security vulnerabilities Archives

Winsage

April 29, 2025

New Windows 7 And Windows Server 2008 Security Updates Confirmed

Microsoft has introduced a no-reboot patching feature for Windows 11 and announced hotpatching costs for Windows Server 2025. Windows 7 and Windows Server 2008 R2 have reached their end-of-support status and lack official security patches. However, users of these legacy systems can utilize a micro patching service called 0patch, which delivers micro patches to address specific vulnerabilities without requiring system reboots. On April 29, 2023, Mitja Kolsek, CEO of ACROS Security, announced that support for Windows 7 and Windows Server 2008 R2 would be extended until January 2027 due to high demand. These micro patches are currently the only available security updates for these legacy versions.

Winsage

April 22, 2025

Windows 10 KB5055612 preview update fixes a GPU bug in WSL2

Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2, which addresses a GPU paravirtualization issue in the Windows Subsystem for Linux 2 (WSL2). This update is part of Microsoft's initiative for optional non-security preview updates, typically available at the end of each month, allowing administrators to test upcoming fixes and features. The update does not include security updates and can be installed manually through Windows Update or downloaded from the Microsoft Update Catalog. The key changes in the KB5055612 update include security improvements to internal Windows OS functionality, a fix for the case-sensitive GPU paravirtualization check in WSL2, and updates to the Windows Kernel Vulnerable Driver Blocklist to include drivers with known vulnerabilities exploited in BYOVD attacks. Microsoft has noted two known issues: one related to the Citrix Session Recording Agent (SRA) version 2411 causing update failures, with a suggested workaround, and another involving an Event 7023 error in Windows EventViewer regarding SgrmBroker.exe, which is currently non-functional and can be ignored. A fix for this bug is expected in future updates.

Winsage

April 22, 2025

An iPad can’t run macOS, but it can run… Windows 11?

A developer has successfully run an unofficial version of Windows 11, called Tiny11, on an iPad Air with an M2 processor. Tiny11 is a lightweight variant of Windows 11 that requires only 8GB of storage and can operate on systems that do not meet the official minimum requirements. It was demonstrated to work on the iPad Air, although it faces challenges such as delays in booting and program launches. Tiny11 is designed to be a stripped-down version of Windows 11, omitting many applications and services, and it does not require a Microsoft account. However, it remains an unofficial software, and users are advised to be cautious due to potential security vulnerabilities and usability issues.

Tech Optimizer

April 21, 2025

Best practices to handle AWS DMS tasks during PostgreSQL upgrades

The AWS Database Migration Service (AWS DMS) provides a managed solution for migrating and replicating databases to AWS, supporting both homogeneous and heterogeneous migrations. It allows seamless data migration from PostgreSQL databases to any supported target and vice versa. Open-source PostgreSQL regularly releases new versions, and Amazon RDS aims to support these within five months. Upgrading PostgreSQL instances is essential for security and compliance. Minor version upgrades focus on security and bug fixes without adding new functionalities, while major upgrades can change system tables and data formats. AWS DMS tasks require careful management during PostgreSQL upgrades. For minor upgrades, ongoing DMS tasks should be stopped and then resumed post-upgrade. For major upgrades, replication slots must be dropped before the upgrade, which will invalidate ongoing DMS tasks. After the upgrade, a new CDC-only task should be created to resume data migration. Minor version upgrades of the target PostgreSQL database do not affect AWS DMS CDC tasks, but major upgrades require stopping the DMS task, performing the upgrade, and ensuring compatibility with the replication instance before resuming the task.

Winsage

April 20, 2025

587 Windows Vulnerabilities — A Microsoft Security Record Breaker

Microsoft has reported a record number of 1,360 security vulnerabilities for its products in 2024, marking an 11% increase from 2023. This includes 587 vulnerabilities in Windows (33 classified as critical) and 684 in Windows Server (43 classified as critical). The increase in reported vulnerabilities suggests that security researchers are effectively identifying weaknesses, and Microsoft has invested over a million dollars in bounties to encourage this. The proactive communication and remediation process during Patch Tuesday enhances security, indicating that Microsoft is committed to addressing vulnerabilities rather than being indifferent to user security.

AppWizard

April 18, 2025

Perplexity’s Android App Is Infested With Security Flaws, Report Finds

Perplexity has launched a promotional campaign called “Ask like a millionaire,” offering a million-dollar prize to users who download its app, refer friends, and engage with it during the Super Bowl. However, the Android app is facing scrutiny due to significant security vulnerabilities, including issues that could lead to data theft and account takeovers. A report from Appknox reveals that the app's API can be accessed without restriction, and the code contains hardcoded secrets, making it easy for attackers to create counterfeit versions of the app. The app is also vulnerable to task hijacking, which could allow unauthorized access to sensitive data. Perplexity, founded in 2022, has raised 0 million in venture capital and has over 10 million downloads. The company is exploring partnerships with smartphone manufacturers and has faced criticism for alleged copyright infringement. Security experts advise users to consider removing the app until the issues are resolved.

Winsage

April 17, 2025

Microsoft Has a Fix for Windows’ Latest Blue Screen Problem

Unexpected crashes on Windows 11 version 24H2 have been reported, resulting in a secure kernel fatal error with the blue screen exception error code 0x18B. Microsoft has introduced a Known Issue Rollback (KIR) to address this issue by rolling back specific updates. For personal or non-managed computers, the fix will be automatically deployed via Windows Update, and users are advised to restart their PCs. For enterprise devices, IT departments must install the KIR Group Policy, found under Computer Configuration > Administrative Templates, and a restart of affected devices is required. The blue screen bug appeared after a Patch Tuesday update that addressed 134 security vulnerabilities, including a zero-day flaw.

Winsage

April 15, 2025

Releasing Windows 10 Build 19045.5794 to the Release Preview Channel

Windows 10 22H2 Build 19045.5794 (KB5055612) is now available in the Release Preview Channel for Insiders. Key features include a fix for the GPU paravirtualization check in Windows Subsystem for Linux 2 (WSL2), which was previously case-sensitive, and updates to the Windows Kernel Vulnerable Driver Blocklist to include drivers with security vulnerabilities exploited in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Winsage

April 14, 2025

Windows Server 2025 Restart Bug Breaks Connection with Active Directory Domain Controller

Microsoft has warned IT administrators about a significant issue affecting Windows Server 2025 domain controllers, which may struggle to manage network traffic after a system restart. This problem arises because the domain controllers revert to the standard firewall profile instead of the required domain firewall profile, leading to potential inaccessibility on the domain network, application failures, and open ports that could pose security risks. The issue specifically affects Windows Server 2025 systems with the Active Directory Domain Services role, while client systems and earlier server versions remain unaffected. To address this, Microsoft recommends a temporary workaround: manually restarting the network adapter using PowerShell with the command Restart-NetAdapter * after each reboot. Administrators are advised to create a scheduled task for automation, monitor domain controllers for disruptions, and minimize unnecessary restarts. Microsoft is working on a permanent fix, with an update expected in the future.

Winsage

April 14, 2025

If You Deleted This Weird New Folder in Windows, You Need to Put It Back. Here’s How

Windows 11 users have noticed an empty folder named "inetpub" appearing after a recent update, which is important for managing logs for Internet Information Services (IIS), even for those without IIS activated. Microsoft has warned against deleting this folder, as it can lead to security vulnerabilities, allowing potential attackers to exploit a "link following flaw." If the folder is deleted, it can be restored by reactivating IIS through the Control Panel under Windows features.