SSH Archives

Winsage

March 28, 2025

Microsoft fixes «printer uprising» in Windows 11 and remote desktop

Microsoft has acknowledged a significant issue affecting the Remote Desktop Platform (RDP) in Windows 11 24H2, which began surfacing in February 2025. An emergency server update is being implemented to resolve these complications, with users expected to see improvements within 24 to 48 hours. The RDP issues arose after the optional January Update, leading to frozen login screens and blank interfaces for some users. Microsoft recognized the problem on February 25, initially claiming it was addressed in the February update (KB5052093), but subsequent updates worsened the crashes. A Known Issue Rollback (KIR) is being deployed in stages, and users are encouraged to reboot their devices. Additionally, update KB5053657 has been released to fix a printer issue affecting USB printers that emerged after the January 11 update. A similar fix for Windows 11 24H2 is anticipated on March 27, 2025, with both resolutions included in April's "Patch Tuesday" updates.

Winsage

March 26, 2025

The latest Windows 10 update causes headaches for some users

On March 11, the Windows 10 22H2 Patch Tuesday security update, KB5053606, was released to address 15 vulnerabilities, including two critical remote code execution flaws. Users have reported significant issues, with many experiencing installation difficulties and receiving the error code 0x80070020. Those who managed to install the update faced problems such as blue and black screens, random crashes, disappearing app icons, and reverted desktop customizations. Professional users reported issues with program crashes, Citrix functionality, and slow Print Spooler operations. The update includes support for DST changes in Paraguay, updates to Country and Operator Settings profiles, fixes for Desktop Window Manager not responding, resolves issues with the Open Secure Shell service, and addresses various Chinese IME-related issues. Systems post-installation will reflect Build 19045.5608. Windows 10 is scheduled to reach its end of life on October 14, 2025.

Winsage

March 24, 2025

New Browser-Based RDP for Secure Remote Windows Server Access

Cloudflare has launched a clientless, browser-based Remote Desktop Protocol (RDP) solution that enhances its Zero Trust Network Access (ZTNA) capabilities for secure access to Windows servers. This solution eliminates the need for traditional RDP clients and utilizes IronRDP, a high-performance RDP client developed in Rust, which operates within the browser. The implementation secures RDP sessions using TLS-based WebSocket connections and integrates with Cloudflare Access for authentication through JSON Web Tokens (JWT). The system supports modern security standards, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and device posture checks. Cloudflare plans to add session monitoring, data loss prevention features, and pursue FedRAMP High certification for compliance with government standards.

Tech Optimizer

March 11, 2025

What’s in Store for pg_probackup 3

Pg_probackup is a backup solution for PostgreSQL that debuted in 2016 and has evolved significantly, with the latest version being 2.5.15 available on GitHub and version 2.8.6 included in the Postgres Pro product suite. It supports 14 platforms and offers three types of incremental backups, features like merging backups, quick replica restoration, and integration with S3 and CFS. Users can access community support via a dedicated Telegram chat. The versions of Pg_probackup include: - 2.5.15 Community: Open-source, available on GitHub with critical bug fixes. - 2.8.6 STD: Closed-source, optimized for large datasets, included with Postgres Pro Standard. - 2.8.6 ENT: Closed-source, similar to STD but adds CFS and S3 support. - 3 and above: Closed-source overhaul aimed at improved speed and efficiency. Pg_probackup 3 was developed to address client requests and internal ideas, leading to a modular architecture with three components: a DB core extension, LibProbackup3 (a core library for database connection), and the backup application itself. Libprobackup3 is written in C++, providing a C interface for integration with various programming languages and managing archival file streams and backup logic. Pg_probackup 3 introduces a custom communication protocol for optimized data handling and supports multiple backup modes: FULL, DELTA, PTRACK, and PAGE. The recovery feature includes FUSE capability for direct data restoration from backups without full unpacking, enhancing recovery options for selective restoration of databases and WAL files. Performance testing showed that while version 2.8.6 excelled in single-threaded scenarios, pg_probackup 3.0.0 outperformed it in multi-threaded environments, especially in PRO mode for PTRACK incrementals. The roadmap for pg_probackup 3 includes releasing the current version, preparing an open-source variant, optimizing multi-threading, and implementing additional features in pg_probackup 3.1.

Winsage

February 26, 2025

Windows 11 KB5052093 update released with 33 changes and fixes

Microsoft has released the February 2025 preview cumulative update for Windows 11 24H2, identified as KB5052093. This update includes 33 enhancements and fixes, addressing issues with SSH connections, File Explorer, and an audio glitch that causes volume spikes upon waking from sleep. It also resolves a problem with USB audio devices becoming inoperative after short idle periods. Users can install the update via Settings > Windows Update or manually from the Microsoft Update Catalog. The update elevates Windows 11 24H2 systems to build 26100.3323 and introduces a referral card for PC Game Pass subscriptions. Known issues include installation problems with the January 2025 Windows security update due to Citrix components and download issues for Roblox on Arm devices. Windows 11 24H2 is now widely available, and Microsoft is rolling out the Windows 11 2024 Update to eligible Windows 10 22H2 PCs.

