device driver Archives

Winsage

January 20, 2026

Microsoft veteran explains the one weird trick that made Windows 95 restart faster

Microsoft's Raymond Chen discussed the "Shift during Restart" trick in Windows 95, which allowed users to bypass a lengthy reboot process. This was achieved by sending the EW_RESTARTWINDOWS flag to the 16-bit ExitWindows function, leading to a series of shutdowns involving the 16-bit Windows kernel and the 32-bit virtual memory manager. The CPU would then revert to real mode, allowing win.com to take control and initiate protected-mode Windows. Chen explained that .com files are allocated all available conventional memory upon launch, which can be returned to the system. Win.com efficiently releases excess memory, but if another program occupies that space, memory fragmentation can occur, preventing win.com from restoring the system and resulting in a full reboot. This engineering solution provided a smoother user experience, contrasting with modern Windows users who face disruptive update notifications.

Winsage

December 23, 2025

Agentic Postgres: Postgres for Agentic Apps with Fast Forking and AI-Ready Features

Tiger Data has launched Agentic Postgres, a database solution built on Postgres for AI agents and developers. It features rapid forking capabilities, a multi-channel processing (MCP) server, and native support for BM25 and vector searches via a command-line interface (CLI). The MCP server allows users to interact with agents through high-level prompts for tasks like schema design. Agentic Postgres includes two advanced plugins to enhance search functionalities: an upgraded pgvectorscale for improved indexing and pg_textsearch for BM25 keyword ranking. The core of the platform is Fluid Storage, a distributed storage system that enables rapid, zero-copy forks of production data. Tiger Data highlights the importance of fluidity in database management for agentic software, which requires quick scaling and modifications. The growing needs of developers for integrated solutions reflect a shift due to AI advancements. Competitors in the market include Firebolt, Weaviate, and Qdrant. A free tier for Agentic Postgres is available, offering access to various features with limitations.

Winsage

November 17, 2025

Custom Windows Event Viewer log notifications upped my debugging game

Windows Task Scheduler can be configured to monitor system events and send notifications for anomalies, allowing users to proactively address issues before they escalate. Users can set up custom notifications by specifying Event IDs in the Task Scheduler. Common Event IDs for debugging include: - Application crash: Event ID 1000 (Application Error) - Application hang: Event ID 1002 (Application Hang) - Service failure: Event ID 7000 (Service Control Manager) - Service stopped: Event ID 7036 (Service Control Manager) - Disk/I/O issues: Event ID 129 (Disk or NTFS) - Group policy failure: Event ID 1058 (Microsoft-Windows-GroupPolicy) - Driver error: Event ID 7023 (Service Control Manager or Kernel-PnP) - Failed logon: Event ID 4625 (Microsoft-Windows-Security-Auditing) - User account locked out: Event ID 4740 (Microsoft-Windows-Security-Auditing) - Audit log cleared: Event ID 1102 (EventLog) - Unexpected system shutdown: Event ID 41 (Kernel-Power) To set up notifications, users can create a PowerShell script that performs specific actions based on the event type, such as sending an email for critical alerts or displaying on-screen messages for less critical events. This setup enables effective monitoring without the need for third-party applications.

Tech Optimizer

October 23, 2025

Introducing Agentic Postgres, the Database for AI Agents

Agentic Postgres is the first database specifically designed for agents, reflecting the growing influence of AI in software development. It features a new MCP server that allows agents to interact with the database effectively, including built-in master prompts for tasks like schema design and query tuning. The database includes native full-text and semantic search capabilities, enhanced indexing, and a new copy-on-write block storage layer that enables instantaneous database forking. A new command-line interface (CLI) simplifies user engagement, and a free tier is available for immediate access. Agentic Postgres operates on Fluid Storage, a distributed storage layer that supports scalability and performance. The platform aims to empower developers by allowing them to focus on higher-level challenges while agents handle repetitive tasks.

Winsage

October 16, 2025

Patch Tuesday: Windows 10 end of life pain for IT departments

Microsoft has ceased support for Windows 10 and released a significant Patch Tuesday update addressing several zero-day vulnerabilities, including CVE-2025-24990, which involves a legacy device driver that has been completely removed from Windows. This driver, the Agere Modem driver (ltmdm64.sys), supports hardware from the late 1990s and early 2000s and has not kept pace with modern security practices. The removal of the driver is a strategic decision to reduce security risks associated with outdated components, as patching such legacy code can lead to instability and may not effectively resolve vulnerabilities. Another vulnerability addressed in the update is CVE-2025-2884, related to the Trusted Platform Module (TPM) 2.0 reference implementation. Additionally, CVE-2025-49708, a critical vulnerability in the Microsoft Graphics Component with a CVSS score of 9.9, poses severe risks by allowing a full virtual machine escape, enabling attackers to gain system privileges on the host server from a low-privilege guest VM. Security experts recommend prioritizing patches for this vulnerability to maintain the integrity of virtualization security.

