system crashes Archives

Winsage

August 13, 2025

Microsoft Vulnerabilities Exposed by Check Point Research

Check Point Research identified six new vulnerabilities in Microsoft Windows, including one classified as critical. These vulnerabilities could lead to system crashes, arbitrary code execution, or expose sensitive data. Check Point reported these issues to Microsoft, resulting in patches released on August 12th. One significant vulnerability is in a Rust-based Windows kernel component, which can cause total system crashes. Two other vulnerabilities, CVE-2025-30388 and CVE-2025-53766, allow for arbitrary code execution when users interact with specially crafted files. Additionally, CVE-2025-47984 can leak memory contents over the network, posing risks of sensitive information exposure. Check Point's security solutions already protect its customers from these threats, and users are encouraged to apply the August Patch Tuesday updates promptly.

Winsage

August 11, 2025

New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet

Researchers Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic” at DEF CON 33. They identified four new vulnerabilities in Windows DoS and one zero-click distributed denial-of-service (DDoS) flaw, classified as “uncontrolled resource consumption.” The vulnerabilities include: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in Windows Print Spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints or servers, including Domain Controllers (DCs), potentially allowing for the creation of a DDoS botnet. The researchers also discovered a DDoS technique called Win-DDoS that exploits a flaw in the Windows LDAP client’s referral process, enabling attackers to redirect DCs to a victim server for continuous redirection. This method can leverage public DCs globally, creating a large, untraceable DDoS botnet without specialized infrastructure. Additionally, the researchers examined the Remote Procedure Call (RPC) protocol and found three new zero-click, unauthenticated DoS vulnerabilities that can crash any Windows system. They also identified another DoS flaw exploitable by any authenticated user on the network. The researchers released tools named “Win-DoS Epidemic” to exploit these vulnerabilities, highlighting the need for organizations to reassess their security measures regarding internal systems and services like DCs.

Tech Optimizer

August 7, 2025

Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses

Attackers have been using the ThrottleStop.sys driver to disable antivirus software in compromised networks since October 2024. This driver, designed for CPU throttling, allows malware to gain kernel-level memory access and terminate security processes. Initial access is typically gained through stolen RDP credentials or brute-forced administrative accounts, enabling the deployment of the AV killer alongside ransomware like MedusaLocker. Once inside, attackers extract additional user credentials using tools like Mimikatz and move laterally with Pass-the-Hash techniques. They upload two key components, ThrottleBlood.sys (the renamed driver) and All.exe (the AV killer), to user directories. The malware effectively disables Windows Defender and other endpoint protections, leading to severe data encryption in industries with exposed RDP endpoints, particularly affecting victims in Brazil, Ukraine, Kazakhstan, Belarus, and Russia. Securelist analysts noted that traditional self-defense features in Kaspersky products can counter this AV killer, but many organizations still rely on less effective solutions. The malware exploits two vulnerable IOCTL functions in the ThrottleStop.sys driver, allowing arbitrary memory reads and writes. It uses a loop to match and terminate antivirus processes by invoking kernel functions. The malware avoids detection by restoring original kernel bytes after execution. This situation highlights the need for improved driver integrity monitoring and robust security strategies.

Winsage

July 30, 2025

Microsoft finally exorcises the ghost of Windows Vista that’s been haunting the testing channels

Microsoft has addressed a bug in the Windows 11 testing channels that replaced the startup sound with that of Windows Vista. This issue first appeared in the Beta and Dev channels, then resurfaced in the Canary branch. A new patch for the Canary branch has restored the correct Windows 11 boot sound and fixed other bugs, including black desktop backgrounds and crashes in the Settings application. Key changes in the latest update include: - Restoration of the correct Windows 11 boot sound. - Improvements to the desktop experience, resolving unexpected black backgrounds. - Stability enhancements for the Settings application, particularly in the Power & Battery section. - Repositioning of the search functionality in the Settings menu for easier access. Additional fixes include resolving an audio issue after casting to a TV, addressing system crashes for some users after upgrading, and fixing display issues in the Group Policy Editor for certain languages. Known issues that remain include complications with Windows Hello PIN and biometrics for users transitioning to the Canary Channel and visual glitches during upgrades.

