indicator Archives

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

Winsage

May 10, 2026

Microsoft Confirms KB5083769 Breaks Macrium and Acronis Backups

Microsoft's April 2026 Windows security update, KB5083769, may disrupt image-mount operations for backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup due to the addition of the psmounterex.sys kernel driver to its Vulnerable Driver Blocklist. This action was taken to address a high-severity buffer overflow vulnerability, CVE-2023-43896. The inclusion of this driver in the blocklist has rendered several backup products inoperable, and Microsoft will not retract the block for security reasons. Administrators can use Event ID 3077 in the Code Integrity log to confirm that the blocklist is causing the failures. Microsoft advises updating backup applications to versions that include necessary driver protections instead of uninstalling or pausing the security patch. Additionally, the April updates have caused other issues, such as failures in Windows Server installations and devices booting into BitLocker recovery mode.

Winsage

May 7, 2026

Windows 11 pulls back AI as Microsoft plans to remove Copilot where it doesn’t meet its promise

Microsoft is shifting its approach to AI features, particularly with the Copilot tool. Xbox CEO Asha Sharma announced plans to retire Copilot on mobile and halt its development on consoles, a move supported by Jacob Andreou, the Executive Vice President of Copilot. This decision aligns with Microsoft's commitment to improving Windows quality and reducing AI overload, as indicated by the removal of the "Ask Copilot" button and the rebranding of the Copilot logo in applications. Despite challenges faced by Windows 11, including bugs and performance issues, Copilot has seen success in the enterprise sector, with over 20 million subscribers. The launch of Apple's MacBook Neo has further pressured Microsoft to enhance Windows quality. Moving forward, Copilot is being repositioned as an enterprise tool rather than a consumer-facing product, while Microsoft continues to develop AI capabilities for corporate use.

Winsage

May 5, 2026

Windows 11 restarts several times after a recent update? Don’t panic

After the installation of the optional April 2026 update, users may experience multiple restarts of their PCs, which is normal due to the Secure Boot certificate refresh process. This behavior may also occur with future updates as Microsoft implements Secure Boot certificate refreshes. Windows updates typically require a single reboot, but significant feature updates or firmware and driver updates may necessitate two or three reboots. Many Windows devices manufactured before 2024 have outdated Secure Boot certificates that need updating, as these certificates will expire in June 2026. Microsoft began rolling out updated Secure Boot certificates in March, but this rollout is staggered. Users can check their PC's Secure Boot certificate status in Windows Security under "Device security." The status is indicated by colored icons: green (up to date), yellow (update pending), and red (action required). Older devices may face issues with the certificate refresh if they lack up-to-date firmware or compatible BIOS updates. If Windows reports an error, the device manufacturer is typically responsible for resolving it. Users should verify that Secure Boot certificates were installed correctly after updates to ensure continued secure booting beyond June.

AppWizard

May 1, 2026

April Xbox Update: Customize Your Console, Manually Add Your Favorite Games on PC, and More.

Users can now customize console colors by adjusting sliders for a unique hue, which will accentuate elements of the console interface. Quick Resume has been enhanced to allow disabling on a per-game basis. The Play History feature has been revamped with a new tab for easier access. A User Selected Resolution feature lets players choose streaming resolution, while a Network Quality Indicator provides real-time network health insights. PC gamers can manually add any installed game or app to their Xbox library. Users can pin up to three favorite games for quick access. A Gamepad Cursor feature allows navigation in non-controller apps. Xbox notifications can be repositioned on the Game Bar. The Xbox mobile app now includes wishlist alerts for game changes. Recent updates for the ROG Xbox Ally improve external display experiences. Microsoft Rewards is hosting a Total Prize Drop event with prizes up to ,000,000. The Handheld Compatibility Program has expanded, adding titles like Hades II as handheld optimized. Xbox Cloud Gaming now includes over 1,000 games for streaming.

AppWizard

April 28, 2026

10,000 Users Exposed As Fake Document Reader App Delivers Anatsa Banking Trojan

Security researchers from ThreatLabz discovered a malicious document reader app on the Google Play Store that delivered the Anatsa Android banking trojan. The app, which had over 10,000 downloads before its removal, disguised itself as a legitimate file management tool using the package name com.groundstation.informationcontrol.filestationbrowsefilesreaddocs. It employed a "dropper" technique to hide its malicious code, connecting to an external server to retrieve the malware payload after installation. Anatsa is designed to steal financial information by overlaying a fake login screen over legitimate banking apps, capturing user credentials and enabling unauthorized transactions. Users are advised to delete the app and monitor their financial accounts. Technical indicators for identifying infections include the Anatsa Installer SHA256 (5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20), Payload URL (http://23.251.108[.]10:8080/privacy.txt), Payload SHA256 Hash (88fd72ac0cdab37c74ce14901c5daf214bd54f64e0e68093526a0076df4e042f), and Command and Control servers (http://172.86.91[.]94/api/ and http://193.24.123[.]18:85/api/).

