unauthorized access Archives

Winsage

June 16, 2025

Microsoft has disabled a ‘key feature’ to enhance Windows security – The Times of India

Microsoft updated the Windows Hello face unlock functionality in April, which now fails to operate in low-light environments due to a strategic decision aimed at addressing a spoofing vulnerability. Users of Surface Laptops have reported frustrations as they can no longer access their devices using facial recognition in dark rooms. The update requires color cameras to see a visible face when signing in. Researchers from Nanyang Technological University identified a vulnerability in the system that allowed unauthorized access, although Microsoft categorized it as "important" and stated the likelihood of exploitation remains low. A temporary workaround for users is to disable the webcam through Windows 11's Device Manager, but this renders the camera unusable for other applications.

Winsage

June 15, 2025

5 Windows settings you should disable right now to improve your PC’s security

Adjusting operating system settings is essential for safeguarding your digital environment. To enhance security on public Wi-Fi networks, disable the network discovery feature by navigating to Settings > Network & Internet > Advanced Network Settings > Advanced Sharing Settings and toggling off "Network Discovery" for both Public and Private Networks. It is advisable to turn off the File and Printer Sharing setting in the same menu to further protect your system. To manage Clipboard History, which saves everything copied, right-click the Start button, go to Settings > System > Clipboard, and toggle off Clipboard history to prevent sensitive information from being stored. You can control background apps by navigating to Settings > Apps > Installed Apps, selecting the app, and choosing 'Never' under 'Background Apps Permissions' to prevent it from running in the background. To disable Remote Assistance, go to Settings > System > About > Advanced System Settings > Remote tab and uncheck the option for Remote Assistance connections. For Remote Desktop, toggle off the Remote Desktop option in Settings > System. To prevent Windows from automatically reconnecting to previously used public networks, navigate to Settings > Network and Internet > Wi-Fi > Manage Known Networks and uncheck the Connect Automatically When in Range box for those networks.

Winsage

June 13, 2025

Announcing Windows 11 Insider Preview Build 26200.5651 (Dev Channel)

Windows 11 Insider Preview Build 26200.5651 (KB5060818) has been released to the Dev Channel, introducing new features and improvements. 1. New Agent in Settings: An AI-powered agent helps users find and adjust settings by understanding user intent and automating tasks. Currently available for Snapdragon-powered Copilot+ PCs, with support for AMD and Intel devices coming soon. English is the primary display language requirement. 2. Recall Export Experience for EEA: Windows Insiders in the European Economic Area can export Recall snapshots with a unique export code, which is encrypted and requires Windows Hello authentication. Users can reset Recall if the export code is lost. 3. Bigger Clock in Notification Center: A new option to display a larger clock with seconds in the notification center is being rolled out, which can be activated in Settings. 4. Recall Changes: Users can now reset Recall and its data, with a new maximum storage duration for snapshots set to 90 days by default. 5. Click to Do Enhancements: New actions allow users to send text or images to Microsoft 365 Copilot and communicate via Microsoft Teams directly from recognized email addresses. 6. File Explorer Updates: Dividers have been added to the context menu for improved organization. 7. Voice Access Language Support: Support for Chinese and Japanese languages has been reintroduced in voice access. 8. Windows Share Options: New sharing options for OneDrive files are available when right-clicking to share. 9. Settings Search Box: The search box in Settings has been repositioned for better usability. 10. Fixes: Various fixes have been implemented for Recall, File Explorer, Start Menu, Settings, and other areas. 11. Known Issues: Issues include inaccurate build version display post-PC reset, non-functional reset options, and problems with Xbox Controllers via Bluetooth. 12. Reminders: Updates are rolled out gradually, and features may evolve or be removed before final release.

Winsage

June 12, 2025

UEFI BIOS flaws: SecureBoot bypass and firmware replacement possible

Recent findings have identified two vulnerabilities in various UEFI BIOS versions from multiple manufacturers, compromising the SecureBoot mechanism. These vulnerabilities allow attackers to bypass SecureBoot protections and replace firmware, particularly in Insyde BIOSes. The issues stem from unprotected NVRAM variables, specifically the "IhisiParamBuffer," which can be manipulated to execute unsigned UEFI binaries. Affected UEFI applications include "DTBios" and "BiosFlashShell" from DTResearch, with a CVSS score of 8.2. Microsoft has added 14 new hashes to its DBX database to mitigate these risks. Additionally, a vulnerability in the Insyde H2O UEFI firmware app allows attackers to infiltrate digital certificates due to the insecure handling of the "SecureFlashCertData" variable, which is incorrectly treated as trusted memory. This flaw, known as "Hydroph0bia," has a CVSS score of 7.8 and enables unauthorized execution of firmware certified with manipulated certificates. Manufacturers are urged to provide firmware updates to address these vulnerabilities, as inconsistent support for locking UEFI variables raises security concerns.

