PowerShell Archives

Winsage

May 31, 2025

New Malware Compromise Microsoft Windows Without PE Header

A new strain of malware has been operating undetected on Windows systems for several weeks, utilizing advanced evasion techniques that corrupt its Portable Executable (PE) headers to avoid detection. Security researchers discovered this malware embedded in the memory of a compromised system during an investigation, using a 33GB memory dump that revealed its presence in a dllhost.exe process with process ID 8200. The malware, classified as a Remote Access Trojan (RAT) by Fortinet, employs batch scripts and PowerShell commands for its attack and has capabilities for screenshot capture, remote server functionality, and system service manipulation. Its command and control infrastructure uses encrypted communications, complicating detection efforts. The malware's distinctive feature is the deliberate corruption of DOS and PE headers, which hinders reverse engineering and complicates the reconstruction of the executable from memory dumps. Researchers had to manually locate the malware’s entry point and resolve complex import tables for it to function in a controlled environment.

Winsage

May 31, 2025

Microsoft Debuts Windows Update Orchestration Platform For Updating All Apps From A Single Place

Microsoft has introduced the Windows Update Orchestration Platform, which aims to centralize the management of line-of-business (LOB) and third-party applications through a single interface, enhancing the app update process for developers and users. Currently in private preview, the platform invites developers to explore its features, which include eco-efficient scheduling, consistent notifications, centralized update history, and unified troubleshooting tools. Developers can integrate their applications using Windows Runtime APIs and PowerShell commands to manage various aspects such as registration and update definitions. The initiative addresses challenges like CPU and bandwidth spikes, conflicting notifications, and increased support costs faced by users and IT administrators.

Winsage

May 30, 2025

Microsoft unveils “centralized” software update tool for Windows

Microsoft is developing a Windows-native update orchestration platform to improve the software updating experience for IT administrators and end-users. This platform aims to streamline the management of updates across various applications and components within the Windows ecosystem, reducing confusion caused by independent updates for different products. Currently in private preview, developers can access the platform through Windows Runtime (WinRT) APIs and PowerShell commands by registering as update providers. The orchestrator will intelligently defer updates based on user activity and system performance, and it will automatically reschedule failed attempts. Additionally, Microsoft is introducing Windows Backup for Organizations to assist with the transition from Windows 10 to Windows 11. This feature simplifies the backup and restoration of settings for Windows 10 and 11 devices. To use this functionality, devices must be Microsoft Entra hybrid joined or Microsoft Entra joined and running a supported version of Windows. The restore feature is compatible only with Microsoft Entra joined devices running Windows 11, version 22H2 and later. The Windows Backup for Organizations feature is currently in a limited public preview for select members of the Microsoft Management Customer Connection Program.

Winsage

May 29, 2025

Microsoft opens Windows Update to third-party apps

Microsoft has introduced a Windows Update orchestration platform to enhance the update experience for app developers and management tool vendors by centralizing update scheduling across Windows 11 devices. A select group of developers will have access to this framework, which allows applications to register their own update logic through WinRT APIs and PowerShell, enabling centralized scheduling, logging, and policy enforcement. The platform supports MSIX/APPX and Win32 apps that use designated APIs and commands, and is currently available as a private preview. Additionally, Microsoft has launched Windows Backup for Organizations, now in limited public preview, designed to back up Windows 10 and 11 devices while preserving user settings. This service is intended to facilitate system migrations and provide a safeguard against malware or ransomware. Specific requirements for participation include having a supported version of Windows and being enrolled in certain Microsoft programs.

Winsage

May 28, 2025

Microsoft’s Windows Update to include third-party apps – now that’s a game changer

Microsoft is introducing a "Windows Update orchestration platform" that allows third-party developers to integrate their applications with Windows Update. This platform, currently in preview, provides an API for developers to register their apps as update providers, enabling seamless scheduling, downloading, and installation of updates. Developers can defer updates based on user activity and system performance, while users will benefit from a unified update history for all supported applications. Developers interested in the private preview can contact Microsoft at unifiedorchestrator@service.microsoft.com.

