elevation Archives

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

Winsage

May 13, 2026

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft's May 2026 security update addresses 137 vulnerabilities, with 31 classified as critical. None of these critical vulnerabilities are currently being exploited in active attacks. Sixteen of the critical vulnerabilities involve remote code execution (RCE) issues in Microsoft products, including Microsoft Office, Microsoft Word, and Azure. Specific vulnerabilities include: - CVE-2026-32161: A use-after-free vulnerability in the Windows Native WiFi Miniport Driver. - CVE-2026-40358: A use-after-free vulnerability in Microsoft Office. - CVE-2026-41089: A stack-based buffer overflow in Windows Netlogon. Additional important vulnerabilities flagged include: - CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. - CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability. - CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Talos is releasing a new Snort ruleset to detect attempts to exploit these vulnerabilities, and users are advised to update their Cisco Security Firewalls and acquire the latest rule pack via Snort.org.

Winsage

May 11, 2026

Microsoft finally re-adds refreshing File Explorer to the right-click menu

Microsoft's latest Experimental build for Windows 11, numbered 26300.8376, reintroduces the 'Refresh' option to the right-click menu in File Explorer, allowing users to reload the view. Additionally, the 'Print' option has been moved from the "Show more options" submenu to the main context menu, streamlining the printing process. These enhancements were discovered by a user known as PhantomOfEarth.

AppWizard

May 3, 2026

Space strategy game Sins of a Solar Empire 2 drops its gen-AI artwork amid a huge new UI overhaul

A substantial update for Sins of a Solar Empire 2, named 'UI Horizons,' has been released, removing AI-generated art and replacing it with portraits created by human artists. The update includes a redesigned front-end menu, the return of an in-game map editor, and a new faction selection screen with detailed faction information. Enhancements have been made to single-player and multiplayer lobby screens, along with improved customization options for the random map function. New defensive tools for all factions and balance adjustments have been implemented, including increased costs for certain Vasari capital ships and construction expenses. The Advent faction's AI has received improvements for better strategic use of abilities. Save game files have been compressed by over 70%, and engine improvements have enhanced missile targeting and unit formation handling. Modders will need to update existing mods for compatibility, and players can revert to earlier game versions through Steam if needed.

AppWizard

May 2, 2026

Heroes of Might and Magic: Olden Era sold 250,000 copies and ‘broke even on development costs’ in 1 day

Heroes of Might and Magic: Olden Era sold over 250,000 copies within its first day of early access. It received 91% positive reviews from more than 3,500 user reviews on Steam, achieving a "very positive" overall rating. The game reached a peak concurrent player count of nearly 52,000 on Steam and is currently among the top-selling games on the platform. The first patch for the game has been released, which includes bug fixes, network enhancements, balance adjustments, and localization fixes.

Winsage

April 24, 2026

Microsoft beefs up Remote Desktop security with … hard-to-read messages

Microsoft has released an update to improve the security of its Remote Desktop feature, which includes a warning for users opening Remote Desktop (.rdp) files. However, this warning is not displaying correctly for some users due to a bug identified in the Known Issues list after the April 14 update. The issue primarily affects users with multiple monitors set to different display scaling, leading to overlapping text or obscured buttons. Microsoft has advised users to synchronize their display scaling settings or use keyboard navigation as a workaround. The company plans to address this issue in a future Windows update but is not issuing an Out-of-Band update specifically for it. Additionally, a serious vulnerability (CVE-2026-40372) was discovered in the .NET framework, affecting versions 10.0.0 to 10.0.6, which requires immediate attention. This vulnerability impacts all Windows versions that received the update, including Windows 11 26H1.

AppWizard

April 21, 2026

Minecraft Maps Guide: How to Master the 1.21 Grid and Find Trial Chambers | Attack of the Fanboy

Maps in Minecraft have become essential for navigating underground Trial Chambers introduced in the 1.21 Tricky Trials update. Players can create maps using a Cartography Table, which requires only two pieces of paper and four wooden planks, making it more efficient than the traditional crafting table method. An empty map costs one piece of paper, and scaling maps up or down also only requires one piece of paper. For Bedrock Edition players, creating a locator map with a compass is necessary to display their position. Maps can be scaled from level 0 to level 4, with each level covering increasingly larger areas but with less detail. Level 0 covers a 128 by 128 block area, while level 4 spans 2048 by 2048 blocks. The Trial Explorer Map, obtainable from a Cartographer for 12 emeralds and a compass, helps players locate Trial Chambers, which are hidden within deepslate layers at Y levels between 0 and -64. Minecraft maps do not center on the player but snap to a fixed grid, requiring players to move specific distances to align maps correctly. Players can use a white dot that appears on the edge of their map for navigation and can mark locations using renamed banners. Additionally, maps display the highest block in a vertical column, allowing for creative map art projects. The lore suggests a connection to an ancient civilization of builders, with villagers continuing their legacy through cartography.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

AppWizard

April 10, 2026

Review: Forza Horizon 6 Is a Racing Game That’s Fun without a Sim Rig

Forza Horizon 6 is set to launch on Xbox and PC on May 19, 2026, with a later release for PlayStation 5. The game emphasizes enjoyment over complexity, allowing players to engage in casual racing without intricate setups. It features a garage customization option that rivals city-building games, extensive vehicle aesthetic upgrades, and an immersive representation of Japan with diverse biomes and seasonal changes. Players can drive various impressive cars, including the 641-hp Toyota GR GT and a widebody Nissan Silvia. The game is available for preorder through the Microsoft Store, Steam, or for wishlisting on PlayStation, with early access for Game Pass Ultimate and PC Game Pass subscribers starting May 15.