deletion Archives

Winsage

February 22, 2025

Announcing Windows 11 Insider Preview Build 26120.3291 (Dev and Beta Channels)

Windows 11 Insider Preview Build 26120.3291 (KB5052080) has been released for the Dev and Beta Channels, introducing enhancements for Snapdragon-powered Copilot+ PCs. Key updates include an improved Windows Search feature that allows users to find cloud-stored files directly from the taskbar search box and a refined Recall (Preview) experience, which will delete previous snapshots but continue saving new ones if enabled in Settings. For Beta Channel users, the same updates are available as optional upgrades, with plans to make them recommended later this year. Insiders can switch from the Dev to the Beta Channel while both channels share identical build numbers, but this option will close once the Dev Channel progresses to higher build numbers. The improved Windows Search feature supports finding cloud-stored photos by describing them, available for users signed into OneDrive with a personal Microsoft account. Support for third-party cloud providers is expected soon. The update also includes fixes for live captions, File Explorer reliability, and issues with Remote Desktop. Known issues include inaccuracies in build version display after a PC reset and problems with Recall not saving snapshots automatically. An update to the Snipping Tool introduces a new trim feature for screen recordings, allowing users to adjust start and end times.

Winsage

February 21, 2025

New Windows 11 preview build improves privacy for European users

Microsoft's latest Windows 11 Insider Preview Build, 26120.3281 (KB5052086), introduces several privacy-focused changes. The Location History API has been removed, meaning Windows will no longer retain location data locally. Additionally, the update removes "account-based content" from File Explorer sections for users of Entra ID, aligning with GDPR regulations and affecting only customers in the European Union. Other features include improved OneDrive document resumption between devices and updates to the Recall feature, which will delete existing Recall snapshots.

Winsage

February 19, 2025

Microsoft declutters Windows 11 File Explorer for GDPR

Microsoft released the Windows 11 24H2 preview build, 26120.3281, in the Dev and Beta channels, marking the end of the Location History API and addressing European privacy regulations. The Location History feature, which allowed Cortana to access location data for up to 24 hours, has been removed, meaning location data will no longer be saved locally. Microsoft has also disabled account-based content in File Explorer for Entra IDs within the European Economic Area (EEA) to comply with privacy laws, affecting sections like Recent, Favorites, and Recommended content. Additionally, a new feature will allow users to resume OneDrive files from mobile devices to PCs with one click, but an upcoming change will delete all existing snapshots in Recall. There is no timeline for when these updates will be available to the general public.

Winsage

February 18, 2025

Earth Preta APT Exploit Microsoft Utility Tool to Control Windows

Researchers from Trend Micro's Threat Hunting team have identified a cyberattack campaign by the APT group Earth Preta, targeting government entities in the Asia-Pacific region, including Taiwan, Vietnam, Malaysia, and Thailand. The group uses spear-phishing emails and advanced malware to compromise Windows systems, notably employing the Microsoft Application Virtualization Injector (MAVInject.exe) to inject malicious payloads into legitimate processes. The attack typically begins with a malicious file, IRSetup.exe, which drops both legitimate and malicious files onto the system, often accompanied by a decoy PDF posing as an official document. Earth Preta utilizes a modified variant of the TONESHELL backdoor malware, sideloaded using OriginLegacyCLI.exe and a malicious DLL, EACore.dll. This malware communicates with a command-and-control server for data exfiltration and remote operations, offering capabilities such as reverse shell access, file deletion, and persistent storage of victim identifiers. The malware adapts its behavior based on the presence of ESET antivirus software, using different techniques for code injection. Trend Micro attributes this campaign to Earth Preta with medium confidence, noting that the group has compromised over 200 victims since at least 2022, primarily focusing on government entities and using phishing as the initial attack vector.

