Security Patch Archives

Winsage

April 10, 2025

A mysterious new folder appeared in my C drive after this Windows 11 update, should I be worried?

The Windows 11 24H2 update (KB5055523) has resulted in the unexpected appearance of a folder named "inetpub" on user systems. This folder is a harmless remnant of the security patch and is associated with Microsoft's Internet Information Services (IIS). Microsoft has not provided clarification on its emergence, but it is safe to delete if desired, as it poses no threat and does not run any hidden processes.

AppWizard

April 10, 2025

One UI 7 brings Live Notifications for your favorite media apps, including YouTube and Spotify

Samsung's One UI version 7 has begun rolling out, introducing features that enhance media playback, including Live Notifications for real-time control over media applications from the notification shade. Users can receive ongoing media playback notifications from apps like Spotify, YouTube, and YouTube Music, although Netflix does not show notifications during local playback but does support live notifications when casting. To access these features, users must have the latest builds of One UI 7, particularly those with the April 2025 security patch. The update also hints at cross-device synchronization for media playback control without needing to be on the same Wi-Fi network. Currently, YouTube allows playback controls for connected smart devices but typically requires the same Wi-Fi network.

Winsage

April 10, 2025

Microsoft’s Free Upgrade Offer For 500 Million Windows Users

Microsoft has announced that Windows 10 will reach its end-of-life date on October 14, leaving approximately 750 million users vulnerable without critical security updates unless they opt for paid support. Currently, 53% of users, or around 240 million, are still on Windows 10 and may lack the hardware for a free upgrade to Windows 11. A critical zero-day vulnerability, CVE-2025-29824, poses risks to Windows 10 users, and Microsoft has indicated that outdated versions will not receive necessary security patches. Recent updates to Windows 10 have caused issues, including the removal of certain features and bugs affecting Outlook Calendar and Office 2016 applications.

Winsage

April 10, 2025

Windows Hello is the latest casualty of Microsoft’s buggy update history

Users are experiencing a bug related to the Windows security patch KB5055523, affecting those on Windows 11 24H2 and Windows Server 2025. The issue arises when users with Dynamic Root of Trust for Measurement (DRTM) or System Guard Secure Launch enabled use the “Reset this PC” feature while selecting “Keep my Files,” resulting in lockouts and error messages during login. Microsoft has provided workarounds to regain access to PINs and facial recognition settings. Additionally, there is a separate issue with the uninstallation of Copilot on some PCs due to a Windows update bug, and a safeguard hold is causing blue or black screen errors on devices using SenseShield’s sprotect.sys driver.

Winsage

April 10, 2025

Patch Tuesday leaves some users unable to login to Windows

A recent patch bundle released by Microsoft has caused login issues for some users of Windows Hello on Windows 11 and Server 2025, particularly those with System Guard Secure Launch or Dynamic Root of Trust for Measurement enabled. Affected users may need to reset their login PIN or biometric settings. The problematic patch is KB5055523, which addresses vulnerabilities including CVE-2025-29824, currently exploited by ransomware. Additionally, the March patch KB5053656 has been linked to various issues but also includes enhancements such as bug fixes and new features like Copilot+. Windows 10 users have now received a patch for the CVE-2025-29824 vulnerability.

Winsage

March 22, 2025

Windows Shortcut Zero-Day Under Active Attack

A zero-day vulnerability in Windows shortcut (.lnk) files has been exploited by state-sponsored hacking groups since 2017, allowing attackers to execute arbitrary code on compromised systems. Microsoft has classified this vulnerability as “not meeting the bar servicing,” meaning no security updates will be issued. Trend Micro tracks it as ZDI-CAN-25373 and has linked it to cyber-espionage campaigns involving 11 nation-state actors from countries like North Korea, Iran, Russia, and China. Nearly 1,000 malicious .lnk samples exploiting this flaw have been identified, with many more potentially undetected. Attackers often use phishing emails to deliver these malicious files, which can download additional malware, granting full control over the compromised machine. Organizations are advised to scan their systems and implement security measures against this vulnerability.

Winsage

March 20, 2025

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Almost a dozen state-sponsored threat groups from nations including China, Russia, Iran, and North Korea are exploiting a security vulnerability in Microsoft Windows, identified as ZDI-CAN-25373, to conduct espionage and gather sensitive information. This vulnerability affects how Windows handles .lnk files, allowing attackers to execute hidden malicious commands. Since 2017, these groups have targeted government, military, and critical infrastructure organizations globally, with 11 state-sponsored groups identified, primarily focusing on espionage (70%) and financial motives (20%). North Korea accounts for 45.5% of the exploitation, with Iran and Russia at 18.2% each, and China at 18.1%. The United States has experienced the most attacks (343 incidents), followed by Canada (39), Russia (25), and South Korea (23). Despite being notified, Microsoft does not plan to issue a patch for this vulnerability, categorizing it as "low severity."

Winsage

March 19, 2025

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Microsoft has identified a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071, with a CVSS score of 7.5. This vulnerability affects various versions of Windows, including Windows 10 (multiple versions), Windows 11 (multiple versions), and Windows Server (multiple versions). Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files containing a malicious SMB path, potentially exposing the user's NTLM hash. Microsoft has released a security patch for supported product versions, and affected users are advised to install it promptly. Users can check their system's vulnerability status by verifying their version and patch information through specific commands.

Winsage

March 18, 2025

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.

Winsage

March 11, 2025

: Microsoft fixes Windows 11 File Explorer’s more annoying issues for Patch Tuesday

Windows 11 users can find relief from bugs in File Explorer with the KB5053598 update, released as part of Microsoft's Patch Tuesday. This update addresses issues such as mislabeling of hard drives as solid-state drives, color mismatches in the Start menu, improved loading times for folders with many media files, a non-responsive address bar, and enhanced context menu support for cloud files. The update also introduces new features like the ability to share files from the taskbar jump list, hover information for Windows Spotlight background images, and improved navigation functions for the Narrator. Additionally, it includes fixes for Hyper-V, Daylight Saving Time updates for Paraguay, and Remote Desktop display issues. Older versions of Windows receive standard security fixes without significant changes.