Remote Desktop Archives

Winsage

May 30, 2025

Still on Windows 11 23H2 because you’re worried 24H2 is a disaster for PC gaming? Microsoft’s latest update could persuade you to finally upgrade

The latest optional patch for Windows 11, identified as KB5058499, addresses critical issues affecting PC games, particularly those using Nvidia GPUs. It resolves problems such as games freezing upon launch and specific titles becoming unresponsive after upgrading to version 24H2. The patch also targets a memory leak within the ‘Input Service,’ which may contribute to input lag and blue screen crashes linked to ‘memory management’ errors. The root cause of the game lock-up problem was found to be within the Windows 11 kernel, not Nvidia's graphics drivers. Users can install the patch to potentially restore functionality to their games or wait for the full cumulative update scheduled for June 10.

Winsage

May 30, 2025

Microsoft May Patch Tuesday fails on some Windows 11 VMs

Microsoft's recent Patch Tuesday update for Windows 11 has faced significant issues, particularly affecting users on versions 22H2 and 23H2. The installation of the May 13 update is failing on some machines, especially in virtual environments, leading to recovery mode entries and boot errors. Users are advised to avoid the update temporarily. The error message indicates a problem with the ACPI.sys file, which is crucial for managing hardware resources. Windows 11 Home and Pro users are likely unaffected, as virtual machines are typically used in enterprise settings. Microsoft has not provided the number of impacted users or a workaround beyond uninstalling the patches, but engineers are working on a resolution. This incident follows previous patching challenges faced by Microsoft this year, including an emergency update for Windows 10 and issues with Remote Desktop sessions in earlier updates.

Winsage

May 25, 2025

Get Windows 11 Pro for your PC for $15

Microsoft is offering Windows 11 Pro for .97, down from its regular price of 9. This offer is valid only until the end of today and is limited by available codes. Windows 11 Pro can be installed on two compatible PCs and features a modern user interface, productivity tools, enhanced security measures, and professional features for remote work.

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Winsage

May 21, 2025

Windows 11 Pro may be the most underrated PC gaming upgrade ever at $15

Windows 11 Pro is available for .97 until June 1, marking its lowest price ever (regularly priced at 9). It offers features like DirectX 12 Ultimate for enhanced gaming performance, Windows Copilot for AI assistance, and robust security features including BitLocker encryption and secure boot. Additional features include Snap Layouts, Virtual Desktops, Remote Desktop Access, Hyper-V, and Microsoft Teams integration.

Winsage

May 19, 2025

Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution

A critical vulnerability, designated as CVE-2025-21297, has been identified in Microsoft’s Remote Desktop Gateway (RD Gateway) due to a use-after-free (UAF) bug linked to concurrent socket connections during the service's initialization. This flaw, located in the aaedge.dll library within the CTsgMsgServer::GetCTsgMsgServerInstance function, allows multiple threads to overwrite a global pointer, leading to potential arbitrary code execution. The vulnerability affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft released security updates in May 2025 to address the issue, implementing mutex-based synchronization. The updates are KB5050011 for Windows Server 2016, KB5050008 for Windows Server 2019, KB5049983 for Windows Server 2022, and KB5050009 for Windows Server 2025. Security experts recommend applying these patches promptly and monitoring RD Gateway logs for unusual activity.

Winsage

May 17, 2025

Windows 11 Home vs Pro for Gaming: Which One Should You Choose?

Upgrading from Windows 11 Home to Windows 11 Pro does not yield significant benefits in gaming performance, compatibility, or features for most gamers. Both editions provide identical gaming performance, supporting the same core gaming technologies such as DirectStorage, Auto HDR, and Game Mode. Windows 11 Home supports up to 128 GB of RAM and one CPU socket with 64 cores, while Windows 11 Pro supports up to 2 TB of RAM and two CPU sockets with 128 cores. Pro includes additional features like BitLocker encryption, Remote Desktop hosting, Hyper-V virtualization, and Group Policy management, which are not typically utilized by gamers. The price of Windows 11 Home is lower than that of Pro, making it a more cost-effective choice for gaming. Both editions meet the hardware requirements for modern gaming, and compatibility with major games and platforms is consistent across both versions.

Winsage

May 15, 2025

Microsoft Copilot+ Recall: who should disable it, and how

Microsoft's Recall feature for Copilot+ PCs was initially announced a year ago but delayed due to privacy concerns raised by cybersecurity experts. The updated version was released in April 2025 for Windows Insider Preview builds and rolled out more broadly in May. Key updates include requiring user permission for activation, encrypting database files with hardware-based Trusted Platform Module (TPM), and implementing a filter to prevent saving sensitive information. Recall is enabled on a per-user basis, can be uninstalled, does not require a Microsoft account, and processes data locally. However, it still has vulnerabilities, such as allowing access with a regular Windows PIN after initial biometric authentication and failing to consistently filter sensitive data. Recall can log interactions during calls and capture self-destructing messages, posing privacy risks. It can impact performance and battery life, especially during gaming. Users handling sensitive data or frequently using video conferencing may want to disable or remove Recall. Instructions for disabling or removing Recall are provided, along with precautions for those who choose to use it.

Winsage

May 15, 2025

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network

Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.