USB Drive Archives

Winsage

June 14, 2026

When Windows 7 Arrived in Japan, It Came Printed on Toilet Paper

On October 22, 2009, Japan launched Windows 7, accompanied by a unique promotional item: a roll of toilet paper featuring Windows 7 branding and details about its enhancements. This marketing strategy was similar to the previous promotion for Windows Vista Service Pack 1. The toilet paper included messages about Windows 7's speed, security, and compatibility improvements, with sections detailing faster startup times, enhanced memory management, a streamlined user interface, and security features like the Action Center and BitLocker To Go. Networking capabilities were improved with HomeGroup, and Windows Media Center expanded its functionality. The design of the promotional toilet paper allowed users to revisit key points easily, and some versions mimicked Windows software boxes. This initiative was driven by local retailers, reflecting Japan's trend of quirky promotions in the electronics retail sector.

Winsage

May 30, 2026

How to Free Up Disk Space on Windows 11

Your C: drive may be full, causing Windows to send reminders about low disk space or updates failing to install. Windows 11 includes built-in tools to help reclaim disk space. The guide outlines methods for recovering space, starting with the quickest techniques. 1. Cleanup Recommendations: Navigate to Start > Settings > System > Storage > Cleanup recommendations to review and remove temporary files, large or unused files, and apps. Deleting the previous Windows installation can recover several gigabytes but is irreversible. 2. Clear Temporary Files Manually: Go to Start > Settings > System > Storage > Temporary files to manually select and remove temporary files. 3. Empty the Recycle Bin: Right-click the Recycle Bin and select Empty Recycle Bin to reclaim space from deleted files. 4. Find and Move Large Personal Files: Use File Explorer to locate and move large files from Videos, Music, Pictures, or Downloads to an external drive. 5. Uninstall Unused Apps: Uninstall applications via Start > Settings > Apps > Installed apps, the Start menu, or Control Panel. 6. Turn On Storage Sense: Activate Storage Sense in Start > Settings > System > Storage to automate cleanups. 7. Configure Storage Sense Schedule: Adjust the schedule for Storage Sense cleanups in Start > Settings > System > Storage > Storage Sense. 8. Use Classic Disk Cleanup: Access the classic Disk Cleanup tool by typing "disk cleanup" in the search box to remove system files and items overlooked by the Settings scan. 9. Free Up Local Space with OneDrive Files On-Demand: Enable Files On-Demand in OneDrive settings to keep files in the cloud and free up local space. 10. Redirect Where New Content Is Saved: Change the default save location for new files in Start > Settings > System > Storage > Advanced storage settings. 11. Use External Storage to Install a Stuck Update: Connect an external USB drive with at least 10 GB of free space to assist with installing updates. 12. Rule Out Malware: Run a Windows Security antivirus scan if disk space continues to disappear unexpectedly. Deleting files in File Explorer moves them to the Recycle Bin, and space is not reclaimed until it is emptied. Deleting the previous Windows installation is irreversible and can only be done within 10 days of an upgrade. The KB5074105 update changed the scan context for Temporary files, preventing certain admin-restricted items from being detected. Storage Sense operates only on the system drive and does not automatically delete files in Downloads or OneDrive unless configured.

Winsage

May 25, 2026

Use Tiny11 to Rescue a Computer Running Windows 10

Microsoft has ended official updates and security patches for Windows 10, raising security concerns for users. Tiny11, an unofficial and streamlined version of Windows 11, serves as an alternative for those unable to upgrade due to hardware limitations. Tiny11 reduces bloat by removing preinstalled applications but lacks regular updates and robust security protections. A valid Windows 11 license key is required to use Tiny11. Users can obtain a Tiny11 ISO by downloading it from the Internet Archive or creating their own using a script from the Tiny11 GitHub page alongside an official Windows 11 ISO. To create a bootable USB drive for installation, users need at least an 8 GB USB drive and a program like Rufus.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 10, 2026

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

Between May 6 and May 7, 2026, the official JDownloader website was compromised in a supply chain attack, leading to the distribution of malicious installers for Windows and Linux users. Attackers altered download links, redirecting users to harmful files, specifically targeting the Windows “Alternative Installer” and the Linux shell installer. A Reddit user reported the issue after Microsoft Defender flagged the installers as malicious, noting unusual developer names instead of the expected publisher, AppWork GmbH. JDownloader developers confirmed the breach and temporarily took down the website for investigation, revealing that an unpatched vulnerability in the content management system allowed the attackers to modify download pages. The genuine installer packages were not altered, and the malicious links were removed. The website was restored on May 8–9, 2026, with verified clean installer links. Indicators of compromise included specific hashes and compromised URLs related to the attack.

TrendTechie

April 27, 2026

Домашний Netflix за вечер: Transmission + Jellyfin + Telegram-бот на Docker с поддержкой NAS

The setup involves a Keenetic router with a 2TB USB drive, functioning as a NAS for network storage. It utilizes three Docker containers: Transmission with Flood UI for torrent management, Jellyfin as a media server, and a Telegram bot for adding torrents and receiving notifications. The process allows users to send .torrent files via Telegram, which are then downloaded and made available in Jellyfin for viewing on various devices. The configuration requires Docker, a NAS or router with SMB share, and a Telegram account. The system is designed to maintain data integrity through OS reinstalls, and it can be set up quickly using a provided repository and configuration files.