root Archives

Winsage

April 5, 2025

Nvidia driver 572.83 is causing a black screen on Windows 11, Windows 10

Nvidia's driver version 572.83, released on March 18, is causing black screens during installation, after rebooting, and while gaming for users of Windows 11 and Windows 10. The update was intended to fix issues with RTX 5080 and 5090 graphics cards but has instead led to widespread reports of black screens, particularly affecting newer 50-series GPUs like the 5070 Ti, 5080, and 5090, as well as some 40-series and older 30-series cards. Users have reported needing to force reboot their systems due to the black screen issue. Additionally, there are isolated reports of the Blue Screen of Death (BSOD) linked to the nvlddmkm.sys file, and some users have experienced severe issues like random white lines on the screen and crashes of Windows 11. Speculation regarding the root cause includes potential DisplayPort handshake problems at high refresh rates, although this has not been conclusively proven. Users facing these issues are advised to revert to a previous stable driver version or try workarounds such as disabling G-Sync or lowering refresh rates.

Winsage

April 2, 2025

Microsoft reveals new tool to help with Windows 11 boot recovery crashes

Microsoft is piloting a Quick Machine Recovery (QMR) tool for Windows 11, available to Windows Insiders in the Beta Channel for version 24H2. QMR aims to reduce downtime from boot crashes by activating when a device encounters startup issues, transitioning to Windows Recovery Environment (Windows RE) to reconnect to the network for crash data analysis. Microsoft can then deliver solutions via Windows Update. The feature will be enabled by default on Windows 11 Home devices, while Windows 11 Pro and Enterprise administrators can manage its functionality. The initial rollout allows IT administrators to enable/disable the tool, configure scanning intervals, and conduct readiness tests. Feedback from users is encouraged to improve the tool, though a timeline for general availability has not been announced.

Winsage

April 1, 2025

Windows 11 adds auto-recovery, kills offline setup loophole

Microsoft is introducing the Quick Machine Recovery (QMR) feature in build 26120.3653 for Windows Insiders, aimed at assisting administrators with devices that become unbootable due to problematic updates. QMR automatically redirects affected devices to the Windows Recovery Environment (RE) for troubleshooting and remediation. It is enabled by default for home users, while IT administrators can toggle it on or off and configure scanning intervals and restart timings. QMR is applicable only to Windows 11 24H2. Additionally, Microsoft has removed the bypassnro.cmd script, which allowed users to bypass the Microsoft account requirement during Windows 11 setup without an internet connection. This change aims to enhance security and requires all users to have internet connectivity and a Microsoft account during setup.

Winsage

March 31, 2025

A New Microsoft Tool Automatically Detects, Diagnoses, and Resolves Boot Issues in Windows

Microsoft has introduced a tool called "Quick Machine Recovery" to address boot failures in Windows devices. This feature automatically detects, diagnoses, and resolves critical system issues that prevent devices from starting correctly. It is currently available in the Windows Insider Preview Beta Channel for Windows 11, version 24H2. Quick Machine Recovery aims to reduce downtime by automating the diagnostic and remediation processes, allowing IT administrators to deploy targeted fixes directly to affected devices through the Windows Recovery Environment (Windows RE). Key capabilities include automated remediation based on real-time crash data, admin customization options, and a test mode for simulating recovery processes. The recovery process begins when a device enters Windows RE due to a boot failure, utilizing a network connection to communicate with Microsoft’s recovery services. Future updates are expected to enhance networking configuration support. The feature is enabled by default for Windows 11 Home users, while IT administrators for Pro and Enterprise devices can customize its deployment.

Winsage

March 30, 2025

A Windows 11 update causes issues with some Lenovo laptops

Windows 11 has encountered issues affecting Lenovo ThinkPad laptops, where a recent security update has blocked the installation of a crucial BIOS update. This problem is linked to changes in the Vulnerable Driver Blocklist and modifications to the WinFlash64.exe file. Lenovo ThinkPad owners receive an error message when attempting to update their BIOS through the BIOS Update Utility or Vantage app. Lenovo is rolling out a new BIOS version 1.61 to address the issue and recommends using Windows Update for the BIOS update. Additionally, Microsoft is phasing out Windows 10, with support ending on October 14, 2025, and encouraging users to upgrade to Windows 11. Over 50% of Windows users still operate on Windows 10, despite the rise in Windows 11 users. Microsoft has been notifying Windows 10 users about potential security risks and offering a streamlined upgrade process to Windows 11, which can be done for free, though it may involve some downtime.

