security patches Archives

Winsage

February 20, 2025

Can’t quit Windows 10? You can pay Microsoft for updates after October, or try these alternatives

An ESU subscription allows customers to receive updates automatically through Windows Update, with updates also available for individual download via the Microsoft Update Catalog. Customers can set reminders to check for updates after their release, typically on the second Tuesday of each month. For a more streamlined approach, the third-party service 0patch offers critical security patches for Windows 10 for at least five years after the end-of-support date, costing between and per PC annually. 0patch provides "micropatches" for vulnerabilities discovered after October 14, 2025, which are small and applied to running processes without altering Microsoft's original files. Unauthorized alternatives, like PowerShell activation scripts from the Massgrave hacking collective, allow users to bypass Microsoft's licensing agreements for a free three-year ESU subscription, but using these scripts is illegal and poses significant risks to businesses.

Winsage

February 19, 2025

Valve’s monthly survey reveals that almost 45% of Steam users on PC are still using Windows 10 even with the sword of Damocles hanging over them

As of January 2025, 44.41% of PC users are still operating on Windows 10, which is set to lose support in October 2025. Windows 11, released in 2021, has demanding system requirements that deter users with older hardware from upgrading. Many Steam users on Windows 10 may include internet cafes, where maintaining hardware is challenging. The end of support for Windows 10 means users will no longer receive updates or security patches, increasing risks associated with continued use. Resources are available to assist users in transitioning from Windows 10.

Winsage

February 18, 2025

Windows 10 Approaches Its End of Life: What You Need to Know

Microsoft has announced that Windows 10 will reach its end of support on October 14, 2025, meaning it will no longer receive security updates, bug fixes, or technical support. Users will be left vulnerable to malware and other cyber threats, and existing system issues will remain unresolved. Microsoft recommends upgrading to Windows 11, which offers new features, improved performance, and enhanced security. Users can upgrade to Windows 11 through Windows Update if their devices meet the system requirements. If not, they may need to consider new hardware. While Windows 10 will still receive security updates until the end of support date, it will not receive new features, prompting users to plan their migration to avoid security risks. It is advised to back up important data before transitioning to ensure a smooth upgrade process.

Winsage

February 17, 2025

Windows 10: ESU-bypass to extend updates is working already reportedly

Microsoft will end support for Windows 10 in October 2025, which will result in the loss of crucial updates and security patches for users. The Extended Security Updates (ESU) program, initially for Windows 7, has been expanded to include Windows 10 home users, allowing a one-year extension for a fee, while business customers can extend support for three years or more. There are methods discovered that allow users to bypass the ESU for Windows 7, enabling updates for five years post-support. Preliminary tests suggest a similar bypass may be possible for Windows 10, allowing updates after the official end of support in October 2024, but the legal implications are unclear. Users unable to upgrade to Windows 11 due to hardware requirements must consider options like the ESU program or micro-patching services such as 0Patch, which offers security patches for Windows 10 until at least 2030 for an annual fee.

Winsage

February 17, 2025

Windows 11 and 10 receive key security improvements

Microsoft has released significant updates for Windows 11 and Windows 10, focusing on system security and user-friendly features. The February 2025 update includes security patches and functional improvements for both operating systems. For Windows 11 users on versions 23H2 and 24H2, notable features include automatic tab restoration in File Explorer, quick access to Windows Studio Effects from the taskbar for devices with Neural Processing Units (NPU), refined taskbar app preview animations, and improvements to Auto HDR for better visual clarity in games. Additionally, issues with slow shutdowns when game controllers are connected and USB camera recognition have been addressed. For Windows 10 users on builds 19044.5487 and 19045.5487, the update integrates the new Outlook app into the system menu while preserving existing email settings and fixes a virtual memory leak issue that caused crashes in resource-intensive applications. Both updates address 55 security vulnerabilities, including: - CVE-2025-21391: risk of unauthorized file deletion in Windows storage - CVE-2025-21377: NTLM hash leakage potentially compromising user accounts - CVE-2025-21194: flaw in the hypervisor that could bypass UEFI security Users are advised to install these updates promptly due to the increased risk of exploitation. Some features will be rolled out gradually over the coming weeks.

Tech Optimizer

February 17, 2025

Mac users beware: AI-powered malware threats are on the rise

Apple devices, particularly Macs, are facing an increase in cyberattacks, with a new wave of sophisticated malware targeting sensitive data. The emergence of Atomic Stealer (AMOS) in mid-2023 marked a shift from less harmful adware to more serious threats, with AMOS being marketed as a user-friendly service. By mid-2024, Poseidon became the leading Mac information stealer, responsible for 70% of infections and capable of draining various cryptocurrency wallets and capturing sensitive credentials. Cybercriminals are also using malvertising to lure users into downloading disguised malware. Android users are experiencing an even more severe situation, with a significant rise in phishing attacks. In 2024, researchers identified 22,800 malicious apps designed for phishing, along with thousands capable of reading one-time passwords (OTPs). These apps often mimic legitimate software and can easily infiltrate app stores, including Google Play. While Google Play Protect offers some malware protection, it is not entirely effective. To protect against malware threats, it is recommended to use strong antivirus software, be cautious with downloads and links, keep software updated, use strong and unique passwords, and enable two-factor authentication (2FA) for critical accounts.

Winsage

February 13, 2025

Windows 10 users get surprise free upgrade Windows 11 has enjoyed for months

Windows 10, launched in 2015, is nearing the end of its lifecycle, with Microsoft announcing that support will conclude after October 2023. Users will no longer receive complimentary software updates for security and functionality. Microsoft has released the new Outlook app for Windows 10 users through the KB5051974 cumulative update, which includes essential security patches. This new version will coexist with the classic Outlook, providing users with two icons on their desktops. The update also addresses bugs affecting the Snipping Tool and audio and camera performance. After October 2025, users on Windows 10 will not receive free updates. Upgrading to Windows 11 is an option, but users must meet minimum system requirements to avoid performance issues. Microsoft advises users on underpowered devices to revert to Windows 10 if they experience problems after upgrading.

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

Winsage

February 12, 2025

Microsoft issues Windows 11 alert and says to ‘roll back to Windows 10’ now

Windows 10 will reach its end of life on October 14, 2025, after which Microsoft will stop providing free updates and security patches. Users can transition to Windows 11 by purchasing a new laptop with it pre-installed, opting for Extended Security Updates (ESUs) for older machines, or upgrading existing devices. Windows 11 has specific system requirements, including a Trusted Platform Module (TPM) version 2.0. Microsoft warns that installing Windows 11 on incompatible hardware will result in a watermark and operational issues. A PC Health Check tool is available to assess device compatibility with Windows 11. The minimum requirements for running Windows 11 include a 1 GHz processor with 2 or more cores, 4 GB RAM, 64 GB storage, UEFI firmware with Secure Boot, TPM 2.0, a DirectX 12 compatible graphics card, and a high-definition display.

Winsage

February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.