copyright Archives

Winsage

June 9, 2025

Microsoft: Remedy for security vulnerability due to deleted “inetpub” folder

A recent Microsoft security update has created a new folder named "inetpub" on Windows systems, which is essential for system security. If users delete this folder, it can lead to significant vulnerabilities. Microsoft has released a Powershell script, Set-InetpubFolderAcl.ps1, to restore the "inetpub" folder and set the correct permissions. Systems that installed the April security update (KB5055528) must take immediate action if the "inetpub" directory is missing. The script also updates access rights for the "DeviceHealthAttestation" directory, if it exists. Administrative rights are required to run the script. This issue was highlighted by IT security researcher Kevin Beaumont, who noted that deleting the "inetpub" folder could disrupt the installation of future security updates.

Tech Optimizer

May 29, 2025

Windows PCs at risk as new tool disarms built-in security

All modern Windows PCs come with Microsoft Defender, a built-in antivirus solution. A tool called Defendnot can disable Microsoft Defender by tricking Windows into believing another antivirus is active. It uses an undocumented API to register a counterfeit antivirus, which leads to Microsoft Defender being automatically disabled without user notification. Defendnot creates a scheduled task for persistence and allows customization of the antivirus name. It is a successor to a previous project, No-Defender, which was removed due to copyright issues. Currently, Microsoft Defender flags Defendnot as a threat.

AppWizard

May 22, 2025

ROIBest Launches Breakthrough Android PWA Solution to Accelerate Global App Growth and Maximize ROI

ROIBest has launched an Android Progressive Web App (PWA) solution designed to help businesses expand globally while reducing risks and enhancing ROI. This solution allows companies to bypass traditional app store limitations and advertising constraints, addressing challenges such as app store dependency and ad account bans. The PWA supports third-party payments without needing app store approval and can be installed directly from a browser link. ROIBest's platform includes features like browser fingerprinting for user journey monitoring, code obfuscation to reduce ad account suspensions, and integration with demand-side platforms and SMS marketing providers. ROIBest's applications are present on one in eight Android devices globally, making them compatible with new devices and browsers. The PWA solution is particularly beneficial for industries like gaming, e-commerce, social media, and AI tools, which face rapid user acquisition needs and compliance challenges.

Tech Optimizer

May 21, 2025

Defendnot Disarms Windows Defender by Pretending to Be a Friend

A newly developed security program called Defendnot can deceive and disable Windows Defender, even without legitimate antivirus software installed. It alters the system to appear as a genuine antivirus program, allowing hackers to neutralize Windows Defender's protective measures. Defendnot operates through an undocumented API that antivirus software uses to register with the Windows Security Center, causing Microsoft Defender to deactivate. Developed by security researcher es3n1n, Defendnot injects a DLL file into the Taskmgr.exe process, misleading Windows into believing an antivirus is present. Although created for research purposes, it can be misused by cybercriminals. Microsoft Defender recognizes Defendnot as a Trojan and quarantines it upon detection.

Tech Optimizer

May 19, 2025

Hackers can turn off Windows Defender with this sneaky new tool

A security researcher known as es3n1n has developed a program called Defendnot, which disguises itself as an antivirus application and exploits a previously undocumented Windows Security Center (WSC) API. Defendnot registers itself as a legitimate antivirus, causing Windows Defender to disable itself when it detects another antivirus, leaving users vulnerable. Microsoft has responded by enabling Defender to detect and quarantine Defendnot as 'Win32/Sabsik.FL.!ml'. This is not the first version of such a program; a previous iteration was removed due to copyright infringement.

AppWizard

May 17, 2025

Mike Florio: NFL needs to start signing off on schedule-release videos

The Indianapolis Colts retracted their Minecraft-themed schedule announcement video due to a lack of proper copyright permissions from Microsoft and the inclusion of an insensitive clip featuring Tyreek Hill. The Los Angeles Chargers successfully used Minecraft imagery with permission from Microsoft. The New England Patriots featured Dave Portnoy in their video, raising questions about relations between the NFL and Barstool Sports. The NFL does not require teams to submit schedule-release videos for approval, a policy that has been criticized following the Colts' blunder. Pro Football Talk commentator Mike Florio suggested that the league should reconsider this approach to prevent similar issues.

Tech Optimizer

May 17, 2025

New ‘Defendnot’ tool tricks Windows into disabling Microsoft Defender

A tool named Defendnot can disable Microsoft Defender on Windows devices by registering a counterfeit antivirus product using an undocumented Windows Security Center (WSC) API. Developed by researcher es3n1n, it exploits the API to register a fictitious antivirus that meets Windows' validation criteria, leading to the automatic disabling of Microsoft Defender. Defendnot circumvents security measures by injecting a dummy antivirus DLL into the trusted Taskmgr.exe process. It also includes a loader for configuration customization and establishes an autorun entry through the Windows Task Scheduler for persistence. Microsoft Defender currently detects and quarantines Defendnot as a Win32/Sabsik.FL.!ml.

Winsage

May 16, 2025

Microsoft solves dual-boot problems with Windows and Linux

Microsoft addressed issues with dual-boot installations involving Linux that were caused by updates released in August, which disrupted many configurations and Linux boot media. The updates aimed to enhance security by blocking outdated boot managers but resulted in error messages indicating a security policy violation. To resolve these issues, Microsoft created the Secure Boot Advanced Targeting (SBAT) update to prevent installation on dual-boot systems, but the detection mechanism was often ineffective. The SBAT update was paused in September, and Microsoft announced that the problem was resolved with security updates released in May. Affected Windows versions include Windows Server editions from 2012 to 2022, Windows 11 (versions 23H2, 22H2, and 21H2), and Windows 10 (versions 22H2, 21H2, and Enterprise 2015 LTSB). Microsoft also provided guidance for users to prevent the SBAT update and steps to restore dual-boot systems.

Winsage

April 24, 2025

Microsoft security patch opens up new security vulnerability

Microsoft's recent update aimed at fixing a security vulnerability (CVE-2025-2104) has unintentionally created an "inetpub" folder on the system drive of Windows operating systems. This folder's creation has raised concerns among IT security researchers, particularly Kevin Beaumont, who warns that it could lead to issues with Windows updates. Users can create junctions that redirect to the "inetpub" folder, potentially causing failures in installing updates and leaving systems vulnerable. Microsoft has stated that the "inetpub" folder should not be deleted and that its presence is part of security enhancements.

AppWizard

April 20, 2025

Boy, 9, with brain cancer fulfills dying wish of seeing ‘Minecraft’ movie

A film crew in Georgia organized a private screening of “A Minecraft Movie” for 9-year-old Kevin Lobello, who was battling terminal brain cancer. Kevin, who had been introduced to Minecraft at age five, received the diagnosis of diffuse intrinsic pontine glioma (DIPG) in February. His mother, Justyne Lobello, sought help on Facebook, leading to the screening arranged by industry friends. The event featured a themed carpet and a FaceTime call from actors Jason Momoa and Jack Black. Kevin passed away 11 days after the screening, and his mother is now raising awareness about DIPG, which affects 150 to 300 children in the U.S. each year, with a median survival rate of eight to eleven months.