hypervisor Archives

Winsage

March 28, 2026

Update Windows 11 will block Denuvo hacking via Hypervisor

Microsoft has confirmed a major kernel security update for Windows 11, revoking trust in older drivers signed through an outdated cross-certification program. The update will ensure that Windows 11 accepts only software that has passed the Windows Hardware Compatibility Program's testing standards. This change aims to counter piracy attempts, particularly against a hacker known as DenuvOwOA, who bypassed Denuvo's anti-piracy protection by manipulating the embedded hypervisor and loading unsigned or vulnerable drivers. The new security policy will block the execution of such code, making existing hacking methods obsolete. The rollout will begin in compatibility assessment mode for Windows 11 and Windows Server & Hosting, with a hard block activated only if no stability issues are detected. Corporate clients can manually add certificates through the Application Control for business tool, while gamers will find it increasingly difficult to run hacked games relying on a modified hypervisor.

TrendTechie

March 12, 2026

Взломанная Crimson Desert появится на торрентах в день релиза

Crimson Desert, developed by Pearl Abyss, will use a minimalist anti-piracy approach by relying on basic tools from the Steam platform and not implementing Denuvo protection. This decision may allow third-party groups to easily bypass these measures upon the game's release. The gaming industry has seen vulnerabilities in anti-piracy systems, as demonstrated by the launch of Resident Evil Requiem, which was pirated within 24 hours using a new method to bypass Denuvo. A free version of Crimson Desert will be available on March 20, but its financial success will depend on factors like game quality and technical optimization, as players often prefer to buy legitimate copies for a better experience.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

February 15, 2026

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

Microsoft has blocked credential autofill functionality in Windows 11 as part of the February 2026 Patch Tuesday updates to address the critical vulnerability CVE-2026-20804, which allows unauthorized access by tampering with Windows Hello authentication. This vulnerability was first identified in August 2025 and allows local administrators to inject biometric data. The restriction was documented in the January 2026 Patch Tuesday release notes. Enhanced Sign-in Security (ESS) operates at a hypervisor virtual trust level but is limited by hardware compatibility issues, particularly affecting AMD-based systems. Post-update, credential dialogs do not respond to virtual keyboard inputs from remote desktop or screen-sharing applications, preventing autofill during remote support sessions. Microsoft has provided a risky workaround that allows applications to operate with elevated administrator privileges, but this reintroduces the vulnerability. Organizations must now choose between disrupted remote support workflows or risking exposure to credential injection attacks, leading to operational challenges for IT teams and help desk staff.

Winsage

December 23, 2025

How to use the new ‘Virtual Workspaces’ settings in Windows 11 to quickly enable (or disable) virtualization features

Microsoft has added a "Virtual Workspaces" page to the Settings app in Windows 11, allowing users to manage virtualization capabilities. The latest cumulative update has refreshed the Settings app for easier navigation. To enable virtualization features, users must open Settings, click on System, select the Advanced page, and then click the Virtual Workspaces setting. Features include Containers, Guarded Host, Virtual Machine Platform, Windows Hypervisor Platform, and Windows Sandbox. Users can also activate Hyper-V features, which include Hyper-V GUI Management Tools, Hyper-V Module for Windows PowerShell, Hyper-V Hypervisor, and Hyper-V Services. To disable virtualization features, users follow the same steps and turn off the feature before restarting the device. Users can also enable or disable features via the "Windows Features" page and PowerShell.

Winsage

December 12, 2025

Legacy Update improves its Microsoft Download Center archive

Legacy Update has enhanced its archive of files previously available on Microsoft's Download Center, consolidating resources from various sources, including the Archive Team's MDC project and the Internet Archive. This update supports a wide range of Windows versions, including Windows 2000, XP, Vista, 7, 8, 8.1, 10, and 11, across all editions and processor types. The archive provides access to older software, such as Office 2003 service packs and XP Mode for Windows 7, as well as tools for running legacy applications. There is a noted transition towards Windows 10 IoT LTSC due to concerns about Windows 11's performance.

Tech Optimizer

November 24, 2025

Ditching Antivirus: Why One Tech Writer’s PC Got Safer Without It

A writer from MakeUseOf uninstalled all third-party antivirus programs from his Windows PC and found that the system performed better and appeared more secure with Microsoft’s built-in Windows Defender. The experiment highlighted Defender's effectiveness, showing fewer false positives, improved performance, and no noticeable decline in protection. Independent tests ranked Defender highly in real-world protection, and it achieved perfect scores in recent AV-TEST evaluations. The removal of third-party antivirus software led to a significant decrease in CPU and RAM usage, with idle consumption dropping from 15-20% to under 5%. Despite 121 million Americans still using third-party tools, there is growing consideration for Defender due to its free and efficient nature. While Defender excels in many areas, experts caution that it may not fully protect against zero-day vulnerabilities, and layered defenses are still recommended. The antivirus market may face disruption as integrated protection becomes more common, and user feedback indicates a preference for free alternatives that match or exceed the performance of paid solutions.

