Improved Security Archives

Winsage

April 2, 2025

Windows 11 Gets Quick Machine Recovery to Fix Boot Failures via the Internet

Microsoft has introduced Quick Machine Recovery (QMR) as part of its Windows Resiliency Initiative to improve the security and reliability of Windows 11 following a global incident with a faulty update. QMR addresses boot failures by allowing users to access the recovery environment, connect to the internet for automatic troubleshooting, and receive targeted fixes via Windows Update. Currently, it is being tested in the Windows 11 24H2 Insider Preview Build 26120.3653 and will be enabled by default for Home edition users. Users can access QMR by entering the recovery environment, selecting Troubleshoot, and then Advanced options. Additionally, an internet-based recovery option in Windows Settings can repair system components while preserving user data.

Winsage

March 25, 2025

The six-step countdown to Windows 10 end of life

The end of Windows 10 support is approaching, prompting IT decision-makers to consider transitioning to Windows 11. This transition allows organizations to modernize hardware, rethink client infrastructure, and adopt advanced management technologies. Continuing to use Windows 10 can lead to high maintenance costs and potential performance issues with M365/Office applications after October 14, 2025. Upgrading to AI-capable PCs can enhance operational efficiencies, while unsupported systems expose organizations to cyber threats and compliance risks. Windows 11 Pro offers improved security features, and upgrading aligns with sustainability goals through practices like Asset Recovery Services. A well-planned transition strategy is essential to avoid rushed decisions and ensure compatibility and training. Delaying the upgrade poses risks, including financial burdens from extended security update fees.

Winsage

March 24, 2025

Critical Vulnerability in Microsoft Windows Exposed: State-Sponsored Hackers Exploit Link Files for Espionage

A vulnerability in Microsoft Windows' handling of link files (.lnk) has been exploited by state-sponsored hackers from North Korea, Russia, Iran, and China for espionage and data theft. This flaw allows malicious payloads to be embedded in seemingly harmless links, enabling remote execution of arbitrary code and unauthorized access to compromised systems. Nearly 1,000 malicious .lnk files have been identified, with around 70% of attacks focused on espionage and information theft, particularly targeting government and financial institutions. The malicious commands are difficult to detect, complicating protection efforts for organizations. ZDI recommends increased awareness and the use of endpoint and network protection tools to mitigate the threat.

Winsage

March 18, 2025

Microsoft is supercharging Windows 11’s voice commands on Copilot+ PCs with Snapdragon CPUs, and fine-tuning a few Recall features

Windows 11 is enhancing its voice command capabilities for Copilot+ PCs with Snapdragon (Arm-based) processors through the latest preview build, 26120.3576. Users can now issue commands in natural language, such as “Please open the Chrome browser,” instead of using rigid phrasing. This feature is being rolled out to testers, and Microsoft is also expanding Voice Access support to include simplified and traditional Chinese. Adjustments have been made to the Recall feature to fix bugs and process ‘intelligent text actions’ locally for improved security and efficiency. The natural language processing in voice commands aims to enhance user experience and accessibility. Currently, these advancements are limited to Snapdragon (Arm-based) Copilot+ PCs, with no specific details on future expansions to Intel or AMD processors. The testing phase does not guarantee all features will be included in the final release.

Winsage

March 5, 2025

There’s another reason to upgrade to Windows 11 Pro

Microsoft is retiring Windows 10, prompting users to upgrade to Windows 11 Pro, which is currently available for .97, a limited-time offer expected to end on March 30 at 11:59 p.m. PT. Windows 11 Pro features enhanced multitasking capabilities, improved security with TPM 2.0 and BitLocker, and an AI-powered Copilot for assistance with various tasks.

Winsage

March 3, 2025

Microsoft Edge tests AI History Search, better security on Windows 11

Microsoft Edge is introducing new AI-driven features, including an experimental Web Push API for improved notification management in Windows 11 and enhanced security measures for downloads and clipboard activities. An AI History search feature is being developed, allowing users to receive AI recommendations from web passages during history searches, which can be activated by typing @history in the address bar. This feature may require a Microsoft account and will only apply to websites visited after activation. Additionally, Edge is optimizing memory usage with sleeping tabs and has identified new security features, including msProvenanceValidatorToggleOnByDefault for verifying downloaded file sources and msProtectedClipboard for protecting clipboard contents. The term msEdgeMetaOSOlympus has been mentioned, potentially indicating a redesign or new Windows release, though details remain unclear.

