Security update Archives

Winsage

May 17, 2025

9 Months Later, Microsoft Finally Fixes Linux Dual-Booting Bug

In August 2024, a security update aimed at improving Secure Boot disrupted dual-booting of Windows and Linux due to a vulnerability in the GRUB bootloader. This allowed malicious actors to bypass Secure Boot protections. Microsoft released a patch, KB5058385, on May 13, 2025, to resolve the issue by enhancing the Secure Boot Advanced Targeting (SBAT) system's ability to recognize legitimate Linux bootloaders, preventing them from being blocked. The patch is applicable to various versions of Windows, including Windows 11 (multiple versions) and Windows Server (multiple versions). The update will be automatically applied through Windows Update for affected installations.

Winsage

May 16, 2025

How to get started with Semantic Indexing on Windows 11

Semantic Indexing is an AI-driven feature in Windows 11 that enhances search functionality using Natural Language Processing (NLP) to interpret the context and intent behind search queries. It allows users to search for files, settings, and content using conversational language rather than exact keywords. Semantic Indexing is integrated into various components of Windows 11, including File Explorer, the Start menu, and the Taskbar search box. It requires a Neural Processing Unit (NPU) and is available on Copilot+ PCs starting with the May 2025 security update. Users can verify its activation by checking for specific AI components in the settings. The feature supports various file formats such as images and documents and is compatible with several languages, including English and Spanish. The rollout of these enhancements will occur gradually.

Winsage

May 16, 2025

Microsoft confirms May Windows 10 updates trigger BitLocker recovery

Microsoft has acknowledged an issue affecting some Windows 10 and Windows 10 Enterprise LTSC 2021 systems after the installation of the May 2025 security update (KB5058379), causing devices to boot into BitLocker recovery mode. This problem arises when the update leads to multiple startup failures, preventing the system from initiating Automatic Repair without the recovery key. Users experiencing this issue may see LSASS errors and the 0x800F0845 error code in the Windows Event Viewer. Reports indicate that various devices from manufacturers like Lenovo, Dell, and HP are affected. Microsoft suggests troubleshooting steps such as disabling Intel Trusted Execution Technology, Secure Boot, Virtualization Technologies, or Firmware Protection. This is not the first occurrence of such issues, as similar problems were reported after previous updates in August 2024 and August 2022.

Winsage

May 16, 2025

Windows 10 PCs are locking and crashing after May’s security update

Microsoft's KB5058379 update has caused issues for Windows 10 users, prompting unexpected requests for the BitLocker recovery key during startup. This problem is affecting users in Germany and the United States, impacting both corporate and personal devices. Users without the recovery key find their systems locked, leading some to perform system recoveries. Additionally, some users experience blue screen crashes after booting into Windows 10. A potential workaround is to disable the “Intel Trusted Execution Technology (Intel TXT)” option in the BIOS/UEFI. The issue primarily affects devices from Dell, HP, and Lenovo running Windows 10 versions 22H2 or 21H2 Enterprise. Microsoft has not yet acknowledged these issues related to the update.

AppWizard

May 15, 2025

New malware infects Android devices — full list of apps to delete immediately

Cybersecurity experts have identified a new threat to Android users called Kaleidoscope malware, which has infiltrated various popular applications not available on the Google Play Store. This malware operates in the background, collecting personal information, displaying intrusive ads, and potentially allowing more harmful malware to enter. Users are advised to check their device settings for suspicious apps, uninstall them, restart their devices, and review app permissions, especially for those requesting access to sensitive features. Experts recommend downloading apps only from trusted sources, being cautious about permissions, and regularly updating systems to address security vulnerabilities. Google has identified 62 dangerous vulnerabilities in Android devices, with two being particularly threatening, and users are urged to update their devices promptly.

Winsage

May 15, 2025

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network

Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.

Winsage

May 15, 2025

Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition

The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.

Winsage

May 14, 2025

Microsoft fixes Linux boot issues on dual-boot Windows systems

Microsoft addressed a boot issue affecting dual-boot systems running Linux alongside Windows after the August 2024 Windows security updates, which caused Linux systems to fail to boot due to a Secure Boot Advanced Targeting (SBAT) update. This issue impacted various Windows operating systems, including Windows 10, Windows 11, and Windows Server 2012 and later. The problem arose from a detection mechanism that failed to recognize some customized dual-boot setups, leading to error messages such as "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation." Microsoft confirmed that the boot issues would be resolved with the May 2025 Patch Tuesday security updates and provided a temporary workaround in late August, advising users to delete the SBAT update. On September 19, Microsoft stopped the automatic application of the problematic SBAT update and recommended a command to prevent future SBAT updates. The issue was specific to the August 2024 security and preview updates, and subsequent updates starting with September 2024 did not contain the problematic settings.

Winsage

May 14, 2025

Microsoft Confirms Windows Is Under Attack — You Must Act Now

Microsoft has confirmed multiple zero-day vulnerabilities being actively targeted by malicious actors. One significant vulnerability is CVE-2025-30397, a memory corruption flaw in the Windows scripting engine that affects all versions of Windows and allows code execution over the network. It has a CVSS score of 7.8 and is considered critical. Successful exploitation requires the target to use Edge in Internet Explorer Mode and for the user to click a malicious link. Other vulnerabilities include: - CVE-2025-32709: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows Server 12 and later. - CVE-2025-32701 and CVE-2025-32706: Vulnerabilities in the Windows Common Log File Driver System that could allow local attackers to gain system privileges, affecting all versions of Windows. - CVE-2025-30400: An elevation of privilege vulnerability in the Windows desktop window manager, affecting Windows 10, Server 2016, and later OS versions. Windows users are urged to update their systems with the latest security patches immediately.

Winsage

May 14, 2025

Windows DWM 0-Day Vulnerability Allows Attackers to Escalate Privileges

Microsoft has addressed a zero-day vulnerability in the Windows Desktop Window Manager (DWM) Core Library, identified as CVE-2025-30400, which allows attackers to gain SYSTEM-level privileges on affected systems. This "Elevation of Privilege" vulnerability, arising from a "use-after-free" memory corruption issue, was actively exploited prior to the release of a patch on May 13, 2025. The vulnerability permits an authorized attacker to execute code with SYSTEM privileges by exploiting improper memory management within the DWM process. Microsoft classified the severity of this vulnerability as "Important" and assigned it a CVSS score of 7.8. Users and administrators are strongly advised to apply the latest updates to mitigate the risk of exploitation.