screen capture Archives

Winsage

February 22, 2025

Announcing Windows 11 Insider Preview Build 26120.3291 (Dev and Beta Channels)

Windows 11 Insider Preview Build 26120.3291 (KB5052080) has been released for the Dev and Beta Channels, introducing enhancements for Snapdragon-powered Copilot+ PCs. Key updates include an improved Windows Search feature that allows users to find cloud-stored files directly from the taskbar search box and a refined Recall (Preview) experience, which will delete previous snapshots but continue saving new ones if enabled in Settings. For Beta Channel users, the same updates are available as optional upgrades, with plans to make them recommended later this year. Insiders can switch from the Dev to the Beta Channel while both channels share identical build numbers, but this option will close once the Dev Channel progresses to higher build numbers. The improved Windows Search feature supports finding cloud-stored photos by describing them, available for users signed into OneDrive with a personal Microsoft account. Support for third-party cloud providers is expected soon. The update also includes fixes for live captions, File Explorer reliability, and issues with Remote Desktop. Known issues include inaccuracies in build version display after a PC reset and problems with Recall not saving snapshots automatically. An update to the Snipping Tool introduces a new trim feature for screen recordings, allowing users to adjust start and end times.

Winsage

February 14, 2025

Microsoft just made Windows 10 worse, and there’s (almost) nothing you can do about it

Windows 10 users are experiencing a transition to the new Outlook for Windows app, which has replaced the classic Mail & Calendar app following a recent update that also addresses security vulnerabilities. The new Outlook operates as a web app, leading to performance issues and mixed reactions regarding its design. A mandatory rollout of the new Outlook began this week with the Windows 10 KB5051974 update, which will be automatically installed for users on Windows 11 version 22H2. IT administrators can manage the update and can block or uninstall the new Outlook if necessary. Windows 10 is approaching its end of support in October, with fewer updates expected moving forward, while extended support will incur additional costs.

Winsage

February 12, 2025

Microsoft is forcing the new Outlook for Windows app on Windows 10 users with the mandatory KB5051974 update

Microsoft has released cumulative update KB5051974 for Windows 10, which includes the automatic installation of the new Outlook for Windows app. The update highlights also mention fixes for various issues: - Resolved a problem where the Capture Service and Snipping Tool would stop responding when using the Windows logo key+Shift+S with Narrator active. - Stopped automatic suggestions in the Chinese Pinyin input method editor for search engines like Baidu, requiring manual suggestions via Ctrl+Tab or the chevron button. - Fixed playback interruptions with USB audio devices using USB 1.0 drivers. - Addressed a code 10 error message for certain external audio management devices. - Solved a recognition issue for USB cameras following the January 2025 security update. The update also includes security enhancements and bug fixes related to virtual memory, printer failures, and NFC readers.

Winsage

February 11, 2025

Windows 10 KB5051974 update force installs new Microsoft Outlook app

Microsoft has released the KB5051974 cumulative update for Windows 10 versions 22H2 and 21H2, which includes the new Outlook for Windows app and addresses a memory leak issue. This mandatory update provides essential security updates for January 2025 and can be installed via Windows Update. After installation, version 22H2 will be updated to build 19045.5487, and version 21H2 to build 19044.5487. Users can also manually download the update from the Microsoft Update Catalog. The update includes several fixes, such as the introduction of the new Outlook app, resolution of issues with the Capture Service and Snipping Tool, disabling automatic suggestions from Bing in the Chinese Pinyin IME, fixes for USB audio device driver issues, and a solution for virtual memory depletion. Three known issues from previous updates include potential failures in OpenSSH connections, installation failures due to the Citrix Session Recording Agent, and an Event 7023 error related to SgrmBroker.exe, which does not affect device functionality. Microsoft plans to address these issues in future updates.

