Microsoft Windows users Archives

Winsage

February 23, 2025

Microsoft Update Fails—How To Stop New Install Breaking Windows

A recent update for Microsoft Windows, specifically Windows 11 KB5051987, has caused issues for users, including installation failures and problems with File Explorer becoming unresponsive when accessing folders like Desktop, Documents, or Pictures. Users can see File Explorer in Task Manager, but it remains largely nonfunctional. Other issues include an inoperable sidebar. The recommended solution is to uninstall the update via the Windows Update section in Settings. Users should locate the update, click 'Uninstall', and reboot the system. After uninstalling, they will revert to the January 2025 Update. If problems persist upon reinstalling KB5051987, users are advised to pause updates for a few weeks. This update is mandatory and installs automatically, making it necessary for users to manually uninstall it if they encounter issues. Microsoft is expected to address these problems in an optional update scheduled for February 2025.

Winsage

February 23, 2025

Microsoft Windows Warning—Do Not Install This Critical Update

A significant alert has been issued regarding a new browser update threat targeting Microsoft Windows users, as reported by Palo Alto Networks’ Unit 42. Attackers are injecting malicious JavaScript into legitimate websites, misleading users into believing they need to update their browsers. These deceptive messages often use realistic branding and create urgency, prompting users to download and execute scripts that enable malware to retrieve the NetSupport RAT code. This malware allows for remote device control, data exfiltration, and modification of the Windows Registry, complicating its removal. On February 18, 2025, the NetSupport RAT delivered StealC, a credential-stealing malware designed to capture sensitive login information. The SmartApeSG campaign highlights the risks of social engineering and fileless attack techniques, exploiting trusted software update mechanisms. Recommended mitigation strategies include blocking domains linked to SmartApeSG, deploying signatures to detect malicious JavaScript, monitoring anomalous process relationships, restricting PowerShell execution policies, and educating employees about fake update prompts. Users are advised to follow conventional methods for browser updates, check for updates through their browsers, and ensure automatic updates are enabled.

Winsage

February 19, 2025

Hidden Microsoft Windows Threat Attacks When Your PC Restarts

A significant alert has been issued for Microsoft Windows users regarding the Snake Keylogger, an advanced keylogger capable of extracting sensitive information from web browsers like Chrome, Edge, and Firefox. It logs keystrokes, captures credentials, and monitors clipboard activity. The malware has already infiltrated millions of PCs and activates upon system restart, disguising itself among benign Windows processes. Fortinet reports that the Snake Keylogger has been circulating since 2020, infiltrating systems through malicious Office documents or PDFs attached to emails. If opened with macros enabled or using vulnerable software, the malware executes. It employs AutoIt scripting to obfuscate its operations and sets its attributes to hidden to complicate detection. The keylogger places a file in the Windows Startup folder to ensure it launches automatically with each restart, maintaining access to the compromised system. Once installed, it checks its environment to capture specific security credentials through keystrokes, clipboard data, or browser autofill information, transmitting this data to its handlers. Fortinet has observed the Snake Keylogger in various countries, including China, Turkey, Indonesia, Taiwan, and Spain. Users are advised to keep security software updated and exercise caution with email attachments from untrusted sources.

Tech Optimizer

February 3, 2025

Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files

FortiGuard Labs has raised an alarm about the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users, particularly in Brazil. Researchers discovered malicious LNK files that use PowerShell commands to execute scripts and connect to remote servers, initiating a multi-stage attack aimed at extracting sensitive information from over 70 financial applications and more than 1,000 websites. The attack begins with an LNK file that triggers a PowerShell command to download and execute additional malicious scripts. The malware employs loaders, shellcode, and Windows registry modifications, with a DLL file named “bmwiMcDec” injecting payloads into processes. It gathers system information and transmits it to remote servers, while the main payload enables keylogging, screenshot capture, phishing overlays, and window manipulation. The Coyote Trojan communicates with command-and-control servers via port 443 and adapts its actions based on server directives. Fortinet's security solutions, including FortiGuard Antivirus and Web Filtering Service, can detect and block threats associated with this malware. Users are advised to keep security systems updated and engage in cybersecurity training.

Winsage

November 13, 2024

Windows Users Must Update Now As Microsoft Confirms 4 New Zero-Days

Microsoft has reported over 90 security vulnerabilities, including four zero-day vulnerabilities, two of which are actively exploited. The November 2024 Patch Tuesday updates include CVE 2024-43451, a spoofing vulnerability related to NT LAN Manager hash disclosure requiring user interaction, and CVE 2024-49039, a Windows Task Scheduler elevation of privilege vulnerability that allows an attacker to elevate privileges after gaining access to the system. Two vulnerabilities, CVE-2024-43498 and CVE-2024-43639, have an impact severity score of 9.8, allowing unauthenticated remote attackers to exploit .NET web applications and target Windows Kerberos, respectively. Microsoft advises users to prioritize updates for various platforms, including Windows OS and Exchange Server, to mitigate these risks.

