NewApp Digest
search bot

Microsoft’s response

Windows 11 24H2 issue causes File Explorer menu to appear outside the screen
Winsage
November 2, 2024

Windows 11 24H2 issue causes File Explorer menu to appear outside the screen

In the Windows 11 24H2 update, users have reported that the three-dot menu in File Explorer becomes unreadable in full-screen mode, appearing at the top of the screen instead of below the three dots. This misalignment makes it difficult to access menu options while in full-screen mode. Microsoft has acknowledged the issue and plans to address it in future updates, with a significant optional update scheduled for the last week of November and a Patch Tuesday update on November 12. These updates will also include fixes for other critical issues. Regular updates for Windows 11 24H2 will resume in January after a pause in December.
Microsoft blames Disk Cleanup for Windows 11 24H2’s apparent gigabyte gobbling
Winsage
October 18, 2024

Microsoft blames Disk Cleanup for Windows 11 24H2’s apparent gigabyte gobbling

Microsoft has acknowledged an issue following the installation of the Windows 11 2003 Update (Windows 11 24H2), where users encounter an unexpected 8.63 GB of undeletable data. The problem is attributed to a malfunction in the Windows Disk Cleanup tool, which is causing a reporting error rather than an actual loss of recoverable disk space. After running Disk Cleanup, it may inaccurately report an amount of space still available for cleanup in the 'Windows Update Cleanup' category, despite some files being cleaned up correctly during the initial run. Microsoft is working on a resolution for this issue.
Windows Downdate tool lets you 'unpatch' Windows systems
Winsage
August 27, 2024

Windows Downdate tool lets you ‘unpatch’ Windows systems

SafeBreach security researcher Alon Leviev has introduced a tool called Windows Downdate, which enables downgrade attacks on Windows 10, Windows 11, and Windows Server systems, allowing malicious actors to revert updated devices to older software versions and exploit previously patched vulnerabilities. The tool is open-source and built on Python, facilitating the downgrading of system components such as the Hyper-V hypervisor and Windows Kernel. Leviev provided examples of reverting patches for vulnerabilities like CVE-2021-27090, CVE-2022-34709, CVE-2023-21768, and PPLFault. The tool exploits vulnerabilities CVE-2024-21302 and CVE-2024-38202 and operates undetected by endpoint detection solutions, misleading users into believing their systems are up-to-date. Leviev demonstrated methods to disable Windows virtualization-based security (VBS) features without physical access. Microsoft released a security update (KB5041773) on August 7 to address CVE-2024-21302, but a patch for CVE-2024-38202 is still pending. Microsoft advises customers to implement protective measures, including configuring "Audit Object Access" settings, restricting update operations, utilizing Access Control Lists, and auditing privileges.
Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs | Tom's Hardware
Winsage
August 17, 2024

Microsoft patches TPM 2.0 bypass to prevent Windows 11 installs on PCs with unsupported CPUs | Tom’s Hardware

Many users with unsupported PCs have successfully upgraded to Windows 11 using a command line trick with the '/product server' directive, despite the operating system's stringent hardware requirements. Microsoft has patched this workaround in its latest Canary Build, which now requires the Trusted Platform Module (TPM) 2.0 protocol. The current Windows 11 24H2 version still allows the bypass, but future updates may restrict it further. Users have been able to install Windows 11 on older CPUs, including Athlon and Core2Duo models, by circumventing TPM and RAM verification checks. The workaround has been particularly useful for systems capable of running Windows 11 but lacking TPM 2.0 support. Compatibility for adding a TPM module is limited to Intel's 8th generation and AMD's 2nd generation Ryzen CPUs. In enterprise editions, the CPU compatibility list starts with two-core CPUs at a minimum of 1 GHz, with TPM 2.0 being optional. As Microsoft continues to release patches, these bypass methods may soon become ineffective, leaving users with options to revert to older Windows versions, explore Linux, or upgrade hardware.
Windows 10 users have pushed back against intrusive pop-ups to get them to upgrade to Windows 11 – and Microsoft has finally backed down
Winsage
August 16, 2024

Windows 10 users have pushed back against intrusive pop-ups to get them to upgrade to Windows 11 – and Microsoft has finally backed down

