security risk Archives

Winsage

May 28, 2025

Microsoft’s New Windows Update — What It Means For Your Apps

Microsoft is introducing a new Windows Update orchestration platform aimed at creating a unified update strategy that integrates apps, drivers, and all updateable components into a single system. This initiative follows challenges with the current update process, including a controversial security update that caused issues for users. The new platform is currently available for developers and app product teams to explore, and it aims to provide a more cohesive and efficient update experience.

Winsage

May 22, 2025

Signal now blocks Microsoft Recall screenshots on Windows 11

Signal has introduced a "screen security" feature in its Windows application to enhance user privacy by preventing Microsoft's AI-driven Recall functionality from capturing content displayed within the app. This feature is active by default on all Windows 11 devices and sets a Digital Rights Management (DRM) flag on Signal's app windows. Recall, launched in May 2024, captures screenshots of active windows and has raised privacy concerns, leading Microsoft to make it optional and implement various security enhancements. Users can disable Signal's screen security but will be warned about potential privacy risks. Signal's developer, Joshua Lund, highlighted ongoing concerns regarding privacy in applications like Signal and called for a balance between privacy and accessibility in AI technologies.

Winsage

May 1, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A security flaw in Windows RDP allows previously revoked credentials to remain functional after a password reset, enabling users to access their PCs with old passwords. Microsoft does not classify this issue as a bug, stating it is an intentional design to ensure at least one user account can always log in. This behavior is not flagged by Microsoft Defender, Azure, or Entra ID, and the company's documentation lacks clarity on the matter. Microsoft has been aware of this issue since at least August 2023 but has chosen not to modify the code, citing potential compatibility issues.

Winsage

April 29, 2025

This App Is the Easiest Way to Find, Install, and Update Software on Windows

Installing software on Windows can be tedious, requiring navigation through the Microsoft Store or manual downloads from official websites, which poses security risks due to potential malware downloads. Linux users benefit from streamlined software installation via package managers. Windows users can utilize a package manager called Winget for command-line installations, but UniGetUI offers a user-friendly visual interface for Winget and other package managers. UniGetUI allows users to search for and install applications easily, supports multiple package managers, and provides a Software Updates tab for managing updates across all sources. It also enables users to create and share bundles of applications for easy reinstallation.

Winsage

April 24, 2025

Windows 11’s crucial new ‘inetpub’ folder is laughably easy to hack

A new folder named "inetpub" appeared on many Windows PCs after an April update, initially thought to be a glitch. Microsoft later stated that this folder was introduced to enhance Windows security by addressing the CVE-2025-21204 vulnerability. However, security researcher Kevin Beaumont revealed that the inetpub folder could allow attackers to bypass critical security updates. Beaumont proposed creating a junction point in the C: directory to prevent the inetpub folder's creation, which would also block the installation of the April update and subsequent security updates, leaving PCs vulnerable. This situation could lead to error messages and failed update rollbacks, with attackers able to exploit these issues without elevated privileges. Beaumont has informed Microsoft about the problem, but a response has not yet been received.

Winsage

April 16, 2025

I disabled these 5 Windows services to improve my PC performance

Windows operating systems have numerous background services that can consume system resources and slow down performance. Users can improve responsiveness by disabling non-essential services. 1. Windows Search: Indexes files and data for quick searches; can tax CPU and RAM. To disable: press Ctrl + R, type services.msc, locate Windows Search, stop the service, and set Startup type to Disabled or Manual. 2. SysMain (formerly Superfetch): Preloads frequently used applications into memory but can lead to unnecessary disk activity on SSDs. To disable: access services.msc, find SysMain, stop the service, and set Startup Type to Disabled. 3. Windows Update Delivery Optimization: Shares update files with other PCs, consuming bandwidth. To disable: go to Settings -> Windows Update -> Advanced Options and turn it off. 4. Remote Desktop Services: Enables remote connections, which can drain resources and pose security risks. To disable: locate Remote Desktop Services in services.msc, stop it, and set Startup type to Disabled. 5. Connected User Experiences and Telemetry: Collects usage data and can transmit sensitive information. To disable: turn off the service and navigate to Settings -> Privacy & Security -> Diagnostics & Feedback to disable Diagnostic data. Additional services that may be disabled include Print Spooler, Fax, Bluetooth Support, and Windows Error Reporting Service for further performance optimization.

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 3, 2025

Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges

Threat actors are exploiting CVE-2025-21333, a critical heap-based buffer overflow vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP), which allows local attackers to escalate privileges to the SYSTEM level. The vulnerability has a CVSS score of 7.8 and is actively exploited. It resides in the vkrnlintvsp.sys driver, which facilitates communication between the host OS and container-like virtual machines. A Proof of Concept (PoC) demonstrates exploitation through I/O ring buffer manipulation, allowing arbitrary read/write in kernel memory and SYSTEM-level privilege escalation. The PoC was developed by a group of researchers including @yarden_shafir and others. Affected systems include Windows 11 Version 23H2 and potentially Version 24H2, with specific binary hashes provided. Limitations of the PoC include the need for Windows Sandbox and potential system crashes due to overflow. Mitigation strategies involve updating systems, enabling protections like Hyper-V isolation, and monitoring for exploitation signs. Microsoft addressed this vulnerability in January 2025 Patch Tuesday updates, urging users to apply patches promptly.

Winsage

December 5, 2024

Microsoft does not want you running Windows 11 on an unsupported PC — here’s how it will pressure users

Microsoft is pushing users to transition to Windows 11, particularly those with unsupported hardware, as PCs lacking a TPM 2.0 chip will not be eligible for the operating system. A watermark will be introduced on PCs that do not meet the minimum system requirements, along with a notification in the Settings app informing users of their non-compliance. The message warns that installing Windows 11 on unsupported PCs is not recommended, may lead to compatibility issues, and will result in the loss of support and updates. Windows 10 support ends in October next year, increasing the urgency to upgrade. The hardware requirements, especially the need for a TPM 2.0 chip, have left many older PCs ineligible. While users can purchase a TPM 2.0 module for compatible motherboards, this option is unavailable for laptops. Unsupported PCs may face security risks due to a lack of updates, prompting antivirus companies to find ways to protect these systems. Microsoft's strict hardware criteria may alienate users, as many capable PCs are deemed obsolete.

AppWizard

November 24, 2024

New Google Play Store Leak—2.5 Billion Users Could Soon See Apps Vanish

Security is a major concern for the Google Play Store, which has 2.5 billion users and 2.25 million apps. Investigations have revealed modifications in the code of version 43.7.19-31 of the Google Play Store app, suggesting a new filtering mechanism that may allow users to exclude apps linking to external sources from search results and recommendations. The specifics of this filtering mechanism are unclear, with no supporting documentation available. There is speculation that this feature could enhance security by preventing malicious entities from redirecting users to external sources through apps. However, it remains uncertain why Google would implement this as an optional filter rather than a mandatory requirement.