system security Archives

Winsage

May 14, 2025

Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on

A vulnerability identified as CVE-2025-30397 can be exploited when Microsoft Edge is in “Internet Explorer” mode, which is typically not the default setting but may be necessary for certain users. Another vulnerability, CVE-2025-29831, can only be exploited during a restart of the Remote Desktop Protocol (RDP) service. SAP has released 18 Security Notes to address various vulnerabilities, including critical authorization issues, remote code execution, information disclosure, and cross-site scripting.

Tech Optimizer

April 29, 2025

Intego Mac Internet Security

PCs were introduced before Apple’s Macintosh, leading to the emergence of PC viruses and the establishment of antivirus companies, with Macintosh protection being less prioritized. Intego focused on Macintosh security from the start, offering Intego Mac Internet Security, which includes a firewall that manages network permissions and defends against external attacks. Intego has been effective against Mac malware, achieving a 99.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors Norton 360 Deluxe and Bitdefender Antivirus Plus. Intego's pricing is competitive, with a standard annual fee of .99 for a single license and .99 for three licenses. A five-device subscription costs .99, while the Mac Premium Bundle starts at .99 annually and includes additional features. A 14-day free trial is available, and free alternatives like Avast and AVG are also on the market. Intego supports older macOS versions back to Mavericks (10.9), but the latest version requires High Sierra (10.13) or later. The installation process for Intego is straightforward, requiring a restart and granting necessary permissions. The main interface includes components for updates, firewall, and antivirus, with user-friendly access to scanning options. Intego has received certification from AV-Comparatives and detected 100% of Windows malware samples in tests. Its quick scan takes about two and a half minutes, while a full system scan takes seven minutes. Intego's Safe Browsing feature checks existing browser protections but lacks a dedicated antiphishing solution. The NetBarrier firewall allows users to classify their network and manage traffic permissions effectively, although it may be complex for some users.

Winsage

April 24, 2025

Windows 11’s mysterious ‘inetpub’ folder might be more dangerous than we thought

Windows 11 users have been warned about a potential vulnerability associated with the inetpub folder, introduced in the April 2025 security update. Security researcher Kevin Beaumont raised concerns that hackers could exploit this folder to disable essential security updates by creating "junction points" within the system's directory. This could lead to installation errors or force a rollback to previous system states due to a denial of service (DoS) vulnerability in the Windows servicing stack. Microsoft stated that the inetpub folder is part of a security patch (CVE-2025-21204) and advised against deleting it, claiming that removal would not impact system performance.

Winsage

April 15, 2025

Releasing Windows 10 Build 19045.5794 to the Release Preview Channel

Windows 10 22H2 Build 19045.5794 (KB5055612) is now available in the Release Preview Channel for Insiders. Key features include a fix for the GPU paravirtualization check in Windows Subsystem for Linux 2 (WSL2), which was previously case-sensitive, and updates to the Windows Kernel Vulnerable Driver Blocklist to include drivers with security vulnerabilities exploited in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Winsage

April 14, 2025

Don’t delete that mysterious ‘inetpub’ Windows folder, says Microsoft, as it’s supposedly important for system security

An empty folder named "inetpub" appeared among system files after the Windows 11 April 2025 Update. Microsoft advises users not to delete this folder, as it is linked to a critical security update (KB5055523) that enhances protection against vulnerabilities, specifically CVE-2025-21204. The folder's specific role in security has not been clarified by Microsoft. Users who deleted the folder can restore it by enabling Internet Information Services through the Control Panel.

Winsage

April 14, 2025

Windows warning: Don’t delete that weird ‘inetpub’ folder. Already did? Here’s your fix

Windows 10 and Windows 11 users who installed the April Patch Tuesday updates may find a new folder named inetpub on their system drive. This folder is associated with Microsoft’s Internet Information Services (IIS) and is important for addressing the CVE-2025-21204 vulnerability, which involves improper handling of symbolic links. Microsoft advises users not to delete the inetpub folder, as it plays a crucial role in system security. If the folder has been deleted, it can be restored by enabling IIS through the Control Panel. Enabling IIS will recreate the folder and ensure it retains the necessary protective measures.

Winsage

April 14, 2025

Microsoft warns that anyone who deleted mysterious folder that appeared after latest Windows 11 update must take action to put it back

Windows 11 24H2 users have reported the appearance of an empty folder named ‘inetpub’ on their system drives following the April 2025 cumulative update. Microsoft has confirmed that this folder is intentionally created as part of a security enhancement, associated with Internet Information Services (IIS), and should not be deleted, as doing so could compromise a critical security fix. If the folder has been deleted, users can restore it by navigating to Control Panel, selecting Programs > Programs and Features, and enabling ‘Internet Information Services’.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Winsage

March 12, 2025

Critical Windows Warning As 6 Zero-Day Attacks Confirmed—Update Now

In March, Microsoft confirmed six zero-day vulnerabilities in its Patch Tuesday security announcement, marking an increase from five reported in January and February combined. The March update includes a total of 57 Common Vulnerabilities and Exposures (CVEs), with all six zero-days classified as critical. These vulnerabilities can be addressed with a single cumulative update, requiring no additional configuration steps post-patch. The zero-days affect critical components such as the Microsoft Management Console, NTFS, Fast FAT, and the Win32 Kernel Subsystem. The specific vulnerabilities are: 1. CVE-2025-26633: Security feature bypass in the Microsoft Management Console, requiring social engineering to exploit. 2. CVE-2024-24993: Heap-based buffer overflow in Windows NTFS, allowing unauthorized code execution through a specially crafted virtual hard disk. 3. CVE-2025-24991: Information disclosure vulnerability affecting Windows 10 to 11 and Server 2008 to 2025, deemed critical. 4. CVE-2025-24985: Vulnerability in the Windows fast FAT file system driver, posing a risk of remote code execution via a specially crafted virtual hard disk. 5. CVE-2025-24983: Elevation of privilege vulnerability in the Windows Win32 kernel subsystem, potentially granting unauthorized access to sensitive data. 6. CVE-2025-24984: Another information disclosure vulnerability in Windows NTFS, also affecting the same range of Windows editions and considered critical.