process Archives

Winsage

April 18, 2026

RedSun: Windows 0day when Defender becomes the attacker

A vulnerability has been discovered in Windows Defender that allows standard users to exploit a logic error in the file remediation process, enabling code execution with elevated privileges without administrative access. This flaw, identified by security researcher Chaotic Eclipse, occurs because Windows Defender does not verify if the restoration location of flagged files has been altered through a junction point. The exploit, named RedSun, takes advantage of a missing validation in the MpSvc.dll file, allowing attackers to redirect file restoration to the C:WindowsSystem32 directory. RedSun operates by chaining together four legitimate Windows features: Opportunistic Locks (OPLOCKs), Cloud Files API, Volume Shadow Copy Service (VSS), and Junction Points. The execution of the exploit involves monitoring shadow copies, triggering Defender's detection, synchronizing OPLOCKs, and ultimately writing malicious binaries to the System32 directory. The root cause is the lack of reparse point validation in the restoration process, and currently, no patch or CVE has been assigned for this vulnerability. It affects Windows 10, Windows 11, and Windows Server 2019 and later, and organizations are advised to implement behavioral detection strategies until a fix is available.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A new zero-day vulnerability in Microsoft Defender has been disclosed by a researcher known as "Chaotic Eclipse," who has created a proof-of-concept exploit called "RedSun." This vulnerability allows local privilege escalation to SYSTEM level on Windows 10, Windows 11, and Windows Server when Microsoft Defender is active. The vulnerability has attracted attention from antivirus vendors, with some detecting it on VirusTotal due to an embedded EIRCAR in the executable. Chaotic Eclipse previously disclosed another vulnerability named BlueHammer, which also allowed local attackers to gain SYSTEM or elevated permissions. The researcher expressed dissatisfaction with Microsoft's vulnerability disclosure process, recounting negative interactions with the company. A Microsoft spokesperson stated the company's commitment to investigating security issues and supporting coordinated vulnerability disclosure.

AppWizard

April 18, 2026

‘I don’t want Sloppy Spire 2’: Slay the Spire 2 dev teases exciting updates, rejects the concept of deadlines

Slay the Spire 2 has gained popularity on Steam since its March launch, surpassing the original game in features. Upcoming updates include alternate versions of Acts 2 and 3, Steam Workshop support, experimental game modes, a new character, new cards, events, relics, and potions. Players can also expect bug fixes, enhanced audio and artwork, balance adjustments, and additional languages. The studio has not provided specific timelines for these updates. Recent balance changes will be integrated into the main version once stable. Developers are committed to maintaining a whimsical experience in the game. A full newsletter detailing updates is available on Steam.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A researcher known as “Chaotic Eclipse” has revealed a new zero-day vulnerability in Microsoft Defender, called “RedSun,” which allows local privilege escalation to SYSTEM privileges on Windows 10, Windows 11, and Windows Server when Microsoft Defender is enabled. The exploit has been confirmed to function correctly, and some antivirus vendors have begun detecting it. This follows another vulnerability disclosure by the same researcher, named BlueHammer, which also allows local attackers to elevate permissions. Chaotic Eclipse expressed dissatisfaction with Microsoft’s handling of vulnerability disclosures, claiming they were threatened and experienced frustration with the company’s response. A Microsoft spokesperson stated the company is committed to investigating reported security issues and supports coordinated vulnerability disclosure.

Winsage

April 18, 2026

Windows Server 2025 Update KB5082063: Error 0x80073712 due to Media Player; and Error 0x800F0983

Cumulative update KB508206, released on April 14, 2024, for Windows Server 2025, is causing installation failures for some administrators. Error code 0x800F0983 has been acknowledged by Microsoft as an issue related to the update process, while error code 0x80073712 has been linked to the legacy Windows Media Player application. Reports indicate that the installation of KB5082063 is problematic, particularly on systems configured in German, with users experiencing persistent failures despite attempts to use repair commands. The installation issues may be related to missing files associated with the Media Player language packs, affecting various language configurations.