Winsage

February 18, 2025

Windows Mobile Pos Terminal Market Size by Application, Type, Geographic Scope, and Forecast 2025-2032

The global Windows Mobile POS Terminal market is expected to grow significantly from 2025 to 2032, driven by the rise of mobile payment systems, digital transactions, and technological advancements. Key factors include the demand for flexible payment options in retail and hospitality, the increase in e-commerce and contactless payments, and ongoing innovations in security and software. Challenges such as high initial costs, regulatory complexities, supply chain disruptions, and market saturation in developed regions may hinder growth. Emerging trends include the integration of AI, automation, and IoT, a focus on sustainability, and a demand for personalized offerings. The competitive landscape features intense rivalry among key players, with a focus on product innovation and regional expansion, particularly in North America, Europe, and the rapidly growing Asia-Pacific region. Emerging markets in Latin America and the Middle East & Africa show potential for growth, despite facing economic and regulatory challenges.

Tech Optimizer

February 15, 2025

Simplify database authentication management with the Amazon Aurora PostgreSQL pg_ad_mapping extension

Authentication is essential for security in enterprise environments, protecting sensitive data and resources from unauthorized access. Kerberos authentication is utilized for Amazon Aurora PostgreSQL-Compatible Edition with AWS Directory Service for Microsoft Active Directory, particularly through the pg_ad_mapping extension, which enhances access control management. Aurora PostgreSQL supports multiple authentication methods, including password authentication, AWS Identity and Access Management (IAM) database authentication, and Kerberos authentication. By default, password authentication is enabled, while IAM and Kerberos can be used independently. Users are assigned specific roles based on the authentication method: rds_iam for IAM, rds_ad for Kerberos, and no specific roles for password authentication. Kerberos authentication integrates with Microsoft Active Directory, allowing centralized authentication and single sign-on (SSO) capabilities. With versions 14.10 and 15.5, Aurora PostgreSQL introduced the pg_ad_mapping extension, which allows administrators to manage access through Active Directory (AD) security groups instead of provisioning individual users. This extension checks AD group memberships upon user login and assigns corresponding database roles, prioritizing roles based on assigned weights. The pg_ad_mapping extension includes functions such as pgadmap_set_mapping to add mappings between AD security groups and database roles, pgadmap_read_mapping to list existing mappings, and pgadmap_reset_mapping to delete or reset mappings. To deploy the solution, a CloudFormation stack is used to create necessary resources, including an AWS Managed Microsoft AD server, an Aurora PostgreSQL database cluster, and a Windows EC2 instance. Users can be added to AD groups, and roles can be mapped to facilitate access management. Security best practices for Aurora PostgreSQL include using IAM policies for resource management, implementing security groups for database access control, utilizing encryption for data protection, and employing Transport Layer Security (TLS) for secure connections. For auditing, the pg_stat_gssapi view can be used to identify authenticated users, and enabling the log_connections parameter will log session establishments, including AD user identities.

Winsage

February 14, 2025

REF7707 Hackers Attacking Windows & Linux Machines Using FINALDRAFT Malware

A hacking campaign named “REF7707” has been targeting Windows and Linux systems with malware families including FINALDRAFT, GUIDLOADER, and PATHLOADER. It originated in late November 2024, when Elastic Security Labs detected alerts from the Foreign Ministry of a South American nation. The attackers used Microsoft’s certutil application to download files and had valid network credentials for lateral movement. FINALDRAFT, a key component of the campaign, exploits the Windows-signed debugger CDB.exe and uses a Scheduled Task for persistence. It employs Microsoft’s Graph API for command and control, utilizing cloud services and domains like support.vmphere[.]com and update.hobiter[.]com. The campaign highlights the need for improved security measures across different operating systems.

Winsage

December 6, 2024

How to manage the passwordless sign feature on Windows 11

Windows 11 allows users to opt for a passwordless authentication experience using the Windows Hello feature, which includes biometric options like facial recognition, fingerprints, or a PIN. Users can enable passwordless sign-in through the Settings app by toggling the relevant option under Accounts > Sign-in options, or by modifying the Registry Editor by changing the DevicePasswordLessBuildVersion key from 0 to 2. This process disables the use of a password for local Windows accounts but does not remove the password from the Microsoft account. A system restart may be required to apply changes.