Microsoft releases Archives

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

Winsage

March 26, 2025

0patch releases yet another free fix for yet another 0day vulnerability in Windows that Microsoft has not addressed

0patch has released micropatches for a critical SCF File NTLM hash disclosure vulnerability affecting all Windows versions from Windows 7 to Windows 11 and Windows Server editions from 2008 to 2025. This vulnerability allows attackers to obtain users' NTLM credentials by having them view a malicious file in Windows Explorer. 0patch operates on a subscription model and provides security fixes for unsupported Windows versions, as well as complimentary patches for unaddressed vulnerabilities. Specific details about the vulnerability are currently withheld, pending an official fix from Microsoft.

Winsage

March 19, 2025

6 essential skills every Windows 11 user needs to master

- Windows 11 users can enhance their experience and security by mastering essential skills such as managing updates, securing online presence, and utilizing system settings. - To protect accounts and sensitive information online, users should consider using a password manager, passkeys, and enabling two-factor authentication (2FA) on accounts. - A VPN with end-to-end encryption can enhance online security, and users should familiarize themselves with their web browser's security settings. - Windows 11 updates are released on the first Tuesday of each month, with a major feature update annually; users can prevent auto-restarts and pause updates for up to five weeks. - The Settings app in Windows 11 has replaced much of the Control Panel for managing system settings, and users should explore it thoroughly. - OneDrive is integrated into Windows 11 for backing up, restoring, and sharing files, and users can create encrypted folders and use Files-on-Demand. - Regularly reviewing and uninstalling unnecessary applications can help maintain PC performance, and users can manage default applications and disable startup apps via Task Manager. - Accessing the BIOS/UEFI allows for updates, security adjustments, and hardware configuration changes, typically done by pressing keys like Esc, F2, or F8 during boot.

Tech Optimizer

March 2, 2025

5 things you may already be doing that compromise your Windows security

Many individuals compromise their computer security through everyday habits, which cybercriminals exploit, leading to data theft and unauthorized access. Common missteps include: 1. Downloading software from untrusted sources, which can harbor malware. To mitigate this risk, always download from official websites and consider using a sandbox for testing. 2. Using weak or reused passwords, making accounts vulnerable if one site is breached. To enhance security, use a password manager, enable multi-factor authentication, and create unique, complex passwords. 3. Clicking on phishing emails and links, which can lead to credential theft. To defend against phishing, scrutinize emails and links, and visit official websites directly for verification. 4. Disabling or ignoring antivirus and firewall protection, which exposes PCs to risks. Ensure these protections remain active and trustworthy before bypassing any warnings. 5. Ignoring software and OS security updates, which are crucial for addressing vulnerabilities. Regularly installing updates helps maintain security, as neglecting them can leave systems exposed.

Winsage

February 7, 2025

Windows 11 OOBE updates adjusted after widespread criticism

Starting in mid-2025, Microsoft will allow organizations to manage how fresh installations of Windows 11 handle cumulative updates from the outset, responding to system administrators' concerns about previous control limitations. This new policy will be available for devices running Windows 11 version 22H2 or newer during the Out-of-the-Box Experience (OOBE). Initially, Microsoft planned to require the installation of the latest updates upon first boot, but this raised concerns about potential issues with fixes and critical features. The new configuration can be enabled through Windows Autopilot, synchronizing existing quality update settings. This change applies only to cumulative or quality updates, not optional monthly updates. Organizations without Autopilot can disable quality updates during OOBE via Group Policy. The update process typically takes around 20 minutes, depending on various factors.

Winsage

December 12, 2024

Microsoft releases KB5048667 update, removing another Windows 11 24H2 block and introducing a questionable change

Microsoft has updated Windows 11 to version 24H2 with the KB5048667 update, removing a compatibility block for USB scanners using the eSCL scan protocol. This change allows affected systems to install the update more smoothly. The update also modifies the date format on the taskbar, includes critical security fixes, and introduces several new features such as: - Rebranding of "Tailored Experiences" to "Personalized offers." - A shortened date and time format in the system tray, with an option to revert to the traditional format. - Access to jump lists for pinned apps in the Start menu. - Customizable touchscreen edge gestures. - Hiding of the IME toolbar in full-screen mode for Chinese or Japanese typing. - Sharing content directly to Android devices from File Explorer. - New placeholder messages in Dynamic Lighting Settings when no compatible device is connected. - Enhancements to speech-to-text and text-to-speech functionalities. - New functions in Narrator scan mode for improved accessibility. The update can be accessed via Windows Update or downloaded from the Microsoft Update Catalog.

Winsage

December 8, 2024

Microsoft releases final Windows Server 2025 preview build in 2024

Microsoft has released Windows Server 2025 build 26334 for Windows Insiders, marking the final update for the year, with the next expected in January 2024. This build includes Desktop Experience and Server Core installation options for Datacenter and Standard editions, as well as the Annual Channel for Container Host and Azure Edition for virtual machine evaluation. The branding remains Windows Server 2025 in this preview, and issues reported should reference Windows Server vNext preview. Users enrolled in Server Flighting will receive this build automatically. New features include Windows Defender Application Control for Business (WDAC), which enforces a list of permitted software to minimize the attack surface, and improved accessibility for Windows Admin Center (WAC), allowing installation directly from the Windows Server Desktop for Datacenter or Standard preview users. There are known issues, including a labeling error that may reference Windows 11, which Microsoft plans to fix in a future release. Windows Server build 26334 is valid until September 15, 2025, with specific installation keys provided for Server Standard and Datacenter editions, while no key is required for Azure Edition.

Winsage

December 7, 2024

Windows 11 24H2 enters ‘a new stage of availability’ as Microsoft releases the update to more people

Windows 11 24H2, also known as the Windows 11 2024 Update, has officially entered a new stage of availability, expanding its reach to a broader audience. Microsoft is gradually rolling out the update, making it accessible to more users without requiring manual installation. The update is available for a wider range of eligible devices running versions 22H2 and 23H2. Users can check for the update by going to Settings > Windows Update and selecting Check for updates. New features for Copilot+ PC devices will soon be available to the Windows Insider community, with a phased rollout planned. Availability may vary depending on different silicon platforms.

Winsage

December 6, 2024

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A newly discovered zero-day vulnerability allows attackers to capture NTLM credentials from Windows users by simply viewing a malicious file in File Explorer. This flaw affects multiple Windows versions, including Windows 7, Server 2008 R2, and Windows 11 24H2, and has been reported to Microsoft, but no official fix has been issued. The exploit triggers an outbound NTLM connection to a remote share, leading to the automatic transmission of NTLM hashes associated with the logged-in user, which can be intercepted and cracked for unauthorized access. 0patch has previously reported two other unresolved vulnerabilities to Microsoft and will offer a micropatch for this issue free of charge until an official fix is provided. Users can also disable NTLM authentication as an alternative solution.