Notepad Archives

Winsage

April 25, 2025

Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw

In early April 2025, Microsoft addressed a security vulnerability (CVE-2025-21204) related to symbolic links in the Windows servicing stack, specifically affecting the c:inetpub directory used by Internet Information Services (IIS). The updates created the c:inetpub folder with appropriate permissions to mitigate risks. However, this fix introduced a new denial-of-service (DoS) vulnerability, allowing non-administrative users to create junction points on the c: drive, disrupting the Windows Update mechanism. A command such as "mklink /j c:inetpub c:windowssystem32notepad.exe" could be used to exploit this flaw, preventing systems from receiving future security patches. As of April 25, Microsoft had not released a patch or acknowledged the issue, leaving systems vulnerable and emphasizing the need for monitoring user permissions and manually removing suspicious symlinks.

Winsage

April 24, 2025

Windows 11 24H2 reveals a 20-year-old bug in GTA San Andreas related to the Skimmer seaplane

Game developer Adrian has been fixing bugs in Grand Theft Auto: San Andreas (GTA: San Andreas) and other titles. A recent issue was identified involving the missing Skimmer seaplane after an update to Windows 11 24H2, reported by GitHub user hiddenmask58. Adrian discovered that the problem was due to a missing line in the vehicles.ide configuration file, which had gone unnoticed since the game's original launch. The update to Windows 11 24H2 changed memory handling, causing the Skimmer to become too large to render. To fix the issue manually, players can edit the datavehicles.ide file by appending -1, 0.7, 0.7, -1 to the Skimmer line. Alternatively, a Hotfix will be released on GitHub.

Winsage

April 24, 2025

Microsoft mystery folder fix might need a fix of its own

Microsoft's recent patch for CVE-2025-21204 inadvertently reintroduced the inetpub folder at c:inetpub as part of its mitigation strategy, raising concerns among system administrators. Security researcher Kevin Beaumont discovered that this folder created a new vulnerability when he used the mklink command with the /j parameter to redirect the folder to a system executable (notepad.exe). This allowed standard users to prevent Windows updates without administrative rights, as the command could be executed on default-configured systems. Beaumont has notified Microsoft of this vulnerability, but the company has not yet responded.

Winsage

April 24, 2025

An empty folder in Windows that «cannot be deleted» can permanently block OS updates

The inetpub folder, introduced in the April update of Windows 11 (version 24H2) as part of a fix for the CVE-2025-21204 vulnerability, has raised concerns among security researchers. It can be manipulated to block Windows updates without administrative rights by creating a symbolic link to notepad.exe, which can lead to a rollback of patches and leave the system vulnerable. Microsoft has not yet responded to this issue, and the possibility of a patch to address the new vulnerability is still open.

Winsage

April 24, 2025

Windows 11’s crucial new ‘inetpub’ folder is laughably easy to hack

A new folder named "inetpub" appeared on many Windows PCs after an April update, initially thought to be a glitch. Microsoft later stated that this folder was introduced to enhance Windows security by addressing the CVE-2025-21204 vulnerability. However, security researcher Kevin Beaumont revealed that the inetpub folder could allow attackers to bypass critical security updates. Beaumont proposed creating a junction point in the C: directory to prevent the inetpub folder's creation, which would also block the installation of the April update and subsequent security updates, leaving PCs vulnerable. This situation could lead to error messages and failed update rollbacks, with attackers able to exploit these issues without elevated privileges. Beaumont has informed Microsoft about the problem, but a response has not yet been received.

Winsage

April 22, 2025

Windows 10 LTSC – the version that won’t expire for years

The end of support for Windows 10 is approaching in October, but two editions will remain supported for two and seven more years, respectively. Windows 10 LTSC 2021 will receive mainstream support until January 12, 2027, and Windows 10 IoT Enterprise LTSC 2021 until January 13, 2032. LTSC versions lack the Windows Store and many modern applications, offering a streamlined experience with essential features only. Activation of LTSC editions requires an enterprise product key, obtainable through a Volume License Agreement. The IoT version is limited to US English, while the standard LTSC supports 38 languages. LTSC editions do not receive version upgrades, remaining on version 21H2 indefinitely. LTSC ISO files are not readily available on the Microsoft download page but can be accessed through the Microsoft portal with an enterprise license. Unauthorized third-party Windows distributions, such as Tiny11 and Atlas OS, exist but may violate Microsoft’s terms of service.

