security warnings Archives

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

Winsage

April 20, 2026

I just heard about this free Windows 11 customization app despite it having 42 million downloads

ExplorerPatcher is a free and open-source application that has over 42 million downloads and 32,200 stars on GitHub. It aims to restore legacy Windows shell components in Windows 11, allowing users to manage settings more comfortably. The app is compatible with both x86-64 Windows and Windows on ARM. Users can revert the Windows 11 taskbar to its Windows 10 design, disable the Windows 11 context menu, and restore the control ribbon in File Explorer. ExplorerPatcher offers additional features such as improved multi-display taskbar support and customizable settings. It includes preset configurations like the "Classic Windows 10" option and allows for custom configurations to be saved and shared. Despite its popularity, ExplorerPatcher is not widely recognized due to security warnings from Windows, which flag it as a potential threat, and potential disruptions following major Windows updates.

Winsage

April 15, 2026

Microsoft releases Windows 10 KB5082200 extended security update

Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities from the April 2026 Patch Tuesday, including two critical zero-day flaws. The update enhances security with new protections against phishing attacks using Remote Desktop Protocol (.rdp) files and provides updated indicators in Windows Security for new Secure Boot certificates. Users can install the update by checking for updates in the Windows Update settings. After installation, Windows 10 will upgrade to build 19045.7184, and Windows 10 Enterprise LTSC 2021 will transition to build 19044.7184. The update resolves a total of 167 vulnerabilities, including two significant zero-day issues, and includes fixes for signing into Microsoft apps, enhanced Remote Desktop security, dynamic Secure Boot status reporting, and issues affecting Intel-based devices with Connected Standby. Microsoft is also rolling out new Secure Boot certificates to replace older ones expiring in June 2026, with no known issues reported for this update.

Winsage

March 30, 2026

Microsoft confirms Windows 11 dark mode upgrade, with plans for third-party apps and Registry Editor

Windows 11 has introduced a dark theme that has received positive feedback, but certain legacy pop-ups, like the Properties tab, still use a light background. Microsoft is working on a dark-themed Properties tab and aims to enhance the dark mode experience across the operating system, as confirmed by senior executive Marcus Ash. He mentioned that there are no specific timelines for updates to legacy tools like the Registry Editor, but improvements are being made for consistency in dark mode across system-level dialogs. Third-party applications that do not adopt dark mode will continue to display in light mode, as Microsoft cannot enforce changes on them. Users currently experience inconsistencies with dark mode, particularly with legacy features that still show a light background. In December 2025, Microsoft rolled out dark mode for most operational dialogs, including those for file deletion and error notifications. Dark mode is now visible in various pop-ups, such as notifications for insufficient disk space and Recycle Bin confirmations. Microsoft is also testing dark mode in Windows Run (legacy).

AppWizard

March 23, 2026

Google adds ‘Advanced Flow’ for safe APK sideloading on Android

Google has introduced a new mechanism called Advanced Flow within Android to facilitate the sideloading of APKs from unverified developers for power users while enhancing security. This system will launch in August and aims to balance user flexibility with protection against malware and scams, which caused losses of approximately billion last year. To install APKs from unverified developers, users must complete a one-time process that includes activating Developer Mode, confirming they are not influenced by threat actors, restarting the device, and verifying the legitimacy of modifications after a day. Once completed, users can install applications from unverified developers and choose to enable them for a week or indefinitely, with Android providing a warning about the unverified source. The Advanced Flow process is designed to prevent users from being coerced into installing malicious software during scam attempts. Google emphasizes that this system is a compromise between Android's openness and necessary user protections, leading to upcoming developer verification requirements. All Android app publishers will need to undergo identity verification by Google, with non-compliance resulting in blocked software installations on certified Android devices. This verification initiative is now set for rollout in August 2026.

AppWizard

March 20, 2026

This is Android’s new ‘advanced flow’ for sideloading apps without verification, includes one-day waiting period [Gallery]

Google will introduce a new Android developer verification process later this year to enhance user security and accommodate power users. This will include an "advanced flow" that allows users to disable the verification requirement and install software from unverified developers. Users must activate Developer mode, confirm they are not being guided by a malicious actor, restart their device, and undergo a mandatory one-day "Security wait" period for identity verification through biometric authentication or a device PIN. After this, they can install apps from unverified developers indefinitely, with a temporary option for seven days. Users will still receive a warning when installing apps from unverified developers but can choose to proceed. The rollout is set for August, alongside new developer verification requirements. Additionally, Google will offer limited distribution accounts for developers to share apps with up to 20 users without registration fees or government ID.

AppWizard

March 6, 2026

Google Proposes Android App Store Changes Following Epic Games Legal Dispute

Google has submitted proposed modifications to its Android app store operations to a federal court in San Francisco in response to Epic Games' antitrust lawsuit from August 2020. The proposed changes include a revised fee structure that lowers baseline commissions on subscriptions and e-commerce transactions, offers app developers an alternative payment processing option, and allows developers to use payment systems outside of Google's ecosystem. Consumers will be able to download applications from alternative app stores that meet a certification process. These changes require judicial approval and are part of a broader overhaul mandated by a federal judge in October 2024. Google has requested a hearing on April 9 to clarify questions regarding the proposed changes and plans for a global rollout, initially focusing on the United States, the United Kingdom, and the European Union, pending regulatory approvals.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.