firmware Archives

Winsage

June 20, 2025

Windows 10 is dying as scams skyrocket. We asked a security expert for advice

In this week's episode of The Full Nerd, hosts Adam Patrick Murray, Alaina Yee, Will Smith, and guest Mike Danseglio discuss the end of Windows 10 and its security implications, the rise of scams, and various online security concerns. They explore user transitions to Windows 11, Linux, and vulnerabilities in communication methods. A recent vulnerability allows hackers to steal encryption keys from AMD Ryzen CPUs, prompting firmware updates for users of the Ryzen 3000 series or newer. Asus Armoury Crate users are advised to update due to a critical flaw that could grant hackers administrative rights. Cloud gaming is gaining traction among gamers under 40, provided latency issues are resolved. DDR4 memory prices are rising, indicating a decline of AMD’s AM4 platform. Anker has recalled older power banks due to fire hazards, and Framework has launched a new 2-in-1 DIY laptop. AMD has shared promising benchmarks for its upcoming Ryzen Threadripper 9000 series.

AppWizard

June 20, 2025

Google might give At a Glance a Gemini makeover with extra smarts

Google is planning to develop its own version of Samsung’s Now Bar to enhance the At a Glance experience on Pixel devices. The upcoming Pixel 10 may feature a significant upgrade, potentially rebranded as Gemini Space, which could include live sports scores and financial market summaries on the lock screen. Initial hints of this feature were found in the Android 16 QPR1 Beta 1, with a system configuration file labeled "Ambient Data" discovered in the firmware for the Pixel 9 Pro and Pixel 8 Pro. References to an "Ambience Hub" have also been found, suggesting a new way to present information on the lock screen. The Android System Intelligence app, which supports the At a Glance widget, has revealed mentions of Gemini Space and features like finance recaps and sports updates. These upgrades are expected to be incorporated into the Pixel Launcher’s At a Glance widget, although they remain speculative.

Winsage

June 16, 2025

With Windows 10 EOL On the Horizon, It’s Time to Replace Rather Than Upgrade

The end of support for Windows 10 is set for October 14, 2025, after which users will not receive security updates, bug fixes, or technical support, exposing them to cyber threats. Many legacy PCs do not meet the system requirements for Windows 11, leading to potential compatibility issues and performance problems if upgraded. Investing in a new Windows 11-compatible PC ensures better performance, energy efficiency, and long-term support, with built-in security features like TPM 2.0 and Secure Boot. Transitioning to Windows 11 offers advantages such as an improved user interface, integrated AI tools, enhanced default apps, personalizable workspaces, and better visuals. Continuing to use an unsupported Windows platform after 2025 can result in compliance issues, data loss, and increased maintenance costs. Replacing hardware rather than upgrading can mitigate these risks and ensure access to ongoing security features.

Winsage

June 16, 2025

Microsoft Weekly: redesigned Windows 11 Start menu, Xbox handheld is here, and more

Microsoft has released Patch Tuesday updates for June 2025, with Windows 10 receiving KB5060533 and Windows 11 receiving KB5060842 and KB5060999. The Windows Insider Program has unveiled several new builds, including a redesigned Start menu in build 26200.5641 and various enhancements in other builds. Microsoft has introduced Copilot Vision with Highlights for Windows, currently available in the U.S. for two applications. A quirky bug in the latest builds causes Windows 11 to play the Windows Vista startup sound. Microsoft Edge received an update in the Dev Channel, while Firefox rolled out version 139.0.4. Microsoft announced enhancements to Outlook and OneDrive for Mac. New Xbox handhelds, the ROG Xbox Ally and ROG Xbox Ally X, were unveiled, optimized for gaming. Steam's Next Fest allows free trials of hundreds of games until June 16, 2025, and the Epic Games Store is offering Two Point Hospital for free.

Winsage

June 14, 2025

Will your Mac or Windows PC still get security updates in 2026? Check this chart

Microsoft's Windows 11 operating system has introduced stringent compatibility requirements, making many PCs, some as young as six or seven years old, ineligible for security updates and upgrades. Apple's MacOS update policies are similarly restrictive, with security updates provided for the three most recent versions. When a new version is released, older systems may become unsupported and stop receiving updates. The upcoming MacOS 26 Tahoe is expected to launch in September, at which point MacOS 13 Ventura will cease to receive updates, affecting older Macs. Unsupported models include MacBook Air, MacBook Pro, or Mac Mini from 2017 or earlier, and iMac and Mac Pro models from 2018 or earlier. For Windows PCs, compatibility with Windows 11 generally requires a CPU released in 2019 or later, though some older Intel CPUs may qualify. Microsoft offers a PC Health Check app to assess compatibility, and users can bypass certain checks to install Windows 11. Windows 10 users can pay for security updates for up to three years after support ends in October 2025, a feature not available for Mac users. Security updates for both Mac and Windows PCs are typically available for eight to ten years after the release date.

