documentation

Winsage
June 29, 2026
Major PC manufacturers, including HP, Dell, ASUS, Lenovo, MSI, Acer, Samsung, LG, and Microsoft’s Surface division, have provided guidance on transitioning to new Secure Boot certificates as the expiration of Microsoft’s 2011 certificates approaches. The expiration will occur in three phases: Microsoft Corporation KEK CA 2011 expired on June 24, 2026; Microsoft UEFI CA 2011 expired on June 27, 2026; and Microsoft Windows Production PCA 2011 is set to expire on October 19, 2026. Microsoft has begun rolling out replacement certificates through Windows Update, contingent on OEMs providing compatible BIOS updates. ASUS offers detailed documentation for both consumer and commercial devices, confirming that most users will receive updates automatically. Lenovo provides direct download links for BIOS updates organized by product family and specifies which products will not receive updates. Dell's support article covers its entire product lineup, noting that devices with an End of Service Life before January 1, 2026, will not receive updates. HP outlines a dual-track approach for updates, with specific timelines for commercial PCs. Microsoft's Surface devices receive updates directly from Microsoft, while MSI categorizes guidance based on processor generation for its laptops. Acer emphasizes backing up the BitLocker recovery key and provides a model table for confirmed BIOS release dates. Samsung confirms that all PCs running Windows 10 or 11 will function normally post-expiration, but security updates will cease. LG has released a guide for checking BIOS updates for its PCs. To verify if a PC has the 2023 certificates, users can check the Secure Boot section in Windows Security. A green checkmark indicates successful application, while yellow or red icons indicate pending updates or incompatibility. Microsoft has pushed the certificates to all eligible devices as of June 2026.
AppWizard
June 27, 2026
The Kentucky State Police (KSP) has opened applications for Cadet Class 108, as announced by Governor Andy Beshear. The starting salary for sworn officers has been increased to ,000 annually, with opportunities for 100 hours of overtime. Cadets will receive mileage reimbursement while attending the academy, which features a revamped 22-week training curriculum. This training includes over 1,000 hours of classroom instruction and field study covering various topics such as constitutional law, crisis response, and weapons use. Cadet Class 108 will begin in May 2027, and applications must be submitted by October 15, 2026, through JoinKSP.com.
Winsage
June 26, 2026
Windows 11 users are experiencing delays during the shutdown process, attributed to the Background Intelligent Transfer Service (BITS). Microsoft has released an optional update, KB5095093, to address this issue by improving the shutdown time of the BITS service. The update is expected to reduce unexpected freezes linked to BITS and also includes enhancements in Bluetooth functionality. Users must manually install the update via Windows Update or the Microsoft Update Catalog, with improvements set to be included in July’s main update.
Winsage
June 25, 2026
Microsoft has extended the support timeline for Windows 10 by initiating the Extended Security Updates (ESU) program, which provides an additional year of essential security updates until October 12, 2027. Users can enroll in the ESU program until it ends, and those already enrolled will have their coverage automatically continue through that date. The ESU program, previously a paid feature for businesses, is now available to regular consumers at no additional cost.
Winsage
June 25, 2026
Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.
Winsage
June 24, 2026
Microsoft has announced enhancements to its Secure Boot certificate management to improve the security of Windows operating systems. Key features include improved certificate management for easier handling, automated updates for Secure Boot certificates to reduce manual intervention, and enhanced user guidance through resources on Microsoft Learn.
Winsage
June 22, 2026
In the June 9, 2026 Patch Tuesday update for Windows 11, users experienced a bug where the Recycle Bin's confirmation dialog for permanent deletions displayed internal file names (e.g., $Rxxxxx.ext) instead of original filenames. Microsoft acknowledged this issue in its documentation for Windows 11 version 26H1. The Recycle Bin still correctly shows original filenames, and restoring items also uses the original names. This bug arose after installing the June security update (KB5095051), but file management remains functional. Microsoft plans to address this issue in a future update.
Search