Winsage

October 15, 2025

Patch Tuesday: Windows 10 end of life pain for IT departments

The conclusion of support for Windows 10 has led to the discovery of several zero-day vulnerabilities, including CVE-2025-24990, which involves a legacy device driver that Microsoft has removed. This driver, associated with the Agere Modem, has not been updated to meet modern security standards and is actively exploited by attackers. Microsoft opted to remove the driver rather than patch it, as patching could lead to system instability. Another vulnerability, CVE-2025-2884, relates to the Trusted Platform Module (TPM) 2.0, with Microsoft treating it as a zero-day despite its involvement with the Trusted Computing Group. Additionally, CVE-2025-49708, a flaw in the Microsoft Graphics Component, has a CVSS score of 9.9 and allows attackers to escape from a guest virtual machine to the host operating system, posing significant security risks.

Winsage

October 13, 2025

The importance of upgrading to the latest Windows operating system …

Windows 10 was released in July 2015 and is now at its end of life, with no further updates. Windows 11 was introduced in October 2021, offering enhanced security features and requiring specific hardware specifications such as TPM 2.0 and Secure Boot. Extended support for Windows 10 will continue until October 2026 for consumers using Microsoft's cloud for backups, while corporate devices require an Extended Security Updates subscription for updates. The National Cyber Security Centre (NCSC) has warned of security risks associated with outdated operating systems, citing past vulnerabilities and attacks. A report by Forrester highlights the security improvements in Windows 11, including Smart App Control and improved administrator protections. Recent analysis shows a 33% decrease in Windows 10 devices, with projections indicating approximately 121 million PCs will remain operational by the end of support on October 14. Microsoft aims to transition features to user space to enhance security, but challenges exist for older hardware. Windows 11 includes a secure-by-default configuration and integrates AI capabilities, with Gartner predicting significant growth in AI PCs by 2025. ARM-based PCs are gaining interest for their battery life, though compatibility issues persist. Microsoft is collaborating with Qualcomm to develop ARM-based Copilot+ PCs, which may provide a viable alternative to traditional x86 hardware.

Winsage

September 12, 2025

Announcing Windows 11 Insider Preview Build 27943 (Canary Channel)

Windows 11 Insider Preview Build 27943 has been released to the Canary Channel, featuring general improvements and fixes. Key fixes include resolving a freezing issue in the Storage settings, addressing a taskbar glitch with app previews, fixing HDR activation problems, and correcting an error related to the Microsoft Pluton Cryptographic Provider. Known issues include potential rollbacks during installation, increased bugchecks on Arm64 PCs, inability to playback GPU captures in PIX, screen flickering in browsers, and audio issues with devices marked in Device Manager. Users experiencing audio issues can attempt to update drivers through Device Manager. The Canary Channel builds may not align with any specific Windows release and features may evolve or be removed. A clean installation is required to exit the Canary Channel.

Tech Optimizer

August 7, 2025

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses

Attackers have been using the ThrottleStop.sys driver to disable antivirus software in compromised networks since October 2024. This driver, designed for CPU throttling, allows malware to gain kernel-level memory access and terminate security processes. Initial access is typically gained through stolen RDP credentials or brute-forced administrative accounts, enabling the deployment of the AV killer alongside ransomware like MedusaLocker. Once inside, attackers extract additional user credentials using tools like Mimikatz and move laterally with Pass-the-Hash techniques. They upload two key components, ThrottleBlood.sys (the renamed driver) and All.exe (the AV killer), to user directories. The malware effectively disables Windows Defender and other endpoint protections, leading to severe data encryption in industries with exposed RDP endpoints, particularly affecting victims in Brazil, Ukraine, Kazakhstan, Belarus, and Russia. Securelist analysts noted that traditional self-defense features in Kaspersky products can counter this AV killer, but many organizations still rely on less effective solutions. The malware exploits two vulnerable IOCTL functions in the ThrottleStop.sys driver, allowing arbitrary memory reads and writes. It uses a loop to match and terminate antivirus processes by invoking kernel functions. The malware avoids detection by restoring original kernel bytes after execution. This situation highlights the need for improved driver integrity monitoring and robust security strategies.