Winsage

June 11, 2025

Patch your Windows PC now before bootkit malware takes it over

Microsoft's June updates address a significant vulnerability identified as CVE-2025-3052, which allows attackers to gain control over a PC via bootkit malware by bypassing the Secure Boot feature. This memory corruption issue enables unsigned code to run during the boot process, compromising the system's chain of trust. The vulnerability allows an attacker to sign a compromised UEFI application with Microsoft’s third-party certificates, granting it unrestricted execution rights. Although the flaw has not been exploited in real-world scenarios, it has been present since late 2022. Microsoft has released a patch for this flaw, and users of Windows 10 or 11 are advised to download the latest updates to protect their PCs. Additionally, June's Patch Tuesday addressed a total of 66 weaknesses, including another Secure Boot flaw (CVE-2025-4275) and a zero-day vulnerability (CVE-2025-33053).

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.

Winsage

June 10, 2025

Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day

Microsoft addressed 66 vulnerabilities in a recent Patch Tuesday update, including a critical zero-day exploit, CVE-2025-33053, which has been exploited by the espionage group Stealth Falcon against a defense contractor in Turkey. Stealth Falcon has targeted high-profile government and defense entities in the Middle East and Africa since 2012. CISA has added CVE-2025-33053 to its catalog of known exploited vulnerabilities. The group employs innovative infection methods, including WebDAV and multi-stage loaders. Many organizations may be at risk due to inadequate security measures for WebDAV, with estimates suggesting up to 80% of organizations could be vulnerable. The update also includes another critical vulnerability, CVE-2025-47966, allowing unauthorized access to sensitive information in Power Automate, as well as 17 vulnerabilities affecting Microsoft Office products, with three likely to be exploited.

AppWizard

June 10, 2025

Android Enterprise’s latest update is here to tackle the modern work grind

- The latest Android Enterprise feature drop includes Advanced Protection and Identity Check, enhancing security by preventing unauthorized access even if a user's PIN is compromised. - Employees can use their phones to load corporate IDs into Google Wallet for access to NFC-enabled buildings. - The Advanced Protection feature provides robust defense against cyber threats, while Identity Check requires face or fingerprint verification for access. - IT teams can utilize APN Overrides via AMAPI to push customized network settings to company devices, ensuring compliance with data usage policies. - Work applications are updated with Material 3 Expressive in Android 16, offering improved visuals and usability. - Gemini integration in Google Docs allows users to summarize documents and draft content in over 20 languages. - Notifications are auto-grouped to reduce distractions and improve focus. - The Desktop Windowing feature enables multitasking on tablets by allowing multiple app windows to be run side by side. - Taskbar Overflow provides an expandable panel for managing open applications on tablets. - Support for Android App Bundle (AAB) files for Managed Google Play enhances the deployment of private applications.

Winsage

June 9, 2025

Microsoft: Remedy for security vulnerability due to deleted “inetpub” folder

A recent Microsoft security update has created a new folder named "inetpub" on Windows systems, which is essential for system security. If users delete this folder, it can lead to significant vulnerabilities. Microsoft has released a Powershell script, Set-InetpubFolderAcl.ps1, to restore the "inetpub" folder and set the correct permissions. Systems that installed the April security update (KB5055528) must take immediate action if the "inetpub" directory is missing. The script also updates access rights for the "DeviceHealthAttestation" directory, if it exists. Administrative rights are required to run the script. This issue was highlighted by IT security researcher Kevin Beaumont, who noted that deleting the "inetpub" folder could disrupt the installation of future security updates.

Winsage

June 6, 2025

Microsoft shares script to restore inetpub folder you shouldn’t delete

Microsoft has released a PowerShell script to help restore the C:Inetpub folder, which is crucial for addressing a high-severity privilege escalation vulnerability associated with Windows Process Activation. The folder's unexpected appearance after the April 2025 Windows security updates led some users to delete it, inadvertently exposing their systems to vulnerabilities. Microsoft emphasizes that the folder should not be deleted, as it is integral to the security framework, regardless of whether Internet Information Services (IIS) is active. The script allows administrators to recreate the folder with the correct permissions and access control settings.