AppWizard

November 10, 2025

Windows 11 ends Android app support: practical workarounds

Microsoft has discontinued the Windows Subsystem for Android and its integration with the Amazon Appstore on Windows 11 due to low demand. Users can no longer use an official Microsoft method to install general Android apps. The primary alternatives are Google Play Games on PC, which focuses on gaming, and third-party emulators like BlueStacks, LDPlayer, and GameLoop for a broader range of applications. To use Google Play Games, users need a PC with at least 8 GB RAM, a modern quad-core processor, hardware-accelerated graphics, SSD storage with 10 GB free, and hardware virtualization enabled. Users must enable virtualization in their UEFI or BIOS settings and activate the Virtual Machine Platform and Windows Hypervisor Platform in Windows. Emulators allow users to run full Android apps on Windows. They can download apps from the Google Play Store within the emulator or sideload APK files. Users should be cautious about security risks when sideloading apps and stick to reputable sources. Performance tuning for emulators involves allocating sufficient resources, resolving virtualization conflicts, and optimizing settings like resolution and frame rate. Users are advised to install on SSDs and minimize background tasks for better performance.

Winsage

November 4, 2025

Russian spies pack custom malware into hidden VMs on Windows

Bitdefender's senior security researcher, Victor Vrabie, reported that the Russian cyber group Curly COMrades is using Microsoft's Hyper-V hypervisor to conduct sophisticated attacks on compromised Windows machines. They create a concealed Alpine Linux-based virtual machine (VM) that bypasses traditional endpoint security, allowing prolonged access for espionage and malware deployment. This VM is lightweight, requiring only 120MB of disk space and 256MB of memory, and hosts a reverse shell called CurlyShell and a reverse proxy named CurlCat. The group's operations have targeted judicial and governmental institutions in Georgia and an energy company in Moldova. Their current campaign, starting in July, involved activating Hyper-V and downloading the VM with custom malware. The VM uses the Default Switch network adaptor, making malicious traffic appear to originate from the legitimate host's IP address. CurlyShell maintains root-level persistence and communicates with a command-and-control server over HTTPS, while CurlCat manages an SSH reverse proxy tunnel disguised as standard HTTP traffic. Additionally, two PowerShell scripts linked to the group enable remote authentication and establish persistent access across domain-joined machines. Vrabie highlighted the evolving tactics of cybercriminals to bypass endpoint detection and response (EDR) systems, emphasizing the need for a multi-layered security strategy.

Winsage

October 15, 2025

Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack

Microsoft's October Patch Tuesday addressed 175 vulnerabilities, including 21 non-Microsoft CVEs. Among these, three vulnerabilities are under active attack: 1. CVE-2025-24990: An elevation of privilege bug in the Agere Modem driver (rated 7.8) that allows attackers to gain administrator privileges on supported Windows versions. The driver has been removed in the update. 2. CVE-2025-59230: An elevation of privilege vulnerability in the Windows Remote Access Connection Manager (rated 7.8) that could grant SYSTEM privileges to attackers. 3. CVE-2025-47827: A Secure Boot bypass flaw (rated 4.6) in the IGEL OS that allows attackers to bypass Secure Boot. Three publicly known vulnerabilities include: 1. CVE-2025-0033: A critical vulnerability affecting AMD EPYC processors with SEV-SNP, requiring a patch that is still in development. 2. CVE-2025-24052: An elevation of privilege vulnerability in the Agere Modem driver (rated 7.8) that is publicly known but not yet exploited. 3. CVE-2025-2884: An out-of-bounds read vulnerability in the TCG TPM2.0 reference implementation's CryptHmacSign function. Additionally, 16 other critical-severity flaws were highlighted, including CVE-2025-59287, a 9.8-rated vulnerability in Windows Server Update Services that allows unauthenticated remote attackers to trigger unsafe object deserialization, leading to remote code execution. Adobe released 12 updates for 36 vulnerabilities, including critical CVEs in Substance 3D Stager, Dimension, Illustrator, and FrameMaker. SAP issued 13 new security notes, with four rated critical, including a fix for an OS command execution flaw in Netweaver. Ivanti provided advisories for vulnerabilities in Endpoint Manager Mobile and Neurons for MDM, which have not yet been exploited.