Winsage

June 12, 2025

UEFI BIOS flaws: SecureBoot bypass and firmware replacement possible

Recent findings have identified two vulnerabilities in various UEFI BIOS versions from multiple manufacturers, compromising the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and replace firmware, particularly in Insyde BIOSes. The issues stem from unprotected NVRAM variables, specifically the "IhisiParamBuffer," which can be manipulated to execute unsigned UEFI binaries. Affected UEFI applications include "DTBios" and "BiosFlashShell" from DTResearch, with a CVSS score of 8.2. Microsoft has added 14 new hashes to its DBX database to mitigate these risks. Additionally, a vulnerability in the Insyde H2O UEFI firmware app allows attackers to infiltrate digital certificates due to the insecure handling of the "SecureFlashCertData" variable, which is incorrectly treated as trusted memory. This flaw, known as "Hydroph0bia," has a CVSS score of 7.8 and enables unauthorized execution of firmware certified with manipulated certificates. Manufacturers are urged to provide firmware updates to address these vulnerabilities, as inconsistent support for locking UEFI variables raises security concerns.

Winsage

June 11, 2025

Microsoft Windows Secure Boot Bypass Confirmed

The second Tuesday of each month is when Microsoft releases monthly security updates for Windows. A significant zero-day vulnerability, CVE-2025-3052, has been identified, affecting all Windows users and allowing a Secure Boot bypass. This vulnerability could compromise system integrity by enabling malware to infiltrate Windows PCs and servers. CVE-2025-3052 is classified as a memory corruption issue within a module signed with Microsoft’s third-party UEFI certificate and can execute unsigned code during the boot process, potentially allowing attackers to install bootkits.

Winsage

June 11, 2025

A worrying Windows SecureBoot issue could let hackers install malware – here’s what we know, and whether you need to update

Researchers at Binarly have identified a critical vulnerability in a widely trusted BIOS update utility that operates on most modern systems using UEFI firmware. This utility, signed with Microsoft’s UEFI CA 2011 certificate, contains a flaw that could be exploited by malicious actors to disable essential security measures and install bootkit malware on personal computers. Microsoft addressed the issue by including a fix in its June 2025 Patch Tuesday cumulative update. The UEFI Secure Boot process is crucial for maintaining system integrity by verifying the authenticity of bootloaders and operating systems.

Winsage

June 11, 2025

Patch your Windows PC now before bootkit malware takes it over

Microsoft's June updates address a significant vulnerability identified as CVE-2025-3052, which allows attackers to gain control over a PC via bootkit malware by bypassing the Secure Boot feature. This memory corruption issue enables unsigned code to run during the boot process, compromising the system's chain of trust. The vulnerability allows an attacker to sign a compromised UEFI application with Microsoft’s third-party certificates, granting it unrestricted execution rights. Although the flaw has not been exploited in real-world scenarios, it has been present since late 2022. Microsoft has released a patch for this flaw, and users of Windows 10 or 11 are advised to download the latest updates to protect their PCs. Additionally, June's Patch Tuesday addressed a total of 66 weaknesses, including another Secure Boot flaw (CVE-2025-4275) and a zero-day vulnerability (CVE-2025-33053).

AppWizard

June 8, 2025

5 Android apps I run on my Raspberry Pi to improve my home

Running Android on a Raspberry Pi allows users to enhance their smart home experience by utilizing Waydroid to execute Android applications. The Shelly Smart Control app provides a user-friendly interface for managing Shelly devices, offering local control and cloud syncing. The Home Connect app enables control of smart appliances from brands like Bosch and Siemens, allowing centralized monitoring and automation. Fully Kiosk Browser turns the Raspberry Pi into a wall-mounted dashboard for displaying smart home information. The Aqara Home app facilitates local control of Aqara sensors and hubs, integrating with Home Assistant for device management. The Home Assistant Companion app provides seamless access to Home Assistant functionalities, including notifications and custom dashboards.