Winsage

February 17, 2025

Windows 11 and 10 receive key security improvements

Microsoft has released significant updates for Windows 11 and Windows 10, focusing on system security and user-friendly features. The February 2025 update includes security patches and functional improvements for both operating systems. For Windows 11 users on versions 23H2 and 24H2, notable features include automatic tab restoration in File Explorer, quick access to Windows Studio Effects from the taskbar for devices with Neural Processing Units (NPU), refined taskbar app preview animations, and improvements to Auto HDR for better visual clarity in games. Additionally, issues with slow shutdowns when game controllers are connected and USB camera recognition have been addressed. For Windows 10 users on builds 19044.5487 and 19045.5487, the update integrates the new Outlook app into the system menu while preserving existing email settings and fixes a virtual memory leak issue that caused crashes in resource-intensive applications. Both updates address 55 security vulnerabilities, including: - CVE-2025-21391: risk of unauthorized file deletion in Windows storage - CVE-2025-21377: NTLM hash leakage potentially compromising user accounts - CVE-2025-21194: flaw in the hypervisor that could bypass UEFI security Users are advised to install these updates promptly due to the increased risk of exploitation. Some features will be rolled out gradually over the coming weeks.

Winsage

February 13, 2025

Don’t ignore Microsoft’s February Patch Tuesday – it’s a big one for all Windows 11 users

Microsoft's February Patch Tuesday updates, released on February 11, include KB5051987 for Windows 11 24H2 and KB5051989 for Windows 11 23H2. The updates introduce enhancements to the Taskbar and File Explorer, including improved previews and animations for Taskbar icons, a new icon in the System Tray for Windows Studio Effects, and a new simplified Chinese font named Simsun-ExtG. A feature allowing certain applications to automatically restart after signing back in has also been added. File Explorer now includes a "New Folder" command in the context menu and can restore previously open tabs at logon. The updates fix various bugs, including issues with Auto HDR in games, playback interruptions for USB audio devices, and problems with USB audio drivers. They also address issues from the January 2025 security update, such as USB camera recognition and slower shutdown processes with connected controllers. On the security side, the update resolves 56 vulnerabilities, three of which are critical. Notable vulnerabilities include CVE-2025-21391 (file deletion), CVE-2025-21418 (remote code execution), CVE-2025-21377 (authentication spoofing), and CVE-2025-21376 (malicious code execution). The updates are set to install automatically, but users can check for updates manually through Windows Update.

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.

Winsage

February 11, 2025

Zero Day Initiative — The February 2025 Security Update Review

Adobe released seven bulletins in February 2025, addressing 45 CVEs across products such as InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. The updates include: - InDesign: Seven bugs fixed, four rated Critical. - Illustrator: Three critical bugs allowing arbitrary code execution when opening malicious files. - Substance 3D Stager: One DoS bug fixed. - InCopy: One critical-rated code execution vulnerability patched. - Substance 3D Designer: One critical-rated code execution vulnerability patched. - Photoshop Elements: One important-rated privilege escalation vulnerability addressed. None of the patched vulnerabilities were publicly known or under active attack at the time of release. Microsoft released patches for 57 new CVEs affecting Windows, Office, Azure, Visual Studio, and Remote Desktop Services, totaling 67 CVEs including third-party submissions. The severity ratings are: - 3 rated Critical - 53 rated Important - 1 rated Moderate Two vulnerabilities are publicly known, and two are under active attack. Notable vulnerabilities include: - CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability allowing file deletion and privilege escalation. - CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability requiring authenticated user interaction. - CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability allowing unauthenticated remote code execution. - CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability exploitable through the Preview Pane requiring user interaction.

AppWizard

February 11, 2025

Samsung keeps adding new features to the Messages app it supposedly sunset

Samsung has updated its Messages app with new features, including the ability to edit messages sent to other Galaxy devices running One UI 7, allowing up to three edits within 15 minutes after sending. Each edited message is marked, and a history of edits can be accessed. Additionally, there is an auto-delete function for one-time password (OTP) messages, which deletes them after 24 hours and permanently after 30 days. These features are reportedly available on the Galaxy S25, but some users have faced limitations based on regional software versions. The editing feature is likely limited to RCS messages, as SMS does not support it. Despite previous statements about phasing out the Messages app, the updates suggest Samsung's continued commitment to it.