AppWizard

March 28, 2025

PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel

PJobRAT is an Android Remote Access Trojan that re-emerged in 2023, targeting users in Taiwan. Initially known for targeting Indian military personnel, it now disguises itself as benign apps like ‘SangaalLite’ and ‘CChat’, distributed via defunct WordPress sites operational from January 2023 to October 2024, with domain registrations dating back to April 2022. The malware is spread through counterfeit applications resembling legitimate messaging services, prompting users to grant extensive permissions. Enhanced capabilities allow it to execute shell commands, access data from any app, root devices, and communicate with command-and-control servers via Firebase Cloud Messaging and HTTP. The campaign appears to have concluded, highlighting the evolving tactics of threat actors. Users are advised against installing apps from untrusted sources and to use mobile threat detection software.

AppWizard

March 28, 2025

PJobRAT makes a comeback, takes another crack at chat apps

In 2021, PJobRAT, an Android Remote Access Trojan (RAT), targeted Indian military personnel through deceptive apps. A new campaign was discovered in 2023, focusing on users in Taiwan, with malicious apps like ‘SangaalLite’ and CChat disguised as instant messaging applications. These apps were available for download from WordPress sites, which have since been taken down. The campaign began in January 2023, with domains registered as early as April 2022, and the latest sample detected in October 2024. The number of infections was low, indicating a targeted approach rather than a broad attack. The distribution methods remain unclear, but may involve SEO poisoning, malvertising, or phishing. Once installed, the apps request extensive permissions and feature basic chat functionality. Recent versions of PJobRAT have shifted from stealing WhatsApp messages to executing shell commands, allowing greater control over compromised devices. PJobRAT communicates with its command-and-control (C2) servers using Firebase Cloud Messaging (FCM) and HTTP, enabling the upload of various data types, including SMS, contacts, and files. The now inactive C2 server was located in Germany.

Winsage

March 27, 2025

Remote desktop problems? Guess what? It’s probably because of another flaky update for Windows

Microsoft is using its Known Issue Rollback (KIR) strategy to address unexpected disconnections in Remote Desktop sessions linked to the January 2025 Windows preview update and exacerbated by the March 2025 Windows security update. Users may experience RDP sessions disconnecting after 65 seconds when establishing UDP-based connections from Windows 11, version 24H2 devices to RDS deployments on Windows Server 2016 or earlier. While KIR will assist Home and Pro users, system administrators may need to adjust Group Policy to effectively mitigate the issue.

AppWizard

March 27, 2025

What you need to know about One UI 7: Software is hard

Samsung initially aimed to deliver the One UI 7 update to eligible Galaxy S phones by Q1 2025, but this timeline will not be met, with a new expected arrival date in April. The recent launch of the Galaxy S25, which includes the update, has added to user frustration. Users have formed distinct groups in response to the situation: some vow to stop purchasing Samsung devices, others rationalize the delays by blaming Google, and some remain indifferent as long as their devices function properly. The situation highlights issues in communication and transparency from Samsung regarding software updates.

Winsage

March 26, 2025

Auth bypass CVE-2025-22230 impacts VMware Windows Tools

Broadcom has addressed a critical authentication bypass vulnerability, CVE-2025-22230, affecting VMware Tools for Windows, rated with a CVSS score of 9.8. This vulnerability allows low-privileged local attackers to escalate their privileges within vulnerable VMs, potentially leading to unauthorized access. It affects VMware Tools versions 12.x.x and 11.x.x across Windows, Linux, and macOS platforms. VMware Tools version 12.5.1 has been released to fix this issue. Additionally, Broadcom issued updates for three zero-day vulnerabilities in VMware ESX products (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), which were confirmed to be actively exploited and represent a "VM Escape" scenario.