security enhancements Archives

Tech Optimizer

January 29, 2026

Aurora PostgreSQL 13 Deadline: Four Upgrade Paths to Beat February Cutoff

Standard support for Amazon Aurora PostgreSQL-Compatible Edition and Amazon RDS for PostgreSQL version 13 will end on February 28, 2026. PostgreSQL 13 will be deprecated by the community in November 2025, ceasing to receive bug fixes or security patches. AWS recommends upgrading to newer versions, such as 16 or 17, which offer significant performance enhancements and improved security. PostgreSQL 17 can achieve up to twice the write throughput and consumes 20 times less memory during vacuum operations. Version 16 introduces pg_stat_io for detailed I/O statistics, while version 14 includes a vacuum emergency mode. Aurora-specific enhancements in version 14.9 and later can lead to faster query latency and reduced costs. Version 14 introduces new roles for access control, and version 15 revokes certain permissions. Major upgrades in logical replication include automatic slot synchronization in version 17 and support for parallel apply in version 16. Transitioning between major versions requires careful examination of catalog changes, as some views and configuration parameters will evolve. Extensions must be verified, as most do not auto-upgrade. An in-place major version upgrade can be performed via the AWS Console or CLI, with downtime varying based on database size. AWS recommends snapshot-based testing beforehand. The CLI command can check valid upgrade targets, leading from version 13 to 14, 15, 16, or 17. Preparation involves validating instance classes and dropping replication slots. Amazon RDS Blue/Green deployments allow for near-zero downtime by synchronizing production with a staging environment, enabling application testing before traffic switching. This feature is supported from Aurora PostgreSQL version 13.12 onward. Logical replication through pglogical offers flexibility for minimal downtime, while AWS DMS supports homogeneous migration with Change Data Capture. Extended Support is available for a fee, providing up to three years of security patches. Best practices include replicating production environments in staging, conducting load tests, and validating queries against new catalogs. Recent minor releases, including Aurora PostgreSQL 17.6 and 16.10, showcase ongoing improvements. Engaging AWS Support is advisable for complex setups to ensure seamless transitions before the deadline.

Tech Optimizer

January 28, 2026

Strategies for upgrading Amazon Aurora PostgreSQL and Amazon RDS for PostgreSQL from version 13

Standard support for PostgreSQL version 13 will end on February 28, 2026. Upgrading to newer PostgreSQL versions can enhance database performance and introduce new features. Notable enhancements in recent versions include: - Vacuum emergency mode (v14+) to manage old row versions. - Improved I/O performance (v17) with better write throughput. - Enhanced query optimization (v17+) for IN clauses and parallel BRIN index builds. - Memory efficiency improvements (v17) reducing vacuum memory usage. - Advanced monitoring features like pg_stat_io (v16+) and pg_wait_events (v17+). - Logical replication improvements such as failover support and slot migration (v17+). - Developer experience enhancements including JSONB subscripting (v14+) and SQL/JSON JSON_TABLE (v17+). - Security enhancements with new roles for access control (v14+) and maintenance tasks (v17+). For Amazon Aurora PostgreSQL-Compatible, upgrading to versions v14.9+, v15.4+, v16.1+, and higher can yield performance optimizations, including faster query latency and cost savings. Changes in system catalog views and configuration parameters have occurred in PostgreSQL versions 14 to 17, impacting application compatibility. Upgrade strategies include in-place upgrades, blue/green deployments, logical replication, and using AWS Database Migration Service (AWS DMS). If an immediate upgrade is not possible, Amazon RDS Extended Support offers up to three years of continued security patches and bug fixes beyond the standard support end date.

AppWizard

January 26, 2026

Surfshark stops updating app for older Android phones – check your version now

Surfshark has discontinued support for the Android 5.0 (Lollipop) operating system. Users are encouraged to upgrade to at least Android 6.0 to continue receiving official app support and security enhancements. The decision is part of Surfshark's strategy to focus on modern security standards and advanced features like post-quantum encryption, which cannot be securely managed on older Android kernels. Manual connections are still possible for legacy hardware, but upgrading is strongly recommended.

Winsage

January 26, 2026

Windows Terminal Preview 1.24 Fixes Paste Hangs, IME Bugs

Microsoft released Windows Terminal Preview version 1.24.10212.0 on January 24, aimed at fixing bugs and improving stability before the upcoming stable release, version 1.25. Key updates include: - Caption buttons now dim when the terminal window loses focus, aiding users in identifying the active window. - Custom themes' background colors are no longer overridden by transparency effects. - Compatibility with Chinese and Japanese Input Method Editors (IMEs) has been restored, enhancing usability for international users. - Security improvements have been made to reduce vulnerabilities, particularly against use-after-free bugs. - Stability fixes address crash scenarios, including issues during startup and when pasting large text blocks. - The distribution package has been simplified by removing the outdated TerminalAzBridge executable.