Microsoft will stop full-screen pop-ups encouraging users to transition to Windows 11 starting with the April 2024 monthly security update, responding to user feedback. However, Windows 10 Home users will still experience these pop-ups, while Windows 10 Pro and business edition users will not. Despite challenges, Windows 11 is gaining users, but many hesitate due to bugs, complicated updates, and strict system requirements. Microsoft's aggressive marketing tactics may have deterred potential users, similar to frustrations with pop-ups in the Edge browser.
Microsoft stays silent on launch date for controversial Windows 11 feature mocked by Apple and Elon Musk
Winsage
August 15, 2024

Microsoft stays silent on launch date for controversial Windows 11 feature mocked by Apple and Elon Musk

Recall was a feature of Microsoft's Copilot+ PCs, designed to create a searchable archive of user interactions on Windows 11 by capturing screen snapshots. Following criticism regarding privacy and security concerns, Microsoft decided to disable Recall by default on all Copilot+ PCs. Users will have to manually enable it during setup, and access will require Windows Hello authentication. Recall remains unavailable to Copilot+ PC owners, with speculation that it may not return until the next major Windows 11 update in late 2024. Microsoft plans to implement several changes to enhance security, including encryption of the search index database and requiring user authentication for accessing snapshots.
New Windows 10 And 11 Blue Screen Of Death Warning Issued
Winsage
August 12, 2024

New Windows 10 And 11 Blue Screen Of Death Warning Issued

A new vulnerability, designated CVE-2024-6768, has been identified in Windows, affecting all versions of Windows 10, Windows 11, and Windows Server 2022. This flaw is related to the common log file system Windows driver and results from improper validation of input data, leading to a blue screen of death. The vulnerability allows a user with no privileges to crash the system using a specially crafted file, even if the system is fully updated. Microsoft was first notified of this issue in December 2023 but claimed it could not reproduce the vulnerability, despite Fortra's ability to replicate it. No workaround or mitigation has been found, and there is skepticism about Microsoft's likelihood of providing a fix. The timeline of the vulnerability includes multiple reports and evidence provided by Fortra, culminating in the planned publication of the CVE on August 12, 2024.
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
Winsage
August 9, 2024

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is developing security updates to address two critical vulnerabilities in the Windows operating system that allow for downgrade attacks. The vulnerabilities are: 1. CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability 2. CVE-2024-21302 (CVSS score: 6.7) - Windows Secure Kernel Mode Elevation of Privilege Vulnerability These vulnerabilities were discovered by Alon Leviev from SafeBreach Labs and presented at Black Hat USA 2024 and DEF CON 32. CVE-2024-38202 is linked to the Windows Backup component and can be exploited if an attacker persuades an Administrator or user with delegated permissions to perform a system restore. CVE-2024-21302 allows an adversary to replace current Windows system files with older versions, potentially reintroducing previously mitigated vulnerabilities and bypassing Virtualization Based Security (VBS) features. Leviev developed a tool called Windows Downdate that can downgrade a fully patched Windows machine, making it vulnerable to past exploits. This tool can bypass integrity checks and Trusted Installer enforcement, allowing downgrades of critical components. The vulnerabilities could mislead the operating system into reporting that it is fully updated while obstructing future updates and hindering detection by recovery tools. The design flaw enabling these attacks has existed since the introduction of VBS features in 2015.
Windows patches can be forcibly reversed, reopening bugs
Winsage
August 8, 2024

Windows patches can be forcibly reversed, reopening bugs

Alon Leviev from SafeBreach presented techniques at the Black Hat conference that could enable unauthorized users with administrative access to remove security patches from Windows machines. His methods are inspired by the BlackLotus UEFI bootkit and allow for downgrading the OS kernel and other components while appearing as legitimate system updates. The techniques affect Windows 10, 11, and Windows Server editions, including their virtualization support, making the entire virtualization stack vulnerable. Microsoft was informed of these vulnerabilities six months prior and issued two advisories: CVE-2024-38202, which addresses an elevation-of-privilege vulnerability in the Windows Update Stack, and CVE-2024-21302, related to a secure kernel mode elevation-of-privilege vulnerability. Both advisories highlight that exploiting these vulnerabilities requires additional actions by a privileged user. Leviev also introduced a proof-of-concept tool named Windows Downdate to demonstrate the vulnerabilities.
Search