security risk Archives

Winsage

May 1, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A security flaw in Windows RDP allows previously revoked credentials to remain functional after a password reset, enabling users to access their PCs with old passwords. Microsoft does not classify this issue as a bug, stating it is an intentional design to ensure at least one user account can always log in. This behavior is not flagged by Microsoft Defender, Azure, or Entra ID, and the company's documentation lacks clarity on the matter. Microsoft has been aware of this issue since at least August 2023 but has chosen not to modify the code, citing potential compatibility issues.

Winsage

April 29, 2025

This App Is the Easiest Way to Find, Install, and Update Software on Windows

Installing software on Windows can be tedious, requiring navigation through the Microsoft Store or manual downloads from official websites, which poses security risks due to potential malware downloads. Linux users benefit from streamlined software installation via package managers. Windows users can utilize a package manager called Winget for command-line installations, but UniGetUI offers a user-friendly visual interface for Winget and other package managers. UniGetUI allows users to search for and install applications easily, supports multiple package managers, and provides a Software Updates tab for managing updates across all sources. It also enables users to create and share bundles of applications for easy reinstallation.

Winsage

April 24, 2025

Windows 11’s crucial new ‘inetpub’ folder is laughably easy to hack

A new folder named "inetpub" appeared on many Windows PCs after an April update, initially thought to be a glitch. Microsoft later stated that this folder was introduced to enhance Windows security by addressing the CVE-2025-21204 vulnerability. However, security researcher Kevin Beaumont revealed that the inetpub folder could allow attackers to bypass critical security updates. Beaumont proposed creating a junction point in the C: directory to prevent the inetpub folder's creation, which would also block the installation of the April update and subsequent security updates, leaving PCs vulnerable. This situation could lead to error messages and failed update rollbacks, with attackers able to exploit these issues without elevated privileges. Beaumont has informed Microsoft about the problem, but a response has not yet been received.

Winsage

April 16, 2025

I disabled these 5 Windows services to improve my PC performance

Windows operating systems have numerous background services that can consume system resources and slow down performance. Users can improve responsiveness by disabling non-essential services. 1. Windows Search: Indexes files and data for quick searches; can tax CPU and RAM. To disable: press Ctrl + R, type services.msc, locate Windows Search, stop the service, and set Startup type to Disabled or Manual. 2. SysMain (formerly Superfetch): Preloads frequently used applications into memory but can lead to unnecessary disk activity on SSDs. To disable: access services.msc, find SysMain, stop the service, and set Startup Type to Disabled. 3. Windows Update Delivery Optimization: Shares update files with other PCs, consuming bandwidth. To disable: go to Settings -> Windows Update -> Advanced Options and turn it off. 4. Remote Desktop Services: Enables remote connections, which can drain resources and pose security risks. To disable: locate Remote Desktop Services in services.msc, stop it, and set Startup type to Disabled. 5. Connected User Experiences and Telemetry: Collects usage data and can transmit sensitive information. To disable: turn off the service and navigate to Settings -> Privacy & Security -> Diagnostics & Feedback to disable Diagnostic data. Additional services that may be disabled include Print Spooler, Fax, Bluetooth Support, and Windows Error Reporting Service for further performance optimization.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 3, 2025

Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges

Threat actors are exploiting CVE-2025-21333, a critical heap-based buffer overflow vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP), which allows local attackers to escalate privileges to the SYSTEM level. The vulnerability has a CVSS score of 7.8 and is actively exploited. It resides in the vkrnlintvsp.sys driver, which facilitates communication between the host OS and container-like virtual machines. A Proof of Concept (PoC) demonstrates exploitation through I/O ring buffer manipulation, allowing arbitrary read/write in kernel memory and SYSTEM-level privilege escalation. The PoC was developed by a group of researchers including @yarden_shafir and others. Affected systems include Windows 11 Version 23H2 and potentially Version 24H2, with specific binary hashes provided. Limitations of the PoC include the need for Windows Sandbox and potential system crashes due to overflow. Mitigation strategies involve updating systems, enabling protections like Hyper-V isolation, and monitoring for exploitation signs. Microsoft addressed this vulnerability in January 2025 Patch Tuesday updates, urging users to apply patches promptly.

