user account Archives

Winsage

May 2, 2025

CISOs should re-consider using Microsoft RDP due to password flaw, says expert

Microsoft has clarified that a feature in its operating system, which allows at least one user account to log in after prolonged offline periods, is a deliberate design choice and not a security vulnerability. The Remote Desktop Protocol (RDP) caches the last set of credentials used to prevent administrators from being locked out, but this can lead to complications if credentials are changed, potentially allowing unauthorized access if outdated credentials are exploited. Johannes Ullrich from the SANS Institute emphasized the importance of securing RDP and recommended robust authentication measures and isolation of RDP endpoints to mitigate risks.

Winsage

May 2, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A significant vulnerability has been identified in the Windows Remote Desktop Protocol (RDP), which allows old credentials to remain functional even after a password reset. Security researcher Daniel Wade revealed that users can still access their systems with previously revoked credentials due to the authentication process relying on locally stored credentials that do not update in real-time. Microsoft's Security Response Center acknowledged this behavior but stated it is an intentional design to ensure at least one user account can log in, regardless of the system's online status. Microsoft has been aware of this issue since at least August 2023