OpenSSH Archives

Winsage

February 14, 2025

Windows Server 2022 KB5051979 released, direct download .msu

The February 2025 security patch for Windows Server 2022, KB5051979, resolves issues with Digital-to-Analog Converter (DAC) devices and USB peripherals that previously displayed error code 10. It upgrades the system to Build 20348.3207, fixing a memory leak related to predictive input ideas and issues with the Device Health Attestation service. The update also addresses crashes related to symbolic links and acknowledges lingering harmless errors from the January 2025 update, specifically concerning the System Guard Runtime Monitor Broker Service. Users of OpenSSH and Citrix may face conflicts due to the January update. Some fixes are also applied to Windows 10 with KB5051974. Additionally, Microsoft has resolved a boot error in Windows Server 2025 and released cumulative updates KB5051989 and KB5051987 for Windows 11.

Winsage

February 14, 2025

Releasing Windows 10 Build 19045.5552 to the Release Preview Channel

Windows 10 22H2 Build 19045.5552 (KB5052077) has been released to the Release Preview Channel for Insiders using Windows 10, version 22H2. Key updates include: - Adjustments for Daylight Saving Time (DST) in Paraguay. - Fixes for the Chinese Input Method Editor (IME), including responsiveness issues and improved color contrast in the search suggestion panel. - Resolution of a recurring issue with the desktop window manager (dwm.exe) that caused it to stop responding. - Refresh of Country and Operator Settings Asset (COSA) profiles for select mobile operators. - Improvements to the Narrator, addressing issues with announcing quick action buttons and control types in the Chinese IME candidate window. - Resolution of a service startup failure for Open Secure Shell (OpenSSH), requiring users to manually run the sshd.exe process.

Winsage

February 11, 2025

Windows 10 KB5051974 update force installs new Microsoft Outlook app

Microsoft has released the KB5051974 cumulative update for Windows 10 versions 22H2 and 21H2, which includes the new Outlook for Windows app and addresses a memory leak issue. This mandatory update provides essential security updates for January 2025 and can be installed via Windows Update. After installation, version 22H2 will be updated to build 19045.5487, and version 21H2 to build 19044.5487. Users can also manually download the update from the Microsoft Update Catalog. The update includes several fixes, such as the introduction of the new Outlook app, resolution of issues with the Capture Service and Snipping Tool, disabling automatic suggestions from Bing in the Chinese Pinyin IME, fixes for USB audio device driver issues, and a solution for virtual memory depletion. Three known issues from previous updates include potential failures in OpenSSH connections, installation failures due to the Citrix Session Recording Agent, and an Event 7023 error related to SgrmBroker.exe, which does not affect device functionality. Microsoft plans to address these issues in future updates.

Tech Optimizer

December 19, 2024

LNK Files And SSH Commands: A New Cyber Attack Trend In 2024

Cyber attackers are increasingly using malicious LNK files, which disguise themselves as harmless shortcuts, as an infection vector in 2024. Security experts, particularly Cyble Research and Intelligence Labs (CRIL), have noted a significant rise in this tactic. Attackers leverage LNK files to gain access to systems, triggering malicious actions that can deploy advanced malware. This method reflects a shift in attack vectors aimed at bypassing traditional security measures. One primary technique in these attacks is the exploitation of Living-off-the-Land Binaries (LOLBins), which are trusted system binaries manipulated to execute harmful commands without external malware. Attackers have refined their methods to evade detection by endpoint detection and response (EDR) solutions. Recent campaigns have incorporated SSH commands within malicious LNK files, allowing attackers to establish persistent connections and download malicious files from remote servers. This use of SSH is concerning as it is not typically associated with Windows systems, making it harder for conventional security measures to detect. Threat actors have also used SSH commands to execute malicious PowerShell or CMD commands indirectly through LNK files. For example, a malicious LNK file was found to trigger a PowerShell script that downloaded a malicious payload. Advanced Persistent Threat (APT) groups, known for their long-term cyber espionage, are increasingly utilizing these techniques, with groups like Transparent Tribe deploying stealer malware using similar methods. The combination of LNK files and SSH commands presents a significant threat to organizations, necessitating enhanced monitoring and detection systems to identify abnormal activities. Security teams must evolve EDR solutions to recognize malicious SSH and SCP activity, especially in environments where SSH is not commonly used. Additionally, organizations should restrict the use of legitimate SSH utilities and disable unnecessary features to minimize the attack surface.

Winsage

December 11, 2024

Windows 11 (KB5048667, KB5048685) December 2024 Patch Tuesday out

Microsoft has released Patch Tuesday updates for Windows 11, covering versions 24H2, 23H2, and 22H2. The updates include build versions 26100.2605 for 24H2 (KB5048667), 22631.4602 for 23H2, and 22621.4602 for 22H2 (KB5048685). The 24H2 update addresses security issues and incorporates enhancements from a previous update (KB5046740). The servicing stack update (KB5049685) improves the component responsible for installing updates. For 23H2, users are advised to use EKB KB5027397 for updates, which include all improvements from version 22H2. The 22H2 update includes enhancements from KB5046732 and also addresses security improvements. Known issues include Arm device users being unable to download and play Roblox via the Microsoft Store, with a workaround available through direct download from the Roblox website. Additionally, some users report issues with the OpenSSH service post-installation of the October 2024 security update, affecting enterprise and education customers, with Microsoft investigating. Updates will be available through Windows Update or can be downloaded from the Microsoft Catalog website.

Winsage

November 9, 2024

Microsoft says recent Windows 11 updates break SSH connections

Microsoft has acknowledged a significant issue with last month's Windows security updates that disrupt SSH connections on select Windows 11 22H2 and 23H2 systems, primarily affecting enterprise, IoT, and education customers. The company is investigating whether Windows 11 Home or Pro editions are also impacted. The October 2024 security update has caused the OpenSSH service to fail to start, preventing SSH connections, and this issue occurs without detailed logging, requiring manual intervention to start the sshd.exe process. A temporary workaround involves adjusting access control list (ACL) permissions on specific directories, with instructions provided for affected users. Microsoft is working on a permanent fix to be included in a future Windows update. Additionally, the October Patch Tuesday updates resolved fingerprint sensor freeze issues on Windows 11 24H2 devices and lifted a safeguard hold on upgrades for impacted systems. Microsoft also addressed issues in previous updates affecting application launches on Windows 10 22H2 and Remote Desktop connections in enterprise networks.

Winsage

November 9, 2024

Microsoft confirms OpenSSH issues in Windows 11 23H2 KB5044380

On October 22, 2024, Microsoft released a non-security update for Windows 11 version 23H2, identified as KB5044380, which includes enhancements for user experience but also caused OpenSSH connectivity issues. After installing the update, some users reported that the OpenSSH service fails to start, preventing SSH connections, and requires manual intervention to run the sshd.exe process. This issue affects a wide range of users, though Microsoft stated the number of impacted devices is "limited." A workaround involves adjusting permissions on specific directories using PowerShell commands. Microsoft is investigating the issue and plans to provide a resolution in a future update. Additionally, Windows 11 version 24H2 has its own problems, including inaccuracies in Task Manager and a paused rollout of a new controller keyboard.