enterprise environments Archives

Winsage

June 2, 2025

Microsoft Issues New Emergency Update For Windows Users

Microsoft has released an emergency out-of-band update, KB5062170, to address issues from the May 13, 2025 Windows security update (KB5058405), which failed to install on some Windows 11 devices, showing error code 0xc0000098. The new update fixes an issue with the ACPI.sys driver and is available via the Update Catalog. It primarily impacts enterprise environments, particularly virtual setups like Azure Virtual Machines and Azure Virtual Desktop, while home users are less affected. KB5062170 includes all enhancements from the May 2025 non-security preview update and supersedes prior updates, requiring a device restart after installation.

Winsage

May 31, 2025

New Malware Compromise Microsoft Windows Without PE Header

A new strain of malware has been operating undetected on Windows systems for several weeks, utilizing advanced evasion techniques that corrupt its Portable Executable (PE) headers to avoid detection. Security researchers discovered this malware embedded in the memory of a compromised system during an investigation, using a 33GB memory dump that revealed its presence in a dllhost.exe process with process ID 8200. The malware, classified as a Remote Access Trojan (RAT) by Fortinet, employs batch scripts and PowerShell commands for its attack and has capabilities for screenshot capture, remote server functionality, and system service manipulation. Its command and control infrastructure uses encrypted communications, complicating detection efforts. The malware's distinctive feature is the deliberate corruption of DOS and PE headers, which hinders reverse engineering and complicates the reconstruction of the executable from memory dumps. Researchers had to manually locate the malware’s entry point and resolve complex import tables for it to function in a controlled environment.

Winsage

May 30, 2025

Microsoft May Patch Tuesday fails on some Windows 11 VMs

Microsoft's recent Patch Tuesday update for Windows 11 has faced significant issues, particularly affecting users on versions 22H2 and 23H2. The installation of the May 13 update is failing on some machines, especially in virtual environments, leading to recovery mode entries and boot errors. Users are advised to avoid the update temporarily. The error message indicates a problem with the ACPI.sys file, which is crucial for managing hardware resources. Windows 11 Home and Pro users are likely unaffected, as virtual machines are typically used in enterprise settings. Microsoft has not provided the number of impacted users or a workaround beyond uninstalling the patches, but engineers are working on a resolution. This incident follows previous patching challenges faced by Microsoft this year, including an emergency update for Windows 10 and issues with Remote Desktop sessions in earlier updates.

Winsage

May 29, 2025

Securing Windows Endpoints in 2025 Enterprise Environments

In 2025, 61% of organizations worldwide have adopted Zero Trust initiatives, up from 24% in 2021. Microsoft's Zero Trust framework centralizes security policy enforcement through the cloud, with integrated solutions like Microsoft Defender for Endpoint. AI is now a critical component of endpoint security, enabling systems to detect irregularities and autonomously isolate compromised devices. Microsoft introduced Quick Machine Recovery (QMR) to allow IT administrators to fix unbootable PCs remotely. Windows Server 2025 features enhanced security measures, including advanced algorithms and a customized security baseline with over 350 preconfigured settings. Additionally, 75% of organizations are consolidating security vendors, favoring comprehensive platforms like SentinelOne Singularity and Microsoft Defender XDR. Windows Defender Application Control (WDAC) has been enhanced to better regulate application usage, with Microsoft promoting its adoption over AppLocker.

Tech Optimizer

May 23, 2025

Cloudflare, Microsoft & police disrupt global malware service

Cloudflare, in collaboration with Microsoft and international law enforcement, has dismantled the infrastructure of LummaC2, an information-stealing malware service. This initiative led to the seizure and blocking of malicious domains and disrupted digital marketplaces used by criminals. Lumma Stealer operates as a subscription service providing threat actors access to a central panel for customized malware builds and stolen data retrieval. The stolen information includes credentials, cryptocurrency wallets, and sensitive data, posing risks of identity theft and financial fraud. Lumma Stealer was first identified on Russian-language crime forums in early 2023 and has since migrated to Telegram for distribution. Its proliferation is facilitated by social engineering campaigns, including deceptive pop-ups and bundled malware in cracked software. Cloudflare implemented measures to block access to Lumma's command and control servers and collaborated with various authorities to prevent the criminals from regaining control. Mitigation strategies for users include restricting unknown scripts, limiting password storage in browsers, and using reputable endpoint protection tools. The operation has significantly hindered Lumma's operations and aims to undermine the infostealer-as-a-service model contributing to cybercrime.

Winsage

May 21, 2025

Windows 11 Pro may be the most underrated PC gaming upgrade ever at $15

Windows 11 Pro is available for .97 until June 1, marking its lowest price ever (regularly priced at 9). It offers features like DirectX 12 Ultimate for enhanced gaming performance, Windows Copilot for AI assistance, and robust security features including BitLocker encryption and secure boot. Additional features include Snap Layouts, Virtual Desktops, Remote Desktop Access, Hyper-V, and Microsoft Teams integration.

Winsage

May 19, 2025

Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution

A critical vulnerability, designated as CVE-2025-21297, has been identified in Microsoft’s Remote Desktop Gateway (RD Gateway) due to a use-after-free (UAF) bug linked to concurrent socket connections during the service's initialization. This flaw, located in the aaedge.dll library within the CTsgMsgServer::GetCTsgMsgServerInstance function, allows multiple threads to overwrite a global pointer, leading to potential arbitrary code execution. The vulnerability affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft released security updates in May 2025 to address the issue, implementing mutex-based synchronization. The updates are KB5050011 for Windows Server 2016, KB5050008 for Windows Server 2019, KB5049983 for Windows Server 2022, and KB5050009 for Windows Server 2025. Security experts recommend applying these patches promptly and monitoring RD Gateway logs for unusual activity.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Winsage

May 6, 2025

Microsoft pushes fix for Windows 11 update 0x80240069 errors

Microsoft has resolved an issue that affected the delivery of Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) after the installation of the April 2025 security updates. Users reported upgrade problems, specifically encountering error code 0x80240069 during attempts to update from Windows 11 23H2 or 22H2. The update complications primarily impact enterprise environments using WSUS, while home users are less likely to experience these issues. Microsoft is rolling out a fix through Known Issue Rollback (KIR) for enterprise-managed devices, requiring IT administrators to implement the KIR Group Policy on affected endpoints. Additionally, Microsoft is addressing a separate issue where some PCs were upgraded to Windows 11 despite Intune policies preventing such upgrades.

Winsage

April 21, 2025

Intune flaw pushed Windows 11 upgrades on blocked devices

Microsoft identified a "code issue" within its Intune device management software as the reason for the unintended rollout of Windows 11 to devices not designated for the upgrade. The flaw triggered upgrades despite existing policies meant to prevent them. Microsoft is working on a fix and has advised organizations to pause Windows updates via Intune to avoid further issues. Devices that received the upgrade erroneously will need manual intervention to revert to their previous version. This incident follows a similar occurrence in November 2024, where customers experienced unexpected upgrades from Windows Server 2022 to Windows Server 2025. Microsoft attributed that incident to third-party products used for managing server updates. Additionally, a month prior, Microsoft retracted a preview update for Windows 11 due to severe issues causing crashes.