Winsage

April 15, 2025

There’s AI Inside Windows Paint and Notepad Now. Here’s How to Use It

Companies are integrating artificial intelligence into their software, with recent updates to Windows applications like Paint and Notepad showcasing AI enhancements. In Windows Paint, a Copilot button introduces three features: 1. Image Creator: Users can generate images from descriptive prompts, selecting styles for the output. 2. Generative Erase: This tool lets users remove unwanted elements from images and fills in the background using surrounding pixels. 3. Remove Background: This feature isolates the main subject of an image by turning the background white. Generative Erase and Remove Background are free, while Image Creator requires AI credits available through Microsoft 365 or Copilot Pro subscriptions. In Windows Notepad, the Copilot button offers features to refine existing text: 1. Make shorter and Make longer: Adjusts the length of selected text. 2. Change tone: Modifies the text's tone to be inspirational, formal, casual, or humorous. 3. Change format: Restructures text into lists, marketing language, or poetry. 4. Rewrite: Provides previews of rewritten text for selection. Notepad's AI-powered rewrites are limited for free users, with extensive use requiring AI credits tied to a Microsoft 365 or Copilot Pro subscription. The Copilot button can be disabled in settings for a distraction-free experience.

Winsage

April 9, 2025

Exploitation of CLFS zero-day leads to ransomware activity

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) identified a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS), designated as CVE-2025-29824. This vulnerability has been exploited by the PipeMagic malware, attributed to the group Storm-2460, affecting organizations in various sectors across the U.S., Venezuela, Spain, and Saudi Arabia. Microsoft released security updates on April 8, 2025, to address this vulnerability. The exploit allows attackers with standard user privileges to escalate their access, and it was executed from a dllhost.exe process. The exploit utilizes memory corruption techniques and the RtlSetAllBits API to gain all privileges and inject processes into SYSTEM processes. Post-exploitation, the attackers injected a payload into winlogon.exe, leading to ransomware activity characterized by file encryption and the creation of ransom notes. Indicators of compromise include the creation of a CLFS BLF file at C:ProgramDataSkyPDFPDUDrv.blf, command lines associated with ransomware activities, and specific domains linked to PipeMagic. Microsoft advises applying security updates promptly and recommends strategies for mitigating ransomware threats, including enabling cloud-delivered protection and utilizing device discovery.

Winsage

March 31, 2025

10 Facts you probably didn’t know about Windows as Microsoft turns 50

- Windows was originally named "Interface Manager" before being changed to "Windows" prior to its launch in 1985. - Early versions of Windows (1.0, 2.0, and 3.x) operated on top of MS-DOS and required users to boot into MS-DOS before launching the graphical interface. - The Briefcase folder was an early tool for synchronizing files between computers, which became obsolete with the rise of cloud storage solutions. - Prior to Windows XP, user profiles were basic and lacked robust security; full user accounts were implemented with Windows NT. - Several applications from Windows 1.0, including Calculator, Paint, Notepad, Clock, and Control Panel, are still present in Windows 11 in modernized forms. - The "Format" dialog in File Explorer has used the same code for over 30 years, although updates for FAT32 support are being developed. - TrueType fonts were introduced in Windows 3.1 in 1992 through a licensing agreement with Apple, improving font rendering quality. - The "Ctrl + Alt + Delete" shortcut was created by IBM engineer David Bradley as a debugging tool and later adopted by Microsoft for secure attention sequences in Windows NT. - Windows 1.0 required a minimum of 256KB of RAM at its launch in 1985, while Windows 11 requires at least 4GB.

Winsage

March 26, 2025

An open-source Windows alternative you’ve probably never heard of just got updated

ReactOS 0.4.15 is the largest release to date, focusing on compatibility, bug fixes, and improved system stability. It introduces new features such as registry mechanisms, enhanced security, and improvements to system tools. The release supports 64-bit x86 architecture and includes significant updates to the Plug and Play Manager, audio enhancements, and better memory management. Users can now boot from USB devices and utilize more third-party drivers. The update also features quality-of-life improvements in tools like Notepad and Paint, and a new visual style. Future upgrades are promised, including power management and UEFI support. ReactOS 0.4.15 is available for download, but it remains in alpha status.