security risks Archives

Winsage

June 6, 2025

Microsoft applies the thumbscrews to Windows 10 users, telling them to upgrade to be on “the right side of risk”

Microsoft is urging Windows 10 users to upgrade to Windows 11 before support ends on October 14, 2025, citing security risks. Many users are reluctant to upgrade due to affordability and compatibility issues with their current hardware. The Linux community is responding by offering alternatives for users considering a switch away from Windows, with initiatives like the End of 10 project and support from KDE for maintaining older PCs.

Winsage

June 4, 2025

Microsoft accused of ‘tech extortion’ over Windows 10 support ending in campaign to get people to upgrade to Linux

KDE has launched a campaign called ‘KDE for Windows 10 Exiles’ to encourage Windows 10 users to switch to Linux as support for Windows 10 is set to end on October 14. The campaign warns that without updates, users will face increased security risks and be pressured to buy new hardware for Windows 11, which has stringent requirements that may render older PCs incompatible. The initiative also highlights environmental concerns related to electronic waste from discarded functioning machines. While Linux can extend the life of older hardware, transitioning to it may be challenging for less tech-savvy users. Some KDE contributors are involved in the existing ‘End of 10’ initiative, indicating a shared goal to attract users dissatisfied with Microsoft’s practices.

Winsage

May 30, 2025

Microsoft Brings Post-Quantum Security To Windows 11 And Linux

Microsoft is incorporating post-quantum cryptography (PQC) into Windows 11 and Linux platforms to enhance its security framework against potential threats from quantum computing. PQC functionalities are now available to Windows Insiders via the Canary Channel Build 27852 and on Linux through SymCrypt-OpenSSL version 1.9.0, allowing customers to test quantum-resistant encryption. Microsoft is enhancing its core cryptographic library, SymCrypt, with new PQC algorithms designed to withstand future quantum decryption capabilities. The company emphasizes the importance of "crypto agility," enabling systems to adapt to new algorithms as they develop. This initiative is part of Microsoft's ongoing commitment to global quantum-safe initiatives and aims to foster innovation and preparedness within the cybersecurity community.

Winsage

May 29, 2025

Microsoft is ruining Windows customization

Customizing a Windows PC has become increasingly complex and frustrating due to several factors. Microsoft has introduced more locked-down UI elements with Windows 10 and 11, which complicates the customization process. Frequent and substantial updates alter UI elements and introduce new features, creating challenges for developers of customization tools to maintain compatibility. Microsoft has also removed certain legacy features that facilitated customization, limiting the capabilities of these applications. Additionally, some customization apps are labeled as malware, discouraging users from installing them and hindering the customization ecosystem. As a result, many users feel that the joy of customizing their Windows experience has diminished, as streamlined interfaces lack the flair and personality of earlier versions.

Winsage

May 29, 2025

Machines running Windows 10 — even the latest version of 22H2 — will no longer receive security patches and updates. While Windows 10 will continue to function, it won’t be secure.

October 14, 2025, marks the end of support for Windows 10, meaning devices running this OS will stop receiving security patches and updates. Since the end of 2022, Windows 10 has only received security patches without new features. While it will continue to function, its security will be compromised. Organizations may need to consult IT professionals before relying on unsupported operating systems. It is also advisable to assess older infrastructure that may depend on outdated operating systems. Upgrading to Windows 11, specifically version 24H2, is recommended before the October 2025 deadline, as unsupported operating systems pose significant security risks.

Winsage

May 27, 2025

Microsoft Windows Warning—Do Not Install These Apps On Your PC

A recent advisory warns Microsoft users about malicious websites that install harmful applications on Windows PCs. Security researchers at DomainTools have identified a scheme where attackers create counterfeit websites resembling popular brands to trick users into downloading malware-laden applications. These applications deploy three types of malware: VenomRAT, StormKitty, and SilentTrinity, which can steal passwords and digital wallet information, and allow attackers to maintain control over compromised systems. The counterfeit sites impersonate well-known brands, including Bitdefender and various banks, highlighting the need for users to follow Microsoft's guidance on transitioning from passwords to passkeys. The attacks utilize open-source components, making them more efficient and adaptable. Users are advised to download software only from official websites, verify website addresses, and be cautious when entering credentials.

Winsage

May 26, 2025

Microsoft releases an update to tackle a built-in issue in Windows images, but who is it for?

Microsoft encourages users to adopt the latest version of Windows or a version eligible for monthly security updates to protect against security threats. Older Windows ISOs are vulnerable due to outdated security updates and antimalware software. Microsoft has released an update for Microsoft Defender to enhance the security of these older Windows images. This update includes the latest Microsoft Defender binaries, which must be applied offline to WIM and VHD files for Windows 11, Windows 10 (Enterprise, Pro, Home), Windows Server 2022, 2019, and 2016. The update improves both the anti-malware client and engine, with package sizes of 78.2 MB for ARM64, 128 MB for x86, and 132 MB for x64 systems. Users need a 64-bit version of Windows 10 or later, PowerShell 5.1 or later, and specific modules to implement the update. Regular updates every three months are recommended for optimal security.

Winsage

May 20, 2025

Securing the Model Context Protocol: Building a safer agentic future on Windows

The Model Context Protocol (MCP) is a lightweight, open protocol functioning as JSON-RPC over HTTP, facilitating standardized discovery and invocation of tools. MCP defines three roles: MCP Hosts (applications accessing capabilities), MCP Clients (initiators of requests), and MCP Servers (services exposing functionalities). Windows 11 will incorporate MCP to enable developers to create intelligent applications leveraging generative AI. An early preview of MCP capabilities will be available for developer feedback. MCP introduces security risks, including cross-prompt injection, authentication gaps, credential leakage, tool poisoning, lack of containment, limited security review, registry risks, and command injection. To address these, Windows 11's MCP Security Architecture will establish security requirements for MCP servers, ensuring user safety and transparency, enforcing least privilege, and implementing security controls like proxy-mediated communication, tool-level authorization, a central server registry, and runtime isolation. MCP servers must comply with security requirements, including mandatory code signing, unchanged tool definitions at runtime, security testing, mandatory package identity, and declared privileges. An early private preview of MCP server capability will be offered to developers post-Microsoft Build for feedback, with a secure-by-default enforcement strategy planned for broader availability. Microsoft aims to enhance defenses continuously and collaborate with partners to bolster MCP's security framework.

Winsage

May 19, 2025

Latest patch puts some Windows 10 machines in recovery loops

Many users are experiencing issues with Windows 10 versions 22H2 and Windows 10 Enterprise LTSC 2021, particularly those with Intel Trusted Execution Technology (TXT) on tenth-generation or later Intel processors with vPro support. Users who have BitLocker enabled and installed the KB5058379 patch released on May 13 may need their BitLocker recovery keys due to a bug causing lsass.exe to terminate unexpectedly, leading to an Automatic Repair cycle or a reboot loop. Microsoft has acknowledged the issue and is working on an Out-of-band update. Meanwhile, workarounds, such as disabling TXT, pose security risks. Microsoft also announced significant layoffs affecting thousands of employees.

Tech Optimizer

May 19, 2025

Microsoft Defender deactivated by new tool

The OpenEoX Technical Committee, part of OASIS, has introduced a draft framework to standardize end-of-life security notices for software and hardware, involving companies like Microsoft, Cisco, Oracle, IBM, Dell, and RedHat. The framework aims to provide clear communication about the security status of technology, helping organizations manage risks associated with legacy systems. It outlines a structured approach for notifying users about end-of-life status, enabling informed decisions on upgrades or replacements to improve security.