PowerShell Archives

Winsage

June 15, 2025

I’ve used a lot of Windows launchers, but this is the best one by far

Flow Launcher is a desktop productivity tool for Windows 11 that excels in speed, opening instantly with a keyboard shortcut and providing audio cues. It features an extensive library of plugins, allowing users to enhance functionality with ease, including pre-installed plugins for searching bookmarks, managing files, and executing system commands. The plugin store offers a variety of extensions, catering to diverse needs, including tools for OneNote, Spotify, and gaming. Flow Launcher is highly customizable, enabling users to adjust extension functions, search result priorities, and activation shortcuts. It also allows the creation of custom hotkeys for quick access to frequently used tools, such as an enhanced clipboard history.

Winsage

June 12, 2025

Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity

Microsoft released updates in June 2025 to address critical issues affecting Windows Server 2025 domain controllers, specifically authentication failures and network connectivity problems. The updates, encapsulated in KB5060842, resolved issues stemming from security update KB5055523, which altered certificate validation methods for Kerberos authentication. This change led to logging errors for self-signed certificates and affected Windows Hello for Business Key Trust deployments. Additionally, a separate issue prevented domain controllers from managing network traffic correctly after restarts, causing them to revert to standard firewall profiles. Microsoft provided a temporary workaround for administrators to manually restart network adapters until a permanent fix was implemented. The June updates addressed a total of 66 vulnerabilities, including 10 rated as Critical, and recommended immediate installation. Microsoft advised against setting the AllowNtAuthPolicyBypass registry key to ‘2’ for domain controllers using self-signed certificates until the latest updates were applied.

Winsage

June 11, 2025

Microsoft fixes unreachable Windows Server domain controllers

Microsoft addressed a significant issue with Windows Server 2025 domain controllers that made some servers unreachable after a restart, affecting applications and services reliant on them. The problem was due to servers loading the standard firewall profile instead of the intended domain firewall profile after a reboot, leading to improper network traffic management. This misconfiguration caused accessibility challenges for services and applications on affected servers. Microsoft released the KB5060842 security update to resolve this issue during the June 2025 Patch Tuesday. A temporary workaround involves manually restarting the network adapter on affected servers using the Restart-NetAdapter * PowerShell command, which must be done after each reboot until the update is installed. Additionally, Microsoft fixed another issue preventing some users from logging into accounts via Windows Hello after the installation of the KB5055523 April 2025 security update.

Winsage

June 9, 2025

If you deleted that mysterious Windows file Microsoft told you not to, there’s a new script to restore it

The 'inetpub' folder, which appears on system drives (C:) after the April 2025 security update for Windows 10 and 11, is essential for protecting users against the security vulnerability CVE-2025-21204. This vulnerability involves improper link resolution before file access and can allow an authorized attacker to escalate privileges. Although the folder may seem empty and Internet Information Services (IIS) might not be in use, its deletion can compromise the effectiveness of the security patch, exposing systems to vulnerabilities. Microsoft recommends using a PowerShell script to restore the folder if deleted, rather than recreating it through IIS, which may add unwanted system folders.

Tech Optimizer

June 9, 2025

ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information

The AhnLab Security Intelligence Center (ASEC) has reported that ViperSoftX malware, first identified in 2020, continues to pose a significant threat, particularly targeting cryptocurrency-related information. It disguises itself as cracked software or eBooks on torrent sites and uses deceptive tactics to infect users globally. ViperSoftX exploits the Windows Task Scheduler to execute malicious PowerShell scripts and communicates with its command-and-control server to transmit detailed system information. The malware captures clipboard activity to steal cryptocurrency wallet addresses and employs mechanisms to avoid detection, including self-removal. It also deploys secondary payloads like Quasar RAT and ClipBanker, which hijacks wallet addresses during transactions. ASEC warns that infections can lead to total system compromise and advises users to avoid unverified downloads and maintain updated security measures. Indicators of Compromise (IOCs): - MD5: - 064b1e45016e8a49eba01878e41ecc37 - 0ed2d0579b60d9e923b439d8e74b53e1 - 0efe1a5d5f4066b7e9755ad89ee9470c - 197ff9252dd5273e3e77ee07b37fd4dd - 1ec4b69f3194bd647639e6b0fa5c7bb5 - URLs: - http://136.243.132.112/ut.exe - http://136.243.132.112:881/3.exe - http://136.243.132.112:881/APPDATA.exe - http://136.243.132.112:881/a.ps1 - http://136.243.132.112:881/firefoxtemp.exe - IPs: - 136.243.132.112 - 160.191.77.89 - 185.245.183.74 - 212.56.35.232 - 89.117.79.31

