fix Archives

Winsage

May 5, 2025

Microsoft resolves a Windows 10 issue that broke Start menu jump lists

Following the February updates for Windows 10, users reported issues with jump lists and the Start menu, particularly after installing the KB5052077 update. Microsoft identified the problem as stemming from a feature rollout in the Windows 10 22H2 version aimed at enhancing account control. The company acknowledged the bug, stating that users were unable to view jump lists for apps after the updates released on February 25, 2025, and later. The problematic rollout has been paused since April 25, 2025, and a service change implemented at the end of last month is expected to resolve the issues. Microsoft advised affected users to ensure their devices are connected to the internet for an automatic resolution after rebooting.

Winsage

May 4, 2025

Code Smell 298 – How to Fix Microsoft Windows Time Waste

Conditional logic in software development can obscure critical signals, leading to issues such as user delays, poor experiences, unpredictable timeouts, incomplete initialization, hidden dependencies, policy mismanagement, silent failures, and backward compatibility breaks. Solutions include validating all code paths, utilizing default reporting mechanisms, conducting rigorous edge case testing, refactoring policy checks early, implementing performance tests, and positioning reports outside of conditionals. A specific example is provided where Windows 7 had slower login times due to a failure to signal readiness when users selected a solid color background instead of a wallpaper image. This oversight resulted in a 30-second wait instead of a 5-second login process. Effective software design requires consideration of all potential code paths to avoid technical debt and performance issues. Static analysis tools can help identify critical reporting calls guarded by conditionals, and code reviews should ensure all initialization paths signal completion. The correspondence between real-world states and program states is crucial for maintaining user trust in the system. AI generators may inadvertently introduce issues by wrapping legacy code in conditionals without validating all paths.

Tech Optimizer

May 3, 2025

Understanding transaction visibility in PostgreSQL clusters with read replicas

On April 29, 2025, Jepsen released a report on transaction visibility behavior in Amazon RDS for PostgreSQL and its Multi-AZ clusters, which has been acknowledged since at least 2013. The report identifies a Long Fork anomaly affecting the visibility order of transactions between primary and replica nodes in cluster configurations, which does not lead to data loss or corruption and is absent in Single-AZ deployments. This anomaly allows two readers to see transactions in different sequences, breaching Snapshot Isolation. It affects all isolation levels in community PostgreSQL and can also occur in self-managed deployments. The issue has been discussed extensively in the PostgreSQL community, and potential solutions, including synchronizing visibility with commit order using Commit Sequence Numbers, have been proposed. AWS has established the PostgreSQL Contributors Team to address this anomaly and enhance PostgreSQL's capabilities.

Winsage

May 2, 2025

Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords

Microsoft has decided not to address a significant security vulnerability in its Windows Remote Desktop Protocol (RDP) that allows users to log into machines using outdated cached passwords, even after those passwords have been updated or changed. This situation creates a potential backdoor for unauthorized access, raising security concerns. Microsoft defends this functionality as a design choice to prevent users from being locked out of their machines, prioritizing accessibility over security.

Winsage

May 1, 2025

Microsoft RDP apparently lets you log in with expired passwords – and it apparently doesn’t have plans to fix the issue

Security researcher Daniel Wade has revealed that Microsoft’s Remote Desktop Protocol (RDP) allows users to log into systems using previously revoked passwords, raising concerns about user security. Wade highlights that this feature undermines the trust users place in password management, as changing passwords is expected to prevent unauthorized access. This issue affects a wide range of users, from individuals to employees in small businesses and hybrid work environments. Despite the increasing sophistication of cyberattacks on password managers, Microsoft has stated it will not change this RDP functionality.

Winsage

May 1, 2025

Windows 11 update failure stops machines from updating to version 24H2 using WSUS

Business and enterprise users are facing challenges upgrading to Windows 11 24H2 due to an issue stemming from an update released on April 8th, which primarily affects machines using Windows Server Update Services (WSUS). Windows 11 Home users are not impacted by this issue. Microsoft is investigating a fix but has not yet provided a solution, leaving users who installed the April 8th update unable to upgrade. The affected versions of Windows 11 include 23H2 and 22H2.

Winsage

May 1, 2025

Windows 11 April security patch quietly blocks 24H2 update, but are you impacted?

Microsoft is preparing to release the Windows 11 25H2 update in October, aimed at facilitating the transition to Windows 11 24H2. However, the rollout of Windows 24H2 has faced issues, with many PCs experiencing blocks due to third-party applications and technical problems. The April security patch, released on April 8, has complicated the upgrade process for some users, particularly those with the patch KB5055528 installed, leading to error code 0x80240069. This issue mainly affects IT administrators using Windows Server Update Services (WSUS), while individual users on Windows 11 Home are largely unaffected. Microsoft is investigating the problem and plans to release a fix by the next Patch Tuesday on May 13. Additionally, organizations are advised to explore alternative update management solutions, as WSUS is no longer under active development.

Winsage

April 30, 2025

A mysterious new Windows 11 folder appeared – and now there’s a new exploit

Windows 11 users encountered the "inetpub" folder after the April 2023 update (KB5055523), which is a crucial component for addressing the security vulnerability CVE-2025-21204. Microsoft stated that the folder should not be removed, as it helps manage Windows Update security vulnerabilities by preventing unauthorized control through symbolic links. However, cybersecurity expert Kevin Beaumont revealed that the same patch introduced a new vulnerability that could allow remote exploitation, prompting Microsoft to acknowledge this issue with a "Moderate" status and indicate that a fix is forthcoming. Users are advised to keep their systems updated and not delete the "inetpub" folder. If the folder is deleted, it can be restored by enabling Internet Information Services in the Control Panel.

Winsage

April 30, 2025

Windows 7 took forever to load if you had a solid background. Now we know why

Windows 7, launched in 2009, experienced a boot delay of 30 seconds for users who set a single-color image as their desktop background. This issue stemmed from a programming oversight where the system waited for a confirmation message that never arrived because a single-color background does not qualify as a bitmap. The delay could also occur if the “Hide desktop icons” group policy was enabled, complicating the loading process. Microsoft took several months to identify and fix the problem, releasing an update in November 2009 to resolve the issue.

Tech Optimizer

April 30, 2025

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

A significant vulnerability, designated as CVE-2025-3500, has been identified in Avast Free Antivirus, allowing attackers to gain elevated system privileges and execute malicious code at the kernel level. The vulnerability has a high CVSS score of 8.8 and was publicly disclosed on April 24, 2025, shortly after a patch was implemented. It originates from inadequate validation of user-supplied data in the aswbidsdriver kernel driver, leading to an integer overflow prior to buffer allocation. Attackers must first execute low-privileged code on the target system to exploit this vulnerability. The flaw affects multiple versions of Avast Free Antivirus, specifically versions ranging from 20.1.2397 to 2016.11.1.2262. A fix was released in version 25.3.9983.922, and users are urged to update their software promptly. Security experts recommend enabling automatic updates and using standard user accounts for daily activities to mitigate risks.