security risks Archives

Winsage

May 20, 2025

Securing the Model Context Protocol: Building a safer agentic future on Windows

The Model Context Protocol (MCP) is a lightweight, open protocol functioning as JSON-RPC over HTTP, facilitating standardized discovery and invocation of tools. MCP defines three roles: MCP Hosts (applications accessing capabilities), MCP Clients (initiators of requests), and MCP Servers (services exposing functionalities). Windows 11 will incorporate MCP to enable developers to create intelligent applications leveraging generative AI. An early preview of MCP capabilities will be available for developer feedback. MCP introduces security risks, including cross-prompt injection, authentication gaps, credential leakage, tool poisoning, lack of containment, limited security review, registry risks, and command injection. To address these, Windows 11's MCP Security Architecture will establish security requirements for MCP servers, ensuring user safety and transparency, enforcing least privilege, and implementing security controls like proxy-mediated communication, tool-level authorization, a central server registry, and runtime isolation. MCP servers must comply with security requirements, including mandatory code signing, unchanged tool definitions at runtime, security testing, mandatory package identity, and declared privileges. An early private preview of MCP server capability will be offered to developers post-Microsoft Build for feedback, with a secure-by-default enforcement strategy planned for broader availability. Microsoft aims to enhance defenses continuously and collaborate with partners to bolster MCP's security framework.

Winsage

May 19, 2025

Latest patch puts some Windows 10 machines in recovery loops

Many users are experiencing issues with Windows 10 versions 22H2 and Windows 10 Enterprise LTSC 2021, particularly those with Intel Trusted Execution Technology (TXT) on tenth-generation or later Intel processors with vPro support. Users who have BitLocker enabled and installed the KB5058379 patch released on May 13 may need their BitLocker recovery keys due to a bug causing lsass.exe to terminate unexpectedly, leading to an Automatic Repair cycle or a reboot loop. Microsoft has acknowledged the issue and is working on an Out-of-band update. Meanwhile, workarounds, such as disabling TXT, pose security risks. Microsoft also announced significant layoffs affecting thousands of employees.

Tech Optimizer

May 19, 2025

Microsoft Defender deactivated by new tool

The OpenEoX Technical Committee, part of OASIS, has introduced a draft framework to standardize end-of-life security notices for software and hardware, involving companies like Microsoft, Cisco, Oracle, IBM, Dell, and RedHat. The framework aims to provide clear communication about the security status of technology, helping organizations manage risks associated with legacy systems. It outlines a structured approach for notifying users about end-of-life status, enabling informed decisions on upgrades or replacements to improve security.

AppWizard

May 14, 2025

APK Full Form in Android: Explained for Gamers and App Lovers

APK stands for Android Application Package, which is a file format essential for distributing, installing, and managing mobile applications on the Android platform. An APK contains all the necessary code, resources, and instructions for an app to run on Android devices. Key components of an APK include DEX files (app code), assets and resources (images, sounds, layouts), certificates and security signatures (for verification), and the AndroidManifest.xml file (which outlines permissions and components). When an app is installed, the APK is unpacked, permissions are granted, and its integrity is verified through digital signatures. APK files support various applications and games, allowing for manual installations and updates, and they ensure universal compatibility across devices. Users can adjust security settings to allow installations from unknown sources, but Android restricts this by default for safety.

Winsage

May 13, 2025

‘End of 10’ offers hope and help to Windows 10 users who can’t upgrade

- Support for Windows 10 will cease on October 14, 2025. - Microsoft is encouraging users to purchase new computers. - Linux is presented as a faster, more secure alternative to Windows. - The End of 10 campaign provides resources and support for users transitioning to Linux. - The campaign includes links to PC shops and user groups worldwide. - It offers a guide for installing Linux and lists benefits such as lower costs, no ads or data tracking, environmental friendliness, community support, and enhanced user control. - The campaign organizes events for Linux installation assistance in various countries. - The initiative is a collaboration among several individuals from different organizations. - End of 10 maintains public channels on Matrix and a mailing list, and is present on the Fediverse for outreach.

AppWizard

May 9, 2025

Gemini fuels Chrome for Android with enhanced scam and spam protection

Google has announced a new security feature for Chrome on Android that uses machine learning through its Gemini intelligence to alert users about potential scams, spam, and unwanted notifications from malicious websites. This update allows Chrome to analyze website notifications more effectively, enhancing user protection. In September, Google also updated Chrome's Safety Check for Android, which now includes improved background tasks, notification alerts, and scans for security risks in passwords and installed extensions. The machine learning model was trained using synthetic data evaluated against real notifications to ensure effectiveness. The enhancements aim to provide a stronger defense against online threats.

AppWizard

May 6, 2025

Google Play update may break apps on Android 12 and older

Google will implement an update to its Play Integrity API in May 2025, affecting devices running Android 12 or earlier. This update coincides with the end of security updates for these older versions, potentially leading to app failures and increased vulnerability to cyber threats. Developers will need to revise their applications to comply with the new API standards, while users on outdated systems may face degraded performance or complete app failures. The urgency to upgrade to Android 13 or newer is emphasized for both users and developers.

Winsage

May 4, 2025

Microsoft explains why Windows 11 Copilot+ PCs are way better than old Windows 10 ones

Microsoft is encouraging users to transition from Windows 10 to Windows 11, especially as support for Windows 10 will end on October 14, 2025. Upgrading to Windows 11 on new devices, such as the Surface Copilot+ PCs, can enhance productivity, with workflows reportedly running up to 50% faster compared to older devices. Organizations using Windows 11 Pro have experienced a 62% reduction in security incidents, and features like Secure Boot can reduce firmware attacks by three times. Additionally, deployment of these systems is approximately 25% faster, aiding IT teams in transitioning users efficiently.

Winsage

May 3, 2025

Windows 11 24H2 is finally available for all, but here’s why your PC may still not get it

Microsoft has made Windows 11 version 24H2, also known as the 2024 Update, available to a wider audience. This update includes enhancements such as a revamped File Explorer, an updated Start menu with Phone Link, improved Power Settings, video call enhancements, and AI-related features. The update is accessible via Windows Update for eligible PCs not managed by IT departments, and users can check for updates in Settings. However, some users may face a compatibility hold, particularly those using the sprotect.sys driver, which prevents the update from appearing. Manual updates can be performed using the Windows Installation Assistant or Media Creation Tool, but caution is advised due to potential stability issues. Windows 11 23H2 support will continue until November, and delaying the upgrade beyond this date could expose systems to security risks.

Winsage

May 3, 2025

Microsoft’s Free Upgrade Offer Hits New High—Check Your Windows PC Now

Microsoft is alerting Windows users about a significant cyber threat as many PCs will stop receiving essential security updates. A free upgrade to Windows 11 is recommended, which offers enhanced security, but 240 million users remain at risk. Microsoft encourages users with outdated PCs to transition to Windows 11, which requires a TPM 2.0 security module. As of April, Windows 11's adoption has reached 44%, while 53% of users are still on Windows 10, though this percentage is declining. The gap between Windows 11 and Windows 10 usage has narrowed to within 10%. Users unable to upgrade may face security risks and should consider safer alternatives, including transitioning to passkeys instead of passwords for their Microsoft accounts.