Winsage

May 28, 2025

Microsoft wants Windows to update all software on your PC

Microsoft has introduced an update orchestration platform to improve the Windows Update infrastructure, streamlining the updating process for applications, drivers, and system components. Developers and IT teams can onboard updates using Windows Runtime (WinRT) APIs or PowerShell commands and can join the private preview by contacting unifiedorchestrator@service.microsoft.com. The platform includes an update scan tool that manages downloads and installations based on user activity, power status, and network conditions, while also handling restart requirements and notification deadlines. It is currently in private preview for developers creating apps or management tools for updates, supporting applications packaged as MSIX, APPX, or Win32 installers. The platform offers a consistent notification experience and centralized app update history within the Settings app, and it works alongside Microsoft's Winget package manager and third-party tools like Chocolatey and Scoop.

Winsage

May 27, 2025

Windows 11’s sneaky new AI tool is a game-changer

Microsoft introduced Foundry AI Local, a command-line tool for running large language models (LLMs) on users' machines, aimed initially at developers but accessible to a broader audience. The installation process utilizes the "winget" tool, allowing users to install it by opening a command line and entering the command: winget install Microsoft.FoundryLocal. Users can run the Phi-3.5-mini model with the command: foundry model run phi-3.5-mini and explore other models with: foundry model list. Foundry AI Local automatically selects the best model for the user's hardware, enhancing performance. While currently functioning as a local chatbot, it has potential applications beyond text generation, including text extraction tools and integration into Windows applications. Future enhancements may include art generation and custom model training.

Winsage

May 27, 2025

I keep all of my software up to date with Winget, and here’s how you can too

Keeping software up to date is essential for an efficient computing environment, as updates introduce new features and fix bugs. The Windows Package Manager, Winget, allows users to manage software installations and updates via the command line interface (CLI) in Windows 11. To check for updates, users can run the command "winget update" in PowerShell or Command Prompt as an administrator, which shows outdated applications and their current and available versions. For updating a specific application, the command "winget update [application ID]" can be used, while "winget upgrade --all" updates all applications at once. Winget supports various command-line interfaces and has a repository of over 6,000 applications. For users preferring a graphical interface, tools like UniGetUI provide a simpler way to manage updates. Executing "winget upgrade --all" in an elevated CLI window is an easy method for updating all software.

Winsage

May 26, 2025

Microsoft releases an update to tackle a built-in issue in Windows images, but who is it for?

Microsoft encourages users to adopt the latest version of Windows or a version eligible for monthly security updates to protect against security threats. Older Windows ISOs are vulnerable due to outdated security updates and antimalware software. Microsoft has released an update for Microsoft Defender to enhance the security of these older Windows images. This update includes the latest Microsoft Defender binaries, which must be applied offline to WIM and VHD files for Windows 11, Windows 10 (Enterprise, Pro, Home), Windows Server 2022, 2019, and 2016. The update improves both the anti-malware client and engine, with package sizes of 78.2 MB for ARM64, 128 MB for x86, and 132 MB for x64 systems. Users need a 64-bit version of Windows 10 or later, PowerShell 5.1 or later, and specific modules to implement the update. Regular updates every three months are recommended for optimal security.

Winsage

May 25, 2025

Windows Passwords Are Under Attack — Do These 7 Things Now

Microsoft Windows is a target for cybercriminals, particularly regarding password theft. Trend Micro has reported an increase in fraudulent Captcha attacks that trick users into executing malicious commands through the Windows Run dialog, leading to data theft and malware infections. These attacks utilize PowerShell and can deploy various malware types, including Lumma Stealer and AsyncRAT. Despite efforts to disrupt the Lumma Stealer network, threats persist, exploiting legitimate platforms. Microsoft recommends users adopt safer online practices and outlines seven mitigations for organizations: disable access to the Run dialog, apply least privilege, restrict access to unapproved tools, monitor unusual behavior, harden browser configurations, enable memory protection, and invest in user education.