We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

security vulnerability

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark
Winsage
June 17, 2025

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark

Microsoft has made an adjustment to Windows Hello Facial Recognition that affects its functionality in dimly lit environments due to a security vulnerability. This change, introduced in the April 2025 Patch Tuesday updates for Windows 11 and Windows 10, requires color cameras to detect a visible face for sign-in. The update addresses a Windows Hello Spoofing vulnerability that was being exploited. Previously, the feature could identify users in low-light conditions using near-infrared imaging technology. Users have reported a workaround by disabling the webcam in Device Manager, allowing IR sensors to authenticate in low light.
Microsoft’s Windows Hello facial recognition no longer works in the dark
Winsage
June 16, 2025

Microsoft’s Windows Hello facial recognition no longer works in the dark

Microsoft updated its Windows Hello face unlock feature in April, requiring adequate lighting for functionality to address a security vulnerability. The facial recognition system now relies on color cameras to detect visible faces, making it ineffective in low-light conditions. Users can disable the webcam via Windows 11 Device Manager as a workaround, but this disables the camera for all applications. The security flaw was identified by researchers at Nanyang Technological University and classified by Microsoft as "important," though it has not been publicly disclosed or exploited. Inquiries about reinstating dark-room functionality in future updates are pending.
Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges
Winsage
June 12, 2025

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability, designated as CVE-2025-33067, has been identified in the Windows Task Scheduler, allowing attackers to escalate privileges to SYSTEM level access without prior administrative rights. This vulnerability is rated as "Important" with a CVSS score of 8.4 and is due to improper privilege management within the Windows Kernel’s task scheduling component. It affects multiple Windows versions, including Windows 10 (Versions 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and Windows Server 2016-2025. Microsoft released security updates on June 10, 2025, to address this flaw across 27 different Windows configurations. The vulnerability requires local system access, no prior privileges, and no user interaction, making it particularly dangerous. Security researcher Alexander Pudwill discovered and disclosed the vulnerability.
If you deleted that mysterious Windows file Microsoft told you not to, there's a new script to restore it
Winsage
June 9, 2025

If you deleted that mysterious Windows file Microsoft told you not to, there’s a new script to restore it

The 'inetpub' folder, which appears on system drives (C:) after the April 2025 security update for Windows 10 and 11, is essential for protecting users against the security vulnerability CVE-2025-21204. This vulnerability involves improper link resolution before file access and can allow an authorized attacker to escalate privileges. Although the folder may seem empty and Internet Information Services (IIS) might not be in use, its deletion can compromise the effectiveness of the security patch, exposing systems to vulnerabilities. Microsoft recommends using a PowerShell script to restore the folder if deleted, rather than recreating it through IIS, which may add unwanted system folders.
Microsoft: Remedy for security vulnerability due to deleted "inetpub" folder
Winsage
June 9, 2025

Microsoft: Remedy for security vulnerability due to deleted “inetpub” folder

A recent Microsoft security update has created a new folder named "inetpub" on Windows systems, which is essential for system security. If users delete this folder, it can lead to significant vulnerabilities. Microsoft has released a Powershell script, Set-InetpubFolderAcl.ps1, to restore the "inetpub" folder and set the correct permissions. Systems that installed the April security update (KB5055528) must take immediate action if the "inetpub" directory is missing. The script also updates access rights for the "DeviceHealthAttestation" directory, if it exists. Administrative rights are required to run the script. This issue was highlighted by IT security researcher Kevin Beaumont, who noted that deleting the "inetpub" folder could disrupt the installation of future security updates.
Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2
Winsage
May 28, 2025

Microsoft surprises with emergency patch KB5061977 for Windows 11 24H2

On May 27, Microsoft released an out-of-band update, KB5061977, for Windows 11 version 24H2, elevating the operating system build to 26100.4066. This emergency patch addresses a security vulnerability currently being exploited, likely related to remote code execution or privilege escalation. The update is available through Windows Update, Windows Update for Business, WSUS, and the Microsoft Update Catalog. Organizations are urged to prioritize its installation, especially on publicly accessible or critical systems. The update focuses on security and reliability improvements, with no new features introduced. The issuance of this update outside regular maintenance windows presents challenges for IT administrators, emphasizing the need for proactive patch management strategies.
Warning — Microsoft Windows Defender Can Be Disabled By Hackers
Winsage
May 12, 2025

Warning — Microsoft Windows Defender Can Be Disabled By Hackers

A critical cloud security vulnerability rated 10/10 has been reported for Microsoft users, along with persistent denial of service attacks affecting Windows and warnings about password theft. A new tool called Defendnot has been released, which can disable Windows Defender, Microsoft's antivirus protection. Developed by a security researcher known as es3n1n, Defendnot simplifies the process of bypassing Windows Defender by tricking it into disabling itself. It uses undocumented application programming interfaces (APIs) to convince Windows Defender that another antivirus solution is present, without relying on third-party antivirus code. The availability of Defendnot poses a significant risk, potentially aiding malicious actors.
Google's May 2025 Pixel update is here with bug fixes and a critical security patch
AppWizard
May 7, 2025

Google’s May 2025 Pixel update is here with bug fixes and a critical security patch

The May 2025 security update for Google Pixel devices began deployment on May 6, addressing a critical zero-day security vulnerability (CVE-2025-27363) and including three bug fixes along with 28 security patches. The rollout may take about one week to reach all devices, depending on models and carriers. The update prevents devices from reverting to older, vulnerable versions of the bootloader. It also resolves specific issues for Google Pixel 6 and newer devices, including improvements in microphone recording quality, resolution of Bluetooth pairing issues with certain smartwatches, and correction of secondary language display issues in quick settings. Users are advised to check for the update in the Settings app under System > Software update.
Search