Winsage

July 20, 2025

10 useful Windows built-in tools you’ve never used

- Windows Memory Diagnostic tests RAM for errors that may cause system crashes or freezes. It can be launched by typing "Windows Memory Diagnostic" in the Start Menu or using the Run Command with mdsched.exe. - Resource Monitor provides detailed insights into CPU, RAM, disk activity, and network bandwidth, helping identify resource-consuming applications. It can be accessed through Task Manager or the Windows search box. - Reliability Monitor displays a timeline of system stability, including software installations, updates, crashes, and hardware errors, aiding in troubleshooting. It can be found by searching in the Start bar or through Control Panel > Security and Maintenance. - DirectX Diagnostic Tool offers information about GPU, audio drivers, and DirectX version, useful for diagnosing gaming-related issues. It can be launched by pressing Win + R and typing dxdiag. - Credential Manager securely manages Windows login credentials and network login information. It can be accessed by searching for "Credential Manager" in the Start bar or through Control Panel. - God Mode consolidates over 200 system settings into a single folder, accessible by creating a new folder and renaming it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}. - Local Group Policy Editor allows advanced customization of Windows settings for Pro or Enterprise users. It can be launched by pressing Win + R and typing gpedit.msc. - Computer Management Console provides access to various system tools like Device Manager and Disk Management. It can be opened by right-clicking the Start button or using Win + R with compmgmt.msc. - Powercfg Tool diagnoses battery issues and provides reports on battery usage and health. It can generate a report by running powercfg /batteryreport in Command Prompt. - System Configuration (msconfig) allows users to control Windows boot options and troubleshoot startup issues. It can be launched by pressing Win + R and typing msconfig.

Winsage

July 12, 2025

This is what a Windows crash looks like now

Microsoft is set to unveil a redesigned Black Screen of Death (BSOD) for Windows 11 users enrolled in the Release Preview, transitioning from the traditional blue screen. This update will roll out to all Windows 11 users in the coming weeks. The new black BSOD is the first major change since the sad face icon was introduced in Windows 8, eliminating the previous frowning face and QR code for a more straightforward interface. It will still provide essential information, including the stop code and identification of the problematic system driver, to assist users and IT administrators in diagnosing system crashes. This change is confirmed as permanent and is part of a broader enhancement to Windows 11, which includes the Quick Machine Recovery (QMR) feature aimed at expediting recovery from boot failures.

Winsage

July 7, 2025

Oh dear – Microsoft Windows Firewall was found to be complaining about…Microsoft code?

Microsoft has acknowledged an issue with Windows Firewall following the June 2025 preview update of Windows 11 24H2 (KB5060829, OS Build 26100.4484). Users may encounter an error event labeled 'Config Read Failed' with the message 'More data is available' each time they restart their device. Microsoft assures that this does not indicate a malfunction within Windows Firewall and can be disregarded. The issue is linked to a feature under development, and no timeline for a fix has been provided. Additionally, there is another issue affecting the display of Chinese, Japanese, and Korean characters at 96 DPI in Chromium-based browsers, which Microsoft is working on with Google.

Winsage

July 7, 2025

Oh dear – Microsoft Windows Firewall was found to be complaining about…Microsoft code?

Microsoft acknowledged an issue with Windows Firewall following the June 2025 preview update of Windows 11 24H2 (KB5060829), which generates "Config Read Failed" error messages in security event logs. Despite frequent logging upon device restarts, Microsoft stated that this does not indicate a malfunction of Windows Firewall and can be ignored. The issue is linked to an under-development feature, and no resolution timeline has been provided. Additionally, there is a problem with displaying Chinese, Japanese, and Korean characters at 96 DPI in Chromium-based browsers, which Microsoft is working on with Google.

AppWizard

July 5, 2025

I built a PiKVM to control my PC remotely, and it’s a game-changer

The PiKVM project allows users to control a desktop or server remotely using a Raspberry Pi 4B and an HDMI-CSI bridge adapter, providing comprehensive keyboard, video, and mouse control even during reboots. It offers browser-based access to the PC's screen in real-time, enabling actions like force shutdowns, BIOS access, and operating system reinstallation, independent of the host system's operating system. The setup captures HDMI output and simulates USB input, functioning in scenarios like BIOS or crash screens. Essential components for building a PiKVM include a Raspberry Pi 4B, an HDMI-to-CSI bridge adapter, a microSD card, USB cables, an official power supply, and the latest PiKVM OS image. The setup process involves writing the OS image to the SD card, connecting the hardware, and accessing the web interface for remote control. PiKVM is beneficial for tasks such as troubleshooting boot sequences, configuring BIOS settings, and monitoring system status without physical interaction.

Winsage

July 1, 2025

Microsoft’s ‘Blue Screen of Death’ Dies After 40 Years of Memes, Jokes, T-Shirts

Microsoft is replacing the blue screen of death, a critical error screen for Windows users since 1985, with a new black screen of death for Windows 11, version 24H2 devices later this summer. This change is part of Microsoft's Windows Resiliency Initiative, aimed at improving system resilience and security. The new black screen will provide essential information such as stop codes and faulty system drivers for easier diagnosis by IT administrators. The blue screen of death has become a pop-culture icon, inspiring memes, merchandise, and even a dedicated subreddit.