kernel Archives

Winsage

June 17, 2026

NVIDIA’s RTX Spark launch is huge, but Qualcomm and Microsoft built the Windows ARM foundation

Qualcomm announced the Snapdragon X Elite in 2023, an ARM-based processor that outperformed traditional x86 processors. The Snapdragon X Series featured a custom Oryon core design and was optimized for Windows through collaboration with Microsoft, including the introduction of the Prism emulation layer, which allows x86/x64 applications to run on ARM. Many applications, such as Adobe Illustrator and Discord, now run natively on ARM, showing significant performance improvements. By 2026, NVIDIA unveiled the RTX Spark, an ARM-powered system on a chip, developed with MediaTek, featuring an ARM Cortex CPU and a Blackwell RTX GPU. NVIDIA also announced improvements to Windows for better workload scheduling and support for kernel-level anti-cheat software on Windows ARM.

Winsage

June 17, 2026

Windows SprySOCKS Malware: Advanced Kernel-Level Rootkit Targets Government Organizations via Supply Chain Vulnerabilities

The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.

Winsage

June 16, 2026

A Brief History Of Unix Commands On Windows: CoreUtils (Again)

The interaction between Unix/Linux and Windows has historically been marked by significant differences in their architectures and philosophies. Unix uses a fork() function for process management, while Windows employs CreateProcess(), complicating the implementation of Unix-like tools on Windows. Early solutions to bridge this gap included the MKS Toolkit, which provided Unix-like commands for Windows, and UWIN from AT&T Bell Labs, which aimed to create a Unix interface layer on Windows. Cygwin offered a compatibility DLL to run Unix software on Windows, but required rebuilding from source. Microsoft's initiatives included POSIX, Interix, and later Services for UNIX. The introduction of the Windows Subsystem for Linux (WSL) allowed users to run a Linux userland directly on Windows, with WSL 2 incorporating a real Linux kernel. Recently, Microsoft released Coreutils for Windows, providing native builds of Unix-style tools to enhance cross-platform consistency.

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 15, 2026

Linux 7.2 To Better Communicate File-System Casefolding For Helping Windows NFS & More

The Linux 7.2 kernel has introduced enhancements for reporting case-folding behavior in local file systems, allowing file servers to accurately convey their case sensitivity capabilities. Linus Torvalds merged Virtual File System (VFS) related pull requests that enable local file systems to report case-folding behavior, benefiting services like NFSD and KSMBD, particularly for Microsoft Windows NFS clients. Filesystems can now report case-insensitive and case-nonpreserving behavior through new filekattr flags in their fileattrget implementations. Supported filesystems include FAT, exFAT, NTFS3, HFS, HFS+, XFS, CIFS, NFS, VBoxSF, and ISOFS, with others defaulting to POSIX behavior. NFSd uses this information to report case folding via NFSv3 PATHCONF and implement NFSv4 attributes for case insensitivity and case preservation. The enhancements aim to improve interoperability, allowing Windows NFS clients to function correctly by reporting case-insensitivity, which streamlines operations and avoids unnecessary requests. The Linux NFS client has previously supported case-insensitive shares, requiring adjustments to caching behavior. Accurate case folding reporting is crucial for servers operating in multi-protocol environments to maintain interoperability.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 11, 2026

ReactOS Runs Half-Life Natively: Open-Source Windows NT Clone Clears 3D Graphics Bar

ReactOS has successfully executed Valve's original Half-Life on consumer hardware, marking a significant milestone in open-source software development. This achievement was announced on June 10, 2026, after three decades of effort to reimplement Microsoft Windows. The game was run on a Dell OptiPlex desktop with an Intel Core i5 2400 processor and an NVIDIA GeForce 8400GS graphics card, demonstrating ReactOS's capability to handle real-time 3D applications without compatibility shims. ReactOS operates independently from Microsoft, sharing no code, and can execute a real-time 3D graphics workload natively. It has achieved approximately 90 percent GPU driver compatibility for Windows XP and Server 2003-era hardware through the implementation of the Kernel-Mode Driver Framework and Windows Display Driver Model subsystems. ReactOS is still in alpha stage, with limitations in application support and driver gaps for modern hardware. The project is working towards a new release, version 0.4.16, to enhance user experience.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 11, 2026

Windows 11 Sucks Slightly Less Now, Thanks To A June Update

The June update for Windows 11, identified as KB5094126 (OS Builds 26200.8655 and 26100.8655), introduces significant enhancements and numerous bug fixes and security patches. A key feature is a low-latency profile that improves responsiveness of core system elements like the Start Menu and Search by allowing the CPU to quickly reach maximum clock speed upon user interaction. This update also refines the Start Menu, improves app launch speeds, and addresses longstanding issues such as faster downloads from the Windows Store and optimized Windows Search results. New features include multi-app camera support, Shared Audio functionality for streaming to multiple Bluetooth devices, and the ability to personalize user folder names during installation. Additionally, the update resolves 206 security vulnerabilities, including a critical kernel-level remote code execution vulnerability (CVE-2026-45657) with a threat score of 9.8.

AppWizard

June 10, 2026

If a decade-old Nintendo Switch can run PC games, your next handheld doesn’t need to be x86

Arm chips have traditionally excelled in Android gaming and emulation, while x86 architecture has dominated serious PC gaming. A modder successfully ran Steam on the original Nintendo Switch, which features an Nvidia Tegra chip, due to the introduction of Arm support in Proton 11's beta version. This achievement indicates that PC gaming on handheld devices may not be limited to x86 architecture. However, running Steam on the Switch requires complex workarounds, resulting in low frame rates and various limitations. The process involved using Box64 and community-developed projects to facilitate the installation, as the Switch's outdated kernel posed challenges. Despite the limitations, the ability to run x86 games on an Arm chip suggests that hardware constraints, rather than translation feasibility, are the main obstacles. Modern Arm chips have shown the capability to run PC games, with driver issues being a significant challenge for non-gaming devices. Valve is developing the Steam Frame, a VR headset powered by Snapdragon 8 Gen 3, which runs SteamOS natively on Arm and utilizes FEX for x86 game compatibility. Early benchmarks indicate promising performance on Arm devices, suggesting a potential shift in the handheld gaming landscape. While x86 remains the safer choice currently, the barriers for Arm-based handhelds are gradually diminishing, indicating a future with more options beyond x86 architecture.