Microsoft Defender Archives

Tech Optimizer

March 26, 2025

Video: Why didn’t CCI see Microsoft Defender as anti competitive?

The Competition Commission of India (CCI) ruled that Microsoft's integration of its antivirus software, Microsoft Defender, with the Windows operating system does not pose a significant threat to market competition. A complaint claimed that this practice gave Microsoft an unfair advantage and hindered third-party antivirus developers. Microsoft defended its actions as standard industry practice, stating that users can still choose to install alternative antivirus solutions.

Winsage

March 20, 2025

11 nation-state groups exploit unpatched Microsoft zero-day

Since 2017, at least 11 state-sponsored threat groups have exploited a Microsoft zero-day vulnerability in Windows shortcut files for data theft and cyber espionage. Researchers from Trend Micro's Trend Zero Day Initiative have identified nearly 1,000 malicious .lnk files utilizing this flaw, designated as ZDI-CAN-25373, which allows attackers to execute hidden commands on victims' devices. The attacks involve various payloads, including the Lumma infostealer and Remcos remote access Trojan, with North Korean operatives responsible for over 45% of the incidents, while Iran, Russia, and China account for approximately 18% each. Notable advanced persistent threat groups involved include Evil Corp, Kimsuky, Bitter, and Mustang Panda. Microsoft has not yet released a patch for this vulnerability, which is considered unusual, and while Microsoft Defender can detect and block related threats, organizations are advised to remain vigilant and implement protective measures against potential exploitation.

Winsage

March 20, 2025

Flaw in Windows shortcut abused by at least 11 threat groups

Attackers are using Windows shortcut (.lnk) files to execute malicious code, with at least 11 threat actor groups exploiting this method, including the North Korea-linked Evil Corp group, which is responsible for 45% of 1,000 observed incidents. The majority of these attacks (70%) are espionage-related, while 20% focus on stealing financial records. Microsoft has been informed of the issue but does not classify it as a CVE-eligible vulnerability and has not issued a patch, stating that the software functions as designed. Trend Micro is providing YARA rules and indicators of compromise to help detect potential attacks.

Winsage

March 18, 2025

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.

Winsage

March 18, 2025

Microsoft Warns Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Chrome users about a new remote access trojan called StilachiRAT, which can exfiltrate sensitive information such as stored credentials and digital wallet data. StilachiRAT can scan for configuration data across 20 cryptocurrency wallet extensions in Chrome and can extract and decrypt saved usernames and passwords. The malware can also monitor Remote Desktop Protocol (RDP) sessions, capture active window information, and impersonate users to gain unauthorized access to networks. Microsoft recommends that users switch to its Edge browser or other browsers with SmartScreen technology to enhance security. Additionally, users are advised to install software from official sources, utilize Safe Links and Safe Attachments in Office 365, and enable network protection features in Microsoft Defender for Endpoint. Despite this, Chrome remains the dominant browser among Windows users.

Winsage

March 16, 2025

Windows is flagging some monitoring applications as malware, and it’s for good reason

A recent issue has arisen where Microsoft Defender is mistakenly flagging popular hardware monitoring applications from vendors like Razer and SteelSeries as malware. This is due to concerns regarding a driver called HackTool:Win32/Winring0, linked to the WinRing0x64.sys system driver, which is essential for these applications. The developer of the FanControl application acknowledged that the WinRing0x64.sys driver has a known vulnerability, CVE-2020-14979, that has not been addressed. Razer has implemented a patch to eliminate the use of this driver in its Synapse software. Users may need to contact vendors for updates or choose between ignoring Defender's warnings or discontinuing use of the applications.

Tech Optimizer

March 10, 2025

Refunds Headed to Users Who Fell for Fake Antivirus, Computer Repair Scams

Restoro and Reimage will pay over million to settle allegations of misleading consumers into subscribing to their computer repair services. The Federal Trade Commission (FTC) announced it will distribute 6,375 to over 700,000 affected consumers, particularly older adults, who were misled by deceptive pop-up ads claiming their computers had issues. The FTC's investigation revealed that these companies provided false antivirus alerts and recommended expensive repair plans. Payments to eligible consumers will be issued via PayPal on March 13 and 14, with recipients advised to redeem their payments within 30 days. Both companies are now prohibited from misrepresenting security or performance issues and engaging in deceptive telemarketing practices, and their websites have been taken offline.

Winsage

March 10, 2025

Microsoft: Don’t fall for unwanted apps on Windows 10, clean install Windows 11 ASAP

Microsoft has revised its support documentation to highlight the importance of recognizing unsafe applications on Windows 10 and encourages users to upgrade to Windows 11. Applications on a PC can be categorized into three groups: Clean apps (from the Microsoft Store or pre-installed), malware apps (from untrusted sources), and potentially unwanted apps (PUAs) which may not be malicious but can clutter user experience. Microsoft warns that after October 2025, Windows 10 will no longer receive updates, increasing vulnerability to cyber threats. Upgrading to Windows 11 enhances security with features like Smart App Control. To clean install Windows 11, users need the Media Creation Tool to create a bootable USB drive. The process involves downloading the tool, creating the USB, and then installing Windows 11 on the target PC. Users should ensure their PC meets the hardware requirements for Windows 11. After upgrading to Windows 11, users are advised to configure settings to block potentially unwanted applications by enabling options in the Privacy and Security settings. To minimize risks, it is recommended to download apps from the Microsoft Store, keep Windows 11 updated, and use the Microsoft Edge browser with SmartScreen.

Winsage

March 10, 2025

How to Improve Game Data Loading Times in Windows

Most modern games rely on real-time asset loading, making storage choice crucial for optimal gaming. A slow SSD or HDD can lead to long loading times and performance issues. 1. Disabling NTFS Last Access Time can improve loading speeds by reducing disk overhead. This can be done via Command Prompt with the command: fsutil behavior set disablelastaccess 1. 2. Enabling Large System Cache can enhance performance for games with substantial assets, requiring at least 16 GB of RAM and editing the Windows Registry. 3. Disabling antivirus scanning for the game folder can reduce loading times by preventing real-time scans. This can be done through Windows Security settings. 4. Using an exFAT drive can efficiently process large files, which may benefit games with sizable assets. This involves creating a new volume in Disk Management. 5. Disabling Full-Screen Optimizations can reduce input lag and improve performance by changing settings in the game's executable properties. 6. Increasing Shader Cache Size can improve loading times, with Nvidia users advised to set it to 10 GB or Unlimited in the Nvidia Control Panel. 7. Using a third-party cache management program like PrimoCache can enhance loading times by reserving RAM for caching frequently used programs.

Winsage

March 8, 2025

Nearly 1 million Windows devices targeted in advanced “malvertising” spree

A recent cyber campaign targeted nearly 1 million devices across various sectors, using GitHub as the primary platform for hosting malicious payloads, with Discord and Dropbox also involved. The malware exfiltrated sensitive information from infected systems, including critical browser files that store login cookies, passwords, and browsing histories. Compromised files included specific SQLite and JSON files from Mozilla Firefox, Google Chrome, and Microsoft Edge, as well as files stored on Microsoft's OneDrive. The malware also targeted cryptocurrency wallet applications like Ledger Live and Trezor Suite. Microsoft identified that the domains hosting malicious advertisements were linked to unauthorized streaming platforms. Microsoft Defender has been updated to detect the attack-related files, and guidance has been provided for those who may have been affected.