Winsage

January 15, 2026

Windows App forgets how to log in with first security update of the year

Microsoft's January security update, released on January 13, 2026, has caused connection and authentication failures for users of Azure Virtual Desktop and Windows 365, particularly affecting those using the Windows App. The update has resulted in credential prompt failures during Remote Desktop connections across all supported Windows versions, from Enterprise LTSC 2016 to Windows 11 25H2, as well as Windows Servers from 2019 to 2025. Microsoft is investigating the issue and plans to release an out-of-band update soon. Users have been advised to either uninstall the update or use the Remote Desktop Client or the Windows App web client as workarounds. Reports indicate persistent issues, including an "Unable to Authenticate" error when attempting to connect via the Windows App. Microsoft has also made a Known Issue Rollback available to address these credential problems.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

Tech Optimizer

January 10, 2026

Protect Yourself From the macOS Flaw that Bypasses Apple Privacy Controls

A newly identified macOS vulnerability, tracked as CVE-2025-43530, poses a significant risk by circumventing Apple’s privacy controls, potentially exposing users to malicious actors. This flaw arises from two vulnerabilities that allow hackers unauthorized access to systems by exploiting Apple-signed services and a timing gap in process verification. Hackers can execute AppleScript commands and access user files and microphone audio without triggering warnings. The VoiceOver screen reader service is a primary target for exploitation. Users are advised to update to macOS Tahoe 26.2, review app permissions, consider third-party antivirus solutions, and avoid downloading untrusted files to enhance security.

Winsage

December 28, 2025

Microsoft puts the brakes on speculation about a full Rust port of Windows

Microsoft has clarified that its initiative to explore migrating C and C++ codebases to Rust is primarily a research project, not a definitive plan to rewrite Windows in Rust by 2030. The company has been integrating Rust into specific areas of its operations, particularly in newer versions of Windows 11, to enhance security without overhauling existing systems. Microsoft has incorporated certain components of the Windows kernel in Rust but has not announced plans for a full migration of all kernel and user-space components. The project aims to develop tools for efficient analysis and partial automation of transferring large codebases to other programming languages, with AI-supported processes involved. Assertions that this research will lead to a complete Rust version of Windows are unsubstantiated.

Winsage

December 19, 2025

Microsoft Phases Out RC4 Encryption by 2026 to Bolster Windows Security

Microsoft has announced the phased discontinuation of the RC4 encryption cipher, with full implementation expected by mid-2026. RC4, created in 1987, has been increasingly recognized as a vulnerability, exploited in various high-profile cyberattacks. Microsoft plans to disable RC4 by default in Windows Kerberos authentication, encouraging organizations to transition to more secure alternatives like AES-256. This decision follows years of warnings from the cybersecurity community and aims to eliminate long-standing cryptographic weaknesses. The transition will require organizations to audit and upgrade their infrastructures, as many legacy applications still depend on RC4. Disabling RC4 is expected to reduce the success rates of attacks exploiting weak encryption. Microsoft has introduced tools to help administrators identify hidden RC4 usage. The change reflects a commitment to zero-trust architectures and aligns with recommendations from organizations like NIST. Experts recommend a multi-step approach for organizations to navigate this transition effectively.

Winsage

December 17, 2025

Microsoft security updates breaks MSMQ on older Win systems

Microsoft has acknowledged that Message Queuing (MSMQ) may fail on certain Windows 10 devices and older Windows Server versions after the December 2025 Security update. Reported issues include MSMQ queues becoming inactive, IIS sites generating "Insufficient resources to perform operation" errors, and applications failing to write to queues. System logs may show misleading messages about insufficient disk space or memory due to folder permissions and MSMQ's write access requirements. The root cause is linked to changes in the MSMQ security model and NTFS permissions for the C:WindowsSystem32MSMQstorage folder, which now requires write access typically restricted to administrators. This issue primarily affects Windows 10 versions 22H2 and earlier, as well as Windows Server versions 2012 to 2019, with minimal impact on Windows Home or Pro editions. Microsoft recommends contacting support for workarounds, and some users have resolved the issue by uninstalling the update, though this would remove security enhancements. The problems are confined to older operating systems often used by enterprises delaying upgrades.