Winsage

November 7, 2024

New Winos4.0 Malware Targeting Windows via Fake Gaming Apps

Cybersecurity researchers at Fortinet’s FortiGuard Labs have identified a malware campaign named Winos4.0 that disguises itself as benign gaming applications targeting Microsoft Windows users. This malware framework is similar to threats like Cobalt Strike and Sliver. Users who download these applications inadvertently install Trojan horses that deploy the Winos4.0 framework, which has been found in various gaming-related tools. The malware appears to focus on the education sector, as indicated by its file description “校园政务” (Campus Administration). Winos4.0 is a re-engineered version of the Gh0stRat remote access trojan and consists of modular components for specific tasks. The attack begins with the retrieval of a BMP file from a remote server, leading to the extraction of a DLL file named “you.dll.” This file downloads additional files, including the main malicious file “libcef.dll,” which injects shellcode to establish a connection with a command and control (C2) server. The malware executes various tasks, such as monitoring system information and maintaining a connection to the C2 server. To protect against such threats, users are advised to download applications only from reputable sources, avoid third-party app stores, and scan new files before execution. Regular device scans are recommended, especially after downloading new content.

Winsage

October 6, 2024

Microsoft Update Warning—50 Million Windows Users Now At Risk

Microsoft Windows users are facing an impending end to security updates, particularly affecting approximately 900 million Windows 10 users, who have a one-year grace period before support concludes. In contrast, 50 million users on older versions like Windows XP, Vista, 7, and 8.1 have already lost support. Unsupported versions will continue to function but will not receive technical or security updates. Microsoft recommends upgrading to Windows 11, emphasizing its advantages, but many older PCs do not meet the hardware requirements for this upgrade. The situation is urgent, especially for users on outdated systems, as remaining unsupported poses significant security risks. The deadline for Windows 10 support is set for October 2025, and Microsoft has not indicated plans to relax hardware requirements for Windows 11.

Winsage

October 4, 2024

Microsoft Windows ‘Critical Vulnerability’ Warning—You Have 72 Hours To Update Your PC

Microsoft Windows users face a critical vulnerability identified as CVE-2024-43461, which emerged in the September security update and has been added to the U.S. government's Known Exploited Vulnerabilities catalog. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that Windows users apply necessary mitigations by October 7, particularly for federal employees, but many organizations are expected to follow suit. This vulnerability allows attackers to spoof web pages and was exploited alongside CVE-2024-38112, which involves using outdated Internet Explorer to redirect users to malicious URLs. Trend Micro's Zero Day Initiative has indicated that the latest CVE allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. Patching CVE-2024-38112 also addresses CVE-2024-43461, but many users remain on outdated versions of Windows, putting them at significant risk.

Winsage

September 2, 2024

Microsoft Reveals Bad News For 70% Of Windows Users—Upgrade Warning Gets Worse

Microsoft Windows 10 will reach its end of life in October 2025, prompting users to consider upgrading to Windows 11. Many users are hesitant to upgrade due to hardware compatibility issues, and Microsoft has closed off a workaround that allowed bypassing hardware checks for installation. Approximately 70% of users may face challenges as the deadline approaches. Microsoft is also focusing on AI initiatives, including the introduction of "Copilot+ PCs," which are expected to increase in availability and contribute to recurring AI subscription revenues. The re-emergence of the Recall feature raises privacy concerns while offering potential benefits, and Windows 11 includes new capabilities for indexing video and audio files. The transition to Windows 11 and the evolution of AI offerings will be crucial for users still on Windows 10.

Winsage

August 17, 2024

Microsoft’s New Upgrade Decision—Bad News Confirmed For 70% Of All Windows Users

Five actively exploited zero-day vulnerabilities were revealed during the recent Patch Tuesday, which have been added to the U.S. government's Known Exploited Vulnerability catalog. Check Point Research reported an enhanced variant of the Phemedrone Stealer targeting unpatched Windows PCs to steal cryptocurrency. Microsoft announced it would stop prompting Windows 10 users to upgrade to Windows 11, responding to user feedback. However, Microsoft has also shut down a popular workaround that allowed users to bypass Windows 11's hardware requirements. As Windows 10 security support nears its end, concerns grow over millions of users potentially lacking essential security updates. Feedback indicates frustration over the upgrade process and the financial burden of purchasing new computers. Canalys estimates that around 240 million PCs could become e-waste due to incompatibility with Windows 11.