latest Windows Updates, and using System Restore. Advanced troubleshooting involves using Event Viewer, running Windows Memory Diagnostics, and analyzing memory dumps with WinDbg. The guide emphasizes the resource-intensive nature of Driver Verifier and suggests testing suspicious drivers in smaller groups. It also includes hardware-specific troubleshooting tips, such as checking for overheating components and performing disk diagnostics with the “chkdsk” command.

Winsage

May 12, 2025

There’s a secret way to restart your Windows 11 PC? Here’s how to do it

The Emergency Restart method in Windows 11 can be initiated by pressing CTRL + ALT + DEL and holding the CTRL key while clicking the power button. This prompts a message warning that any unsaved data will be lost and confirms the restart. It serves as an alternative to a hard reset, especially useful for unresponsive computers, and is beneficial for laptops without a dedicated power button. Users have reported successful restarts without adverse effects. Additionally, the Command Prompt can be used to restart the machine by typing "shutdown /r".

Tech Optimizer

May 12, 2025

Defendnot: A Tool That Disables Windows Defender by Registering as an Antivirus

Cybersecurity developers have created a tool called defendnot, which disables Windows Defender by utilizing undocumented Windows Security Center (WSC) APIs. This tool is a successor to the no-defender project, which was taken down due to DMCA challenges. The developer reverse-engineered WSC’s validation algorithms and identified Taskmgr.exe as a suitable process to host the necessary code. Defendnot persists across reboots by adding itself to Windows autorun and can be managed via a command-line interface with options to disable Windows Defender and Windows Firewall. Unlike its predecessor, defendnot does not use third-party antivirus code. Security experts warn that disabling protection mechanisms should only be done in controlled environments by knowledgeable users.