software update Archives

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

AppWizard

May 7, 2025

Google’s May 2025 Pixel update is here with bug fixes and a critical security patch

The May 2025 security update for Google Pixel devices began deployment on May 6, addressing a critical zero-day security vulnerability (CVE-2025-27363) and including three bug fixes along with 28 security patches. The rollout may take about one week to reach all devices, depending on models and carriers. The update prevents devices from reverting to older, vulnerable versions of the bootloader. It also resolves specific issues for Google Pixel 6 and newer devices, including improvements in microphone recording quality, resolution of Bluetooth pairing issues with certain smartwatches, and correction of secondary language display issues in quick settings. Users are advised to check for the update in the Settings app under System > Software update.

Winsage

May 6, 2025

Microsoft pushes fix for Windows 11 update 0x80240069 errors

Microsoft has resolved an issue that affected the delivery of Windows 11 24H2 feature updates via Windows Server Update Services (WSUS) after the installation of the April 2025 security updates. Users reported upgrade problems, specifically encountering error code 0x80240069 during attempts to update from Windows 11 23H2 or 22H2. The update complications primarily impact enterprise environments using WSUS, while home users are less likely to experience these issues. Microsoft is rolling out a fix through Known Issue Rollback (KIR) for enterprise-managed devices, requiring IT administrators to implement the KIR Group Policy on affected endpoints. Additionally, Microsoft is addressing a separate issue where some PCs were upgraded to Windows 11 despite Intune policies preventing such upgrades.

Winsage

May 5, 2025

Windows 11 24H2 Update Available: Auto Download on Compatible PCs

Microsoft is set to roll out the Windows 11 version 24H2 update, which will install automatically on eligible PCs and laptops. Users can check for the update in the Settings menu. Devices running Home or Pro editions of Windows 11 (versions 21H2, 22H2, and 23H2) that are not part of IT-managed networks will transition to version 24H2 automatically. Some systems may experience delays due to compatibility issues. Once the update downloads, users will receive a notification to begin installation, and while they cannot decline the upgrade, they can schedule the installation at their convenience.

Winsage

April 30, 2025

Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors

Microsoft has acknowledged a significant issue affecting enterprise users trying to upgrade to Windows 11 24H2 via Windows Server Update Services (WSUS) after installing the April 2025 security updates, specifically the monthly security update KB5055528. Users with Windows 11 23H2 or 22H2 are encountering Windows Update Service errors with the code 0x80240069, preventing the download process for Windows 11 24H2 from initiating or completing. Microsoft confirmed that devices with the April security update might be unable to update via WSUS. WSUS, primarily used in enterprise settings, has been deprecated as of September 2024, but Microsoft will continue to support existing functionalities. Additionally, Microsoft is addressing a "latent code issue" that has caused some devices to upgrade to Windows 11 despite Intune policies against such upgrades.

AppWizard

April 24, 2025

Trojanized Alpine Quest app geolocates Russian soldiers

Russian soldiers are facing a digital threat from a modified Android application, Alpine Quest, which has been tampered with to track their locations and extract sensitive information. The malware, known as Android.Spy.1292.origin, was embedded in an older version of the app and distributed as a free upgrade to Alpine Quest Pro via a fraudulent Telegram channel. Once installed, the trojan collects various types of information, including geolocation, downloaded files, phone numbers, and app versions, and can download additional modules to exfiltrate specific files. Additionally, researchers at Kaspersky discovered a backdoor hidden in counterfeit software updates for ViPNet, a secure networking suite. The malware, disguised as msinfo32.exe, connects to a command-and-control server to steal files and deploy more malicious components. On the Ukrainian side, Russian operatives are conducting a phishing campaign targeting Ukrainian officials and allies, using social engineering tactics to hijack Microsoft 365 accounts. Attackers contact victims via messaging apps, invite them to video calls, and trick them into providing OAuth codes, granting access to their accounts.

AppWizard

April 16, 2025

Samsung Auto vs Android Auto: What’s same and what’s not

Samsung has launched Samsung Auto, a platform for Galaxy devices in China aimed at enhancing the driving experience with features similar to Android Auto. It is part of the One UI 7 software update and is currently limited to select regions, primarily utilizing Samsung's previous “Car Mode.” The platform includes a custom launcher and app support for in-car use. A key feature of Samsung Auto is its intelligent location-based navigation, which allows users to reroute by extracting addresses from incoming messages, enabling navigation with a single tap. The app also ensures navigation continuity between the user's phone and vehicle. Samsung Auto connects to compatible vehicles through Baidu CarLife+ or ICCOA CarLink, which are mainly found in Chinese-market vehicles, limiting its reach. The user interface resembles that of Android Auto or Apple CarPlay, featuring a central dashboard for navigation and music controls. Currently, there are no plans for a global rollout of Samsung Auto, as it relies on Chinese vehicle systems, and significant modifications would be needed for broader implementation.

Winsage

April 15, 2025

Windows Update fails successfully, says Microsoft

The April 2025 Windows Recovery Environment update, identified as KB5057589, has caused confusion among Windows 10 users due to an error message (0x80070643 – ERRORINSTALLFAILURE) encountered during installation. Microsoft clarified that this error is a nuisance and does not affect the update or device functionality. The update enhances recovery features for devices facing booting issues and is delivered through Windows Update. Users may see the error if the update is installed while another update is pending a reboot, but the update typically installs successfully after a restart. Microsoft is working on a resolution to address user concerns.

AppWizard

April 11, 2025

Stable One UI 7 rolls out to users both in the U.S. and European regions

The stable version of One UI 7 has started rolling out for eligible Galaxy users in the U.S. and Europe, beginning with the Samsung Galaxy S24 series, Z Fold 6, and Z Flip 6. The update, approximately 5.2GB in size, includes the April security patch and enhances the AI experience with new writing tools and image generation capabilities. Users can check for the update by navigating to Settings > Software Update > Check for updates. One UI 7 features a refreshed Notification panel, a vertically-scrolling app drawer, and a new "Now Bar" for quick access to various controls. Samsung plans to extend the update to older devices, including the Galaxy Z Fold 4, Flip 4, S23 FE, A34, A35, S22, S21 series, and Tab S9/S8 series, by May. The rollout is occurring in phases.

Winsage

April 7, 2025

Microsoft delays WSUS driver sync deprecation indefinitely

Microsoft has indefinitely postponed the removal of driver synchronization within Windows Server Update Services (WSUS) in response to customer feedback. The planned removal, originally set for April 18, 2025, has been put on hold as the company works on a revised timeline. This decision marks a shift from previous communications that indicated the deprecation of WSUS driver synchronization. Microsoft had initially announced the intention to phase out this feature in June 2024 and had encouraged IT administrators to adopt cloud-based solutions. Despite the earlier deprecation announcement, Microsoft will continue to support existing WSUS capabilities and publish updates.