Winsage

June 9, 2025

Microsoft: Remedy for security vulnerability due to deleted “inetpub” folder

A recent Microsoft security update has created a new folder named "inetpub" on Windows systems, which is essential for system security. If users delete this folder, it can lead to significant vulnerabilities. Microsoft has released a Powershell script, Set-InetpubFolderAcl.ps1, to restore the "inetpub" folder and set the correct permissions. Systems that installed the April security update (KB5055528) must take immediate action if the "inetpub" directory is missing. The script also updates access rights for the "DeviceHealthAttestation" directory, if it exists. Administrative rights are required to run the script. This issue was highlighted by IT security researcher Kevin Beaumont, who noted that deleting the "inetpub" folder could disrupt the installation of future security updates.

Winsage

June 6, 2025

Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft has released a PowerShell script to help restore the C:Inetpub folder, which is crucial for addressing a high-severity privilege escalation vulnerability associated with Windows Process Activation. The folder's unexpected appearance after the April 2025 Windows security updates led some users to delete it, inadvertently exposing their systems to vulnerabilities. Microsoft emphasizes that the folder should not be deleted, as it is integral to the security framework, regardless of whether Internet Information Services (IIS) is active. The script allows administrators to recreate the folder with the correct permissions and access control settings.

Winsage

June 6, 2025

Microsoft Issues Critical Windows Update—Do Not Delete This

Users may face a significant vulnerability related to a Windows update from April 2025, particularly concerning the "inetpub" folder, which is essential for the security of Windows 11 systems. Microsoft clarified that this folder, linked to Internet Information Services (IIS) and necessary for hosting capabilities, should not be deleted. If users have removed the folder, they must restore it to address the security patch for CVE-2025-21204, as its absence can lead to risks such as privilege escalation and unauthorized access. Microsoft has provided a PowerShell script to restore the folder without enabling IIS, and users are advised to follow specific commands to execute the fix. However, many users may not take action, leaving their systems vulnerable.

Winsage

June 6, 2025

Your Windows PC might be at risk if you deleted the “inetpub” folder, but there’s a fix

Windows users have encountered a new "inetpub" folder on their primary drive after the April 2025 Patch Tuesday update. This folder is empty and occupies no storage space, but many users have deleted it out of concern. Microsoft has stated that the folder is part of a security patch for vulnerability CVE-2025-21204 and should not be removed, as it is linked to Internet Information Services (IIS). Users can restore the folder using a PowerShell script if they have deleted it. The folder addresses a security flaw related to improper link resolution that could allow local attackers to manipulate files. Instructions for restoring the folder include running PowerShell as Administrator, allowing signed scripts, downloading a specific script, and applying the fix.

Tech Optimizer

June 5, 2025

Fake DocuSign and Gitcode sites are tricking victims into downloading malware – here’s what you need to know

Researchers at DomainTools Investigations (DTI) have identified counterfeit websites mimicking platforms like DocuSign and Gitcode, designed to lure users into downloading malware, specifically a remote access trojan (RAT). These fraudulent sites use tactics such as fake CAPTCHA prompts to enhance credibility and prompt users to download malicious software disguised as necessary updates. The operation employs a multi-stage downloader PowerShell script, reminiscent of older scams that alarmed users with popups about virus infections. Users are advised to be cautious with unfamiliar websites and verify the authenticity of download prompts.