Winsage

February 26, 2025

Windows 10 KB5052077 is out with fixes for OpenSSH, Narrator, IME, and more

Microsoft has released a non-security update for Windows 10 version 22H2, designated as KB5052077 with a build number of 19045.5555, which includes enhancements for Windows 11 versions 23H2 and 22H2. The update introduces support for Daylight Saving Time changes in Paraguay and includes several fixes for the Narrator and Chinese Input Method Editor (IME). It resolves issues with the Narrator's announcement of Chinese IME candidate windows and improves the IME's responsiveness and color contrast. Additionally, it addresses an issue causing the Desktop Window Manager (dwm.exe) to become unresponsive and fixes a problem with the Open Secure Shell (OpenSSH) service. Two known issues remain, one related to Citrix components affecting updates and another concerning the System Guard Runtime Monitor Broker. The update is available through Windows Update or the Microsoft Update Catalog, and it is optional as it does not include mandatory security updates.

Winsage

February 25, 2025

Windows 10 KB5052077 update fixes broken SSH connections

Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2, which includes nine bug fixes and enhancements, notably addressing an SSH connection issue acknowledged in November. This issue affects a limited number of devices on Windows enterprise, IoT, and education editions, with ongoing investigations into potential impacts on Windows Home or Pro editions. The update elevates Windows 10 22H2 systems to Build 19045.5555 and includes fixes for the Desktop Window Manager, Chinese IME responsiveness, and color contrast issues. Two known issues are associated with KB5052077: one involving Citrix components that may obstruct the installation of the January 2025 Windows security update, and another related to a System Guard Runtime Monitor Broker services issue generating 'Event 7023' errors. Over 60% of Windows systems globally still run on Windows 10, despite its approaching end of support, while certain Long-Term Servicing Channel and Long-Term Servicing Branch releases will continue to receive updates beyond October 2025.

Winsage

February 18, 2025

5 reasons you shouldn’t use Windows as a NAS OS

The author transformed a mini PC into a basic Network Attached Storage (NAS) solution using a standard Windows installation. While Windows can work for simple setups, it is generally inefficient for NAS due to its resource usage, lack of native ZFS support, forced updates, complicated Docker and VM management, and clunky remote access. Windows runs unnecessary background services that consume RAM and storage, while dedicated NAS software optimizes performance. Windows does not support ZFS natively, which is beneficial for data integrity and features like compression and encryption. Windows updates can disrupt services due to their unpredictable nature, unlike dedicated NAS systems that allow for scheduled updates. Managing Docker containers or virtual machines is more complex on Windows compared to Linux, which is better suited for these tasks. Remote access on Windows requires cumbersome setups, while Linux offers easier SSH access and web interfaces for management.

Winsage

February 14, 2025

Releasing Windows 10 Build 19045.5552 to the Release Preview Channel

Windows 10 22H2 Build 19045.5552 (KB5052077) has been released to the Release Preview Channel for Insiders using Windows 10, version 22H2. Key updates include: - Adjustments for Daylight Saving Time (DST) in Paraguay. - Fixes for the Chinese Input Method Editor (IME), including responsiveness issues and improved color contrast in the search suggestion panel. - Resolution of a recurring issue with the desktop window manager (dwm.exe) that caused it to stop responding. - Refresh of Country and Operator Settings Asset (COSA) profiles for select mobile operators. - Improvements to the Narrator, addressing issues with announcing quick action buttons and control types in the Chinese IME candidate window. - Resolution of a service startup failure for Open Secure Shell (OpenSSH), requiring users to manually run the sshd.exe process.

Tech Optimizer

December 19, 2024

LNK Files And SSH Commands: A New Cyber Attack Trend In 2024

Cyber attackers are increasingly using malicious LNK files, which disguise themselves as harmless shortcuts, as an infection vector in 2024. Security experts, particularly Cyble Research and Intelligence Labs (CRIL), have noted a significant rise in this tactic. Attackers leverage LNK files to gain access to systems, triggering malicious actions that can deploy advanced malware. This method reflects a shift in attack vectors aimed at bypassing traditional security measures. One primary technique in these attacks is the exploitation of Living-off-the-Land Binaries (LOLBins), which are trusted system binaries manipulated to execute harmful commands without external malware. Attackers have refined their methods to evade detection by endpoint detection and response (EDR) solutions. Recent campaigns have incorporated SSH commands within malicious LNK files, allowing attackers to establish persistent connections and download malicious files from remote servers. This use of SSH is concerning as it is not typically associated with Windows systems, making it harder for conventional security measures to detect. Threat actors have also used SSH commands to execute malicious PowerShell or CMD commands indirectly through LNK files. For example, a malicious LNK file was found to trigger a PowerShell script that downloaded a malicious payload. Advanced Persistent Threat (APT) groups, known for their long-term cyber espionage, are increasingly utilizing these techniques, with groups like Transparent Tribe deploying stealer malware using similar methods. The combination of LNK files and SSH commands presents a significant threat to organizations, necessitating enhanced monitoring and detection systems to identify abnormal activities. Security teams must evolve EDR solutions to recognize malicious SSH and SCP activity, especially in environments where SSH is not commonly used. Additionally, organizations should restrict the use of legitimate SSH utilities and disable unnecessary features to minimize the attack surface.