Remote Desktop Archives

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 21, 2025

Windows 11 Pro may be the most underrated PC gaming upgrade ever at $15

Windows 11 Pro is available for .97 until June 1, marking its lowest price ever (regularly priced at 9). It offers features like DirectX 12 Ultimate for enhanced gaming performance, Windows Copilot for AI assistance, and robust security features including BitLocker encryption and secure boot. Additional features include Snap Layouts, Virtual Desktops, Remote Desktop Access, Hyper-V, and Microsoft Teams integration.

Winsage

May 19, 2025

Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution

A critical vulnerability, designated as CVE-2025-21297, has been identified in Microsoft’s Remote Desktop Gateway (RD Gateway) due to a use-after-free (UAF) bug linked to concurrent socket connections during the service's initialization. This flaw, located in the aaedge.dll library within the CTsgMsgServer::GetCTsgMsgServerInstance function, allows multiple threads to overwrite a global pointer, leading to potential arbitrary code execution. The vulnerability affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft released security updates in May 2025 to address the issue, implementing mutex-based synchronization. The updates are KB5050011 for Windows Server 2016, KB5050008 for Windows Server 2019, KB5049983 for Windows Server 2022, and KB5050009 for Windows Server 2025. Security experts recommend applying these patches promptly and monitoring RD Gateway logs for unusual activity.

Winsage

May 17, 2025

Windows 11 Home vs Pro for Gaming: Which One Should You Choose?

Upgrading from Windows 11 Home to Windows 11 Pro does not yield significant benefits in gaming performance, compatibility, or features for most gamers. Both editions provide identical gaming performance, supporting the same core gaming technologies such as DirectStorage, Auto HDR, and Game Mode. Windows 11 Home supports up to 128 GB of RAM and one CPU socket with 64 cores, while Windows 11 Pro supports up to 2 TB of RAM and two CPU sockets with 128 cores. Pro includes additional features like BitLocker encryption, Remote Desktop hosting, Hyper-V virtualization, and Group Policy management, which are not typically utilized by gamers. The price of Windows 11 Home is lower than that of Pro, making it a more cost-effective choice for gaming. Both editions meet the hardware requirements for modern gaming, and compatibility with major games and platforms is consistent across both versions.

Winsage

May 15, 2025

Microsoft Copilot+ Recall: who should disable it, and how

Microsoft's Recall feature for Copilot+ PCs was initially announced a year ago but delayed due to privacy concerns raised by cybersecurity experts. The updated version was released in April 2025 for Windows Insider Preview builds and rolled out more broadly in May. Key updates include requiring user permission for activation, encrypting database files with hardware-based Trusted Platform Module (TPM), and implementing a filter to prevent saving sensitive information. Recall is enabled on a per-user basis, can be uninstalled, does not require a Microsoft account, and processes data locally. However, it still has vulnerabilities, such as allowing access with a regular Windows PIN after initial biometric authentication and failing to consistently filter sensitive data. Recall can log interactions during calls and capture self-destructing messages, posing privacy risks. It can impact performance and battery life, especially during gaming. Users handling sensitive data or frequently using video conferencing may want to disable or remove Recall. Instructions for disabling or removing Recall are provided, along with precautions for those who choose to use it.

Winsage

May 15, 2025

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network

Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Winsage

May 14, 2025

Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on

A vulnerability identified as CVE-2025-30397 can be exploited when Microsoft Edge is in “Internet Explorer” mode, which is typically not the default setting but may be necessary for certain users. Another vulnerability, CVE-2025-29831, can only be exploited during a restart of the Remote Desktop Protocol (RDP) service. SAP has released 18 Security Notes to address various vulnerabilities, including critical authorization issues, remote code execution, information disclosure, and cross-site scripting.

Winsage

May 12, 2025

Upgrade your PC’s operating system to Windows 11 Pro for $15

Microsoft is ending support for Windows 10 and encouraging users to upgrade to Windows 11 Pro, which is currently available for .97, down from 9. This offer is time-sensitive with a limited number of codes available. Windows 11 Pro enhances PC performance, features a redesigned user interface, and introduces productivity tools like snap layouts and improved search functionality. It also includes advanced security measures such as Smart App Control, TPM 2.0, and BitLocker encryption, as well as gaming enhancements through DirectX12 Ultimate. Additionally, it offers professional tools for remote work, including remote desktop access and features like Azure AD and Hyper-V.

Winsage

May 7, 2025

Microsoft has no plans to fix Windows RDP bug that lets you log in with old passwords

Microsoft has decided not to address a significant security flaw in the Windows Remote Desktop Protocol (RDP) that allows users to log in with outdated, cached passwords, even after those passwords have been changed. The company claims this behavior is intentional, designed to prevent users from being locked out of their machines. Microsoft does not consider this a security vulnerability, despite concerns that it creates a potential backdoor for unauthorized access. The issue has been known to Microsoft since at least August 2023, but they chose not to modify the functionality due to compatibility concerns with existing applications.