AppWizard

April 18, 2026

Stop Killing Games delivers ‘absolutely incredible’ hearing in European Parliament: ‘There was no [parliament member] that wasn’t responding positively’

The Stop Killing Games campaign, founded by Ross Scott, aims to prevent the discontinuation of server-dependent video games once they are no longer financially viable. Recently, Scott and organizer Moritz Katzner presented their case to the European Parliament, receiving positive feedback from attendees, including MEPs and committee chairs. Consultant Daniel Ondruška clarified that the movement seeks reasonable guidelines rather than perpetual support for games. The hearing was seen as a significant step in the legislative process, with all present MEPs showing support for the initiative. Katzner noted plans to establish NGOs in the EU and US for long-term advocacy against game shutdowns and mentioned support for a lawsuit against Ubisoft regarding the discontinuation of The Crew.

AppWizard

April 18, 2026

After the death of Dragon Age, it’s a megaton bummer to go back and hear BioWare’s founders talk about the series’ bright future

PCG has rediscovered a hands-on preview of Dragon Age: Origins by Evan Lahti, along with an interview from 2009 with BioWare co-founders Ray Muzyka and Greg Zeschuk. At that time, the studio was thriving, with both founders expressing optimism about the franchise's future and hinting at sequels. Muzyka noted that Dragon Age would be a franchise with a continuum of experiences, referencing a save transfer feature inspired by Mass Effect. Lahti recalls the excitement of covering the studio shortly after its acquisition by EA. Muzyka defended the artistic integrity of their games against media scrutiny, while Zeschuk commented on controversies surrounding early Mass Effect titles. The interview originally appeared in PC Gamer #198 (UK, March 2009).

AppWizard

April 17, 2026

This Android Setting Makes It Easy to Manage All Your App Permissions

In Android devices, users can manage app permissions through a privacy dashboard located in Settings > Security & Privacy > Privacy > Permission manager. This includes permissions for the camera, microphone, location, and more. Users can specify access levels for these features, including allowing access all the time, only while using the app, or not at all. Special permissions, which allow apps to modify system settings or access sensitive data, require particular attention and can be reviewed in Settings > Apps > Special app access. Caution is advised for apps from outside the Google Play Store, as they may pose greater risks. Regular audits of app permissions are recommended to ensure that apps do not have more access than necessary.

AppWizard

April 17, 2026

Silent Hill f’s director believes ‘I am not qualified to tell you how women should feel’ and instead relied on female devs for insights to Hinako’s fears

Silent Hill f features a female protagonist, Shimizu Hinako, set in 1960s Japan, exploring her struggles between tradition and societal change. The game emphasizes women's rights and the pressures of autonomy, with Hinako facing fears related to marriage and motherhood. The development team, particularly female staff members, contributed to the authentic portrayal of these fears, ensuring the narrative resonates with real experiences. Monsters in the game symbolize Hinako's anxieties, including a creature representing her fear of pregnancy, designed with input from the team. The collaborative approach in the game's creation enhances its relatability and depth, inviting players to reflect on their own societal pressures.

AppWizard

April 17, 2026

Torchlight Infinite’s new season is the high-speed ARPG’s most popular yet

A new season of Torchlight Infinite, titled 'Lunaria,' has launched, achieving its most successful debut on Steam with a peak of 26,618 players. The update introduces new features such as an endgame farming system, a character focused on potion mechanics, and temporary alliances with bosses. Key gameplay mechanics include awakening statues in the Netherrealm to spawn monsters and collect rewards, alongside random events that enhance loot opportunities. The update also adds Rhapsodies for variability in farming, a Creation Engine for converting Creation Crystals into loot, and a new character, the Scent Weaver Sage, who uses elixirs in combat. Quality-of-life improvements include visual upgrades for characters and monsters, enhanced user interface, and a re-arranged main theme for the game's third anniversary. The 'Lunaria' season is available for free on Steam, along with a 'Midas Touch' event for additional rewards.