AppWizard

April 23, 2026

The best Dota 2 options and settings

In Dota 2, optimal settings are crucial for enhancing gameplay and performance. Key settings to prioritize include: - Hotkeys: - Quickcast Abilities for instant ability use. - Direct Key Bindings for customized control over abilities. - Unit Orders: - Auto Attack set to 'Standard' for automatic targeting. - Right-Click Allies to enable attacking friendly units. - Channels for managing teleport or channeled abilities. - Double-Tap to Self Cast for automatic self-use of abilities. - Disable Auto Attack When Stop is Held to prevent unintended movements. - Minimap: - Icons set to 'Hero with Arrow' for visibility. - Adjusted map position to reduce misclicks. - Use Extra Large Minimap for better visibility. - Minimap Hero Size between 100% and 130%. - Increased Minimap Misclick Protection Time. - Camera: - Center Camera on Hero on Respawn can be disabled. - Disable Camera Zoom to avoid accidental zooming. - Enable Screen Shake can be turned off if distracting. - Interface: - Show Ability Rangefinder While Casting for strategic planning. - Holding Alt Shows Neutral Spawnboxes and Tower Attack Range for quick checks. - Healthbars: - Visualize Damage/Healing can be turned off if distracting. - Display Names Over Healthbar switched to 'Hero Names' for easier tracking. - Miscellaneous: - Strict Solo Role Queue Matchmaking for solo players. - Network Quality set to Low for smoother gameplay. - Enable Console for expanded control. To set Dota 2 Launch Options, right-click the game in Steam, select 'properties,' and enter options in the text field. Recommended launch options include: - -autoconfig: Resets graphics settings. - -console: Enables console functionality. - -fullscreen: Forces fullscreen mode. - -high: Assigns high CPU priority. - -map dota: Loads the map in the background. - -noborder: Runs in borderless windowed mode. - -noprewarm: Disables resource loading at startup. - -novid: Skips the introductory video. - -safe_mode: Restores default rendering settings. - -useforcedmparms -noforcemaccel -noforcemspd: Adheres to Windows mouse settings. - -windowed: Runs in windowed mode. Players are encouraged to explore and experiment with these settings to optimize their individual playstyle.

Winsage

April 19, 2026

Zorin OS 18.1 adds guided migrations, stronger app compatibility and wider hardware support, making switching from Windows far more practical for millions [clone]

Zorin OS has released version 18.1, enhancing hardware compatibility and introducing fingerprint reader support for older devices. The update recommends native Linux alternatives when detecting Windows applications, making it easier for users transitioning from Windows. Since the end of support for Windows 10, Zorin OS has gained popularity, reaching 3.3 million downloads. The update supports over 240 Windows applications, suggesting compatible Linux versions, and includes improvements to desktop features and pre-installed applications. Zorin Lite has also been updated to version 17.3 with fingerprint reader support and a redesigned File Manager. Meanwhile, Windows 11 is facing challenges in adoption due to hardware requirements and design issues, prompting discussions about the potential need for Windows 12. Alternative operating systems like Zorin OS are becoming more appealing to users dissatisfied with Windows.

Winsage

April 16, 2026

Microsoft’s latest Windows update now confirms if your PC is Secure Boot-protected

Microsoft has introduced a new feature in Windows 11 and Windows 10 that informs users about the status of Secure Boot as part of the April Patch Tuesday update. This feature includes a visual indicator that shows whether devices have the latest Secure Boot certificates, which protect against bootkit malware. The Secure Boot icon can display in green, yellow, or red, indicating different security statuses: green means secure with no actions needed, yellow indicates a pending safety recommendation, and red signals that immediate attention is required. Users can check their Secure Boot status through Settings in both operating systems. It is important to install the latest Windows updates to ensure devices have the most recent Secure Boot certificates, as older certificates will expire in June. The April updates also address 164 vulnerabilities, including eight classified as critical and two identified as zero-day flaws. Users are advised to prioritize these updates to maintain system security.