Winsage

December 5, 2024

Microsoft does not want you running Windows 11 on an unsupported PC — here’s how it will pressure users

Microsoft is pushing users to transition to Windows 11, particularly those with unsupported hardware, as PCs lacking a TPM 2.0 chip will not be eligible for the operating system. A watermark will be introduced on PCs that do not meet the minimum system requirements, along with a notification in the Settings app informing users of their non-compliance. The message warns that installing Windows 11 on unsupported PCs is not recommended, may lead to compatibility issues, and will result in the loss of support and updates. Windows 10 support ends in October next year, increasing the urgency to upgrade. The hardware requirements, especially the need for a TPM 2.0 chip, have left many older PCs ineligible. While users can purchase a TPM 2.0 module for compatible motherboards, this option is unavailable for laptops. Unsupported PCs may face security risks due to a lack of updates, prompting antivirus companies to find ways to protect these systems. Microsoft's strict hardware criteria may alienate users, as many capable PCs are deemed obsolete.

AppWizard

November 24, 2024

New Google Play Store Leak—2.5 Billion Users Could Soon See Apps Vanish

Security is a major concern for the Google Play Store, which has 2.5 billion users and 2.25 million apps. Investigations have revealed modifications in the code of version 43.7.19-31 of the Google Play Store app, suggesting a new filtering mechanism that may allow users to exclude apps linking to external sources from search results and recommendations. The specifics of this filtering mechanism are unclear, with no supporting documentation available. There is speculation that this feature could enhance security by preventing malicious entities from redirecting users to external sources through apps. However, it remains uncertain why Google would implement this as an optional filter rather than a mandatory requirement.

Winsage

October 28, 2024

Tenable reveals vulnerability in Open Policy Agent for Windows

Tenable has identified a vulnerability, tracked as CVE-2024-8260, affecting all versions of Open Policy Agent (OPA) for Windows prior to version 0.68.0. This medium-severity Server Message Block (SMB) force-authentication vulnerability arises from improper input validation, allowing an arbitrary SMB share to be passed instead of a legitimate Rego file. This can lead to unauthorized access and the leakage of a user's Net-NTLMv2 hash, posing a significant security threat. Organizations using older versions of OPA on Windows are advised to update to version 0.68.0 to mitigate this risk.

Tech Optimizer

October 18, 2024

How to secure your devices: Updates, antivirus and mobile protection

Safeguarding devices against cyber threats is essential due to the sensitive personal and financial information they contain. Key security measures include regular software updates, robust antivirus solutions, and protective strategies for mobile devices. To update software and operating systems, users can enable automatic updates in Windows by navigating to Settings > Update & Security > Windows Update and turning on “Automatic Updates.” For macOS, users can go to System Preferences > Software Update and check the box for “Automatically keep my Mac up to date.” Manual checks for updates can be done in both systems through their respective update settings. Antivirus software targets traditional viruses, while anti-malware addresses a wider range of threats. When choosing security software, consider detection rates, system impact, and user interface. Regular scans can be scheduled through the antivirus software's dashboard, and both automatic updates and manual checks should be performed to ensure the latest virus definitions are used. For mobile device security, setting up screen locks is crucial. Android users can set this up in Settings > Security, while iOS users can do so in Settings > Face ID & Passcode or Touch ID & Passcode. Managing app permissions and keeping apps updated are also important for privacy and security. Users should regularly review app permissions and enable automatic updates in their app store settings. To protect against lost or stolen devices, users should activate the “Find My Device/App” feature available on both Android and iOS platforms, allowing them to track, lock, or erase their device remotely.