system crash Archives

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.

Winsage

October 30, 2025

Windows event logs are still the most powerful diagnostic tool on your PC

Event Viewer is a built-in diagnostic tool in Windows that logs every event occurring on a PC, helping users troubleshoot performance issues. It categorizes logs into Application, System, Security, and Setup sections, allowing users to focus on relevant categories during troubleshooting. Events are classified as Critical, Error, Warning, and Information, with Critical events indicating potential sources of system crashes. Users can filter logs, research Event IDs, and utilize the Details section for deeper insights. Event Viewer can be paired with Reliability Monitor for a visual overview of system stability. Many third-party diagnostic tools also rely on data from Event Viewer, making it a valuable resource for addressing persistent errors.

Winsage

October 17, 2025

Denial of Fuzzing: Rust in the Windows kernel

Check Point Research (CPR) identified a significant security vulnerability in the Rust-based kernel component of the Graphics Device Interface (GDI) in Windows, reported to Microsoft in January 2025. The issue was resolved in OS Build 26100.4202, part of the KB5058499 update released on May 28, 2025. The vulnerability was discovered during a fuzzing campaign targeting the Windows graphics component through metafiles, revealing multiple security issues including information disclosure and arbitrary code execution. The specific bug was linked to a crash occurring during the execution of a NtGdiSelectClipPath syscall in the win32kbasers.sys driver, triggered by an out-of-bounds memory access when processing malformed metafile records. Microsoft classified the vulnerability as moderate severity and addressed it in a non-security update, implementing substantial changes to the affected kernel module.

Winsage

August 28, 2025

Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware

Cybercriminals are increasingly targeting Microsoft Teams to deploy malware and gain control over victim systems, shifting from traditional email phishing attacks. They impersonate IT support staff in Teams chats to deceive employees into granting remote access. Attackers use newly created or compromised accounts with names like “IT SUPPORT ✅” to appear legitimate. They establish trust and persuade employees to install remote access software, allowing direct access to corporate networks. Recent incidents involve malware loaders like DarkGate and Matanbuchus, with attackers executing PowerShell commands to download malicious payloads designed for credential theft and remote code execution. The malware can designate its process as “critical” to evade detection and trick users into entering passwords through a legitimate-looking prompt. Analysis links these campaigns to the financially motivated threat actor known as Water Gamayun. Employees must be trained to verify unsolicited requests for credentials or software installations through separate communication channels.

Winsage

August 15, 2025

Microsoft patches more than 100 Windows security flaws – update your PC now

Microsoft's August Patch Tuesday update addresses 107 vulnerabilities in Windows, including 13 critical ones. It affects all current versions of Windows, including Windows 10, Windows 11, and Windows Server. The update fixes security issues in components like File Explorer, Remote Desktop, and Hyper-V, as well as bugs in Microsoft Office, Edge, and Teams. Nine critical vulnerabilities involve remote code execution. One vulnerability, CVE-2025-53779, is a zero-day flaw in the Windows Kerberos authentication system that could grant domain administrator privileges if exploited. The update also introduces new features, including a revamped error screen called the Black Screen of Death and Quick Machine Recovery for troubleshooting boot failures. Users can check for the update in the Windows Update section of Settings.

Winsage

August 13, 2025

Microsoft Vulnerabilities Exposed by Check Point Research

Check Point Research identified six new vulnerabilities in Microsoft Windows, including one classified as critical. These vulnerabilities could lead to system crashes, arbitrary code execution, or expose sensitive data. Check Point reported these issues to Microsoft, resulting in patches released on August 12th. One significant vulnerability is in a Rust-based Windows kernel component, which can cause total system crashes. Two other vulnerabilities, CVE-2025-30388 and CVE-2025-53766, allow for arbitrary code execution when users interact with specially crafted files. Additionally, CVE-2025-47984 can leak memory contents over the network, posing risks of sensitive information exposure. Check Point's security solutions already protect its customers from these threats, and users are encouraged to apply the August Patch Tuesday updates promptly.

Winsage

June 27, 2025

Microsoft Officially Retires ‘Blue Screen of Death’ After 40 Years of Frowny-Faces

Microsoft is replacing the "blue screen of death" with a "black screen of death" for Windows 11, version 24H2, set to roll out this summer. The new screen will provide crucial information such as the stop code and faulty system driver to aid IT administrators in diagnosing issues more efficiently. This change is part of Microsoft's Windows Resiliency Initiative, aiming to reduce recovery time to two seconds after a PC crash. The transition was prompted by the CrowdStrike outage in 2024, which affected over 8 million devices.

Winsage

March 31, 2025

Microsoft kills the iconic Blue Screen of Death. It looks like this now

Microsoft is redesigning the "Blue Screen of Death" (BSOD) in Windows 11 24H2, changing it from a blue screen to a black display. For Windows Insiders, the error screen will appear in green. The new design removes the sad smiley face and QR code, replacing the text with "Your device ran into a problem and needs to restart," and uses "device" instead of "PC." The specific error code and reason for the crash will be in smaller text at the bottom. This redesign has been in development since the early stages of Windows 11, but its motivation is speculative. The new error screen's public debut date is unclear, though it may be introduced in an upcoming Patch Tuesday.

Winsage

March 31, 2025

How to Try Out Windows’ New ‘Blue Screen of Death’

Microsoft has redesigned the Blue Screen of Death (BSOD) for Windows, making it "more streamlined" and aligned with Windows 11 design principles. The new BSOD will not be blue; it has appeared green during testing and will transition to black upon public release. The familiar frowny-face emoticon has been removed, replaced by a message stating, "Your device ran into a problem, and needs to restart," along with a progress percentage and stop code details. Users can experience the new BSOD by enrolling in the Windows Insider program, specifically through the Canary, Dev, or Beta Channels, with the Beta channel recommended for a more stable experience.

Winsage

December 25, 2024

Five lesser known Task Manager features in Windows 11

Windows 11's Task Manager includes several features that enhance productivity and system management: - Users can generate a live kernel or full crash dump to troubleshoot crashes, which can be analyzed for root cause identification. - Holding the CTRL key pauses the Task Manager updates, allowing users to easily locate processes, while the F5 key refreshes values for real-time updates. - The "Efficiency Mode" can be activated by right-clicking on an app or process to limit CPU usage, reducing power consumption and freeing up resources. - The Startup Apps section provides an overview of applications that launch at boot, allowing users to disable unnecessary ones to improve startup time and system performance. - The App History tab shows resource usage by applications since the last shutdown, helping users identify which apps are consuming significant resources.