security patches Archives

Winsage

December 28, 2024

Microsoft Warns Millions Of Windows Users—Do Not Install This Update On Your PC

Microsoft has issued a warning for Windows users about the installation process for Windows 11 24H2, indicating that a mistake during installation could prevent devices from receiving future Windows security updates. Users installing Windows 11 24H2 with the October or November 2024 security updates via USB or external drives may disrupt Windows Update functionality, as the version is shipped without these specific patches. The issue occurs only when installation media includes these updates; devices receiving updates through the standard Windows Update process are not affected. Microsoft suggests using the Media Creation Tool to create new installation media if users encounter issues with cumulative updates after installing Windows 11 24H2. The company acknowledges that the situation affects only a small number of PCs, though the number of affected users may be higher than initially thought. Microsoft is working on a permanent solution and advises users to use the December 2024 security update to avoid complications with media-based installations.

Winsage

December 28, 2024

Unable to install security updates after freshly installing Windows 11? You’re not alone

A bug in the recent installation media for Windows 11 prevents users from installing the latest security updates if the media includes the October 2024 or November 2024 security patches. Microsoft has acknowledged that this issue occurs only when using installation media, such as CD and USB flash drives, created in the last few months with these updates. The problem does not affect devices that receive the updates via Windows Update or the Microsoft Update Catalog. Users are advised to avoid installation media with the October or November 2024 patches and instead use media with the September 2024 or December 2024 patches. Some users have found success using the "Fix Windows Update" button in the Recovery section of Windows Settings, and the official Windows 11 ISO tool can create an installation image without the problematic patches.

Winsage

December 27, 2024

Microsoft confirms Windows 11 24H2 installation issues, newer updates fail for some PCs

Windows 11 24H2 is a stable update compared to its predecessors, but users may face a significant bug that prevents new cumulative updates from installing if they used an updated ISO during installation. The issue arises when using a USB drive or other media to install Windows 11 24H2 with the October or November 2024 security updates, which can disrupt Windows Update. Problems can occur when using third-party tools to create a custom installation or modifying installation media, leading to conflicts with Windows Update. Microsoft does not provide additional ISO files with integrated newer updates, and users who customize their installation media may be unable to apply future updates. Microsoft has acknowledged that this issue affects a small number of PCs and recommends using the Media Creation Tool to create new installation media and reinstall the operating system as a workaround. A fix is expected to be addressed in January.

Winsage

December 27, 2024

Microsoft Warns Windows Users—Do Not Update Your PC This Way

Microsoft has issued an advisory for Windows users regarding potential issues when updating to Windows 11 version 24H2 using external media. If users create installation media that includes the October or November 2024 security updates, their devices may end up in a state where they cannot accept further Windows security updates. This problem does not affect devices that receive updates through the standard Windows Update process. The issue is reported to impact only a small number of users, and Microsoft recommends using the Media Creation Tool to create new media and reinstall the operating system if users encounter update problems.

Winsage

December 26, 2024

A Windows 11 update bug is leaving devices without security patches: here’s how to dodge it

Several Windows 11 users who installed the 24H2 update via USB or CD are experiencing issues that block future security patches. Microsoft issued a warning on Christmas Eve about a known issue affecting users who installed the October or November updates through external media, indicating that devices using this installation method may be unable to receive subsequent Windows security updates. This problem is specific to installations that included the October 2024 or November 2024 security updates. Users who updated through Windows Update or downloaded the update from the catalog are not affected. Microsoft advises against installing the 24H2 update via USB or CD and suggests affected users either wait for a fix or uninstall the update.

Winsage

December 24, 2024

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe released out-of-band security updates to address a critical vulnerability in ColdFusion, identified as CVE-2024-53961, which is a path traversal weakness affecting ColdFusion versions 2023 and 2021. This flaw could allow attackers to read arbitrary files on compromised servers. Adobe categorized the flaw with a "Priority 1" severity rating and urged administrators to apply the emergency security patches—ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12—within 72 hours. The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the risks associated with path traversal vulnerabilities and previously mandated federal agencies to secure their Adobe ColdFusion servers against other critical vulnerabilities by August 10, 2023. CISA also noted that hackers had been exploiting another ColdFusion vulnerability targeting outdated government servers since June 2023.

Winsage

December 20, 2024

Microsoft warns of Windows 10 upgrade ‘malfunction’ – see if you’ll be affected

Microsoft will stop providing security updates for Windows 10 starting in October of next year. Users can either upgrade to Windows 11 or pay an annual fee of £24 for Extended Security Updates (ESUs) to maintain security on their Windows 10 devices. Windows 11 has minimum system requirements of a 1GHz processor, 4GB RAM, and 64GB storage. Users with devices that do not meet these requirements are advised to purchase a new PC or opt for ESUs. Installing Windows 11 on unsupported devices is possible but not recommended, as it may lead to compatibility issues and will display a watermark. Users can revert to Windows 10 via Settings > System > Recovery. Windows 11 features AI-powered tools, enhanced security, and improved user experience.

Winsage

December 17, 2024

Leaving Windows 10 for Linux? 5 security differences to consider first

Linux is generally considered to offer superior security compared to Windows, with the author having experienced only one significant security incident in nearly three decades of use. 1. Windows 10 includes Windows Defender as a default firewall, while many Linux distributions, such as Ubuntu and Fedora, do not have their firewalls enabled by default. Linux firewalls allow for detailed configurations, although default settings are often sufficient for most users. 2. In Windows, administrative tasks can often be performed with a simple confirmation, whereas Linux requires users to enter their password for administrative actions using the sudo command, enhancing security. 3. Windows 10 has limited user-configurable permissions, while Linux provides comprehensive control over file and folder permissions through both command line and GUI options, contributing to its enhanced security reputation. 4. Antivirus and antimalware solutions are essential for Windows users to protect against threats, while Linux does not require such software due to its design prioritizing user permissions and advanced security measures. 5. Linux responds rapidly to vulnerabilities, often releasing patches within hours, unlike Windows, which may take weeks to address vulnerabilities and follows a Patch Tuesday schedule for updates.

Tech Optimizer

December 16, 2024

AI-powered deception: The sneaky macOS malware masquerading as your next video call

Artificial intelligence (AI) is being used by cybercriminals to enhance their scams, exemplified by a malware called Realst that masquerades as video-calling software. This malware targets macOS and Windows users and has been active for about four months. The hackers behind Realst operate under the fake company name "Meetio" and have used various aliases. They employ social engineering tactics, often contacting victims through platforms like Telegram, presenting fraudulent business opportunities, and leading them to download the malware from a deceptive website. Once installed, Realst scans for sensitive information, organizes it, and sends it to a remote server. It can extract credentials from applications like Telegram and web browsers. To protect against such malware, users are advised to verify software sources, be cautious of unexpected contacts, enable two-factor authentication, use strong passwords, keep software updated, and consider personal data removal services.

Winsage

December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.