Winsage

November 28, 2024

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a critical vulnerability, CVE-2024-9680, in Mozilla products exploited by the Russia-aligned group RomCom. This vulnerability, with a CVSS score of 9.8, affects various versions of Firefox, Thunderbird, and the Tor Browser, allowing code execution within the browser's restricted context. When combined with another Windows vulnerability, CVE-2024-49039, attackers can execute arbitrary code in the context of the logged-in user. The exploit can be triggered simply by visiting a malicious web page, enabling the installation of RomCom's backdoor without user interaction. RomCom has been linked to the exploitation of significant zero-day vulnerabilities, including the earlier use of CVE-2023-36884 via Microsoft Word in June 2023. The newly identified vulnerability was reported to Mozilla on October 8th, 2024, and patched the following day. The vulnerability is a use-after-free bug in Firefox's animation timeline. Further investigation revealed CVE-2024-49039, a privilege escalation bug in Windows, which Microsoft patched on November 12th, 2024. RomCom has targeted various sectors in 2024, including governmental entities in Ukraine, the pharmaceutical sector in the US, and the legal sector in Germany, among others. The compromise chain begins with a fake website that redirects victims to a server hosting the exploit. ESET identified multiple command-and-control servers used by RomCom, employing deceptive naming schemes to obscure their intentions. The exploit utilizes shellcode that executes arbitrary code by manipulating animation objects in Firefox. The vulnerability was patched by Mozilla within a day of its discovery. The RomCom backdoor is capable of executing commands and downloading additional modules onto the victim's machine. Indicators of compromise include specific JavaScript files and DLLs associated with the exploit.

Winsage

November 17, 2024

LodaRAT Malware Attacking Windows Users To Steal Login Details

A new variant of the LodaRAT malware is targeting Windows users globally to steal sensitive information, including login credentials and browser cookies. Discovered by Rapid7, this updated version has enhanced functionalities for data exfiltration, malware delivery, screen capture, and remote control of the victim's camera and mouse. The malware is being distributed through tools like DonutLoader and CobaltStrike and has been found on systems already infected with other malware families. Victims are reported worldwide, with approximately 30% of samples from the United States. LodaRAT ensures persistence on infected systems by adding entries to the Windows registry, creating scheduled tasks, and disguising itself as legitimate software. It conducts reconnaissance to gather system information, which is sent to a command and control server. Key features of the latest version include downloading additional payloads, remote command execution, mouse and keyboard control, screen capture, browser credential theft, Windows Firewall manipulation, file exfiltration, audio recording, and local user account creation. To mitigate the risk of infections, users are advised to keep software updated, implement email filtering, use antivirus solutions, educate employees on phishing risks, back up data, and monitor for unusual activity.

Winsage

November 7, 2024

Winos4.0 Malware Found in Game Apps, Targets Windows Users

A newly identified malware framework called "Winos4.0" targets Windows users through game-related applications. It is a sophisticated variant of Gh0strat, capable of executing remote actions and granting attackers control over compromised systems. Winos4.0 is distributed via seemingly harmless applications, which download a BMP file that extracts and activates the Winos4.0 DLL file. The malware establishes persistence by creating registry keys or scheduled tasks. Its capabilities include clipboard monitoring, system information gathering, and detection of antivirus software and security applications. Winos4.0 targets educational institutions, particularly in "Campus Administration." It maintains communication with command-and-control (C2) servers to download encrypted modules and receive commands for actions like document management and screen capture. Fortinet compares Winos4.0 to frameworks like Cobalt Strike and Sliver, noting its encrypted data exchanges and C2 communication. Users are advised to download applications only from reputable sources.

Winsage

October 11, 2024

Typical Microsoft! Disabling Windows Recall is Breaking File Explorer

Microsoft introduced an AI-powered feature called Recall, which captures and catalogs snapshots of a user's screen in a scrollable timeline. Initially intended to be disabled by default, it is now enabled automatically with the 24H2 release across all PCs. Disabling Recall disrupts important functionality in the Windows operating system, particularly affecting the new File Explorer with multi-tab functionality, which relies on Recall and Copilot. Users have reported that creating a Windows Pro 24H2 ISO using MicroWin results in a downgrade of File Explorer. A workaround has been devised to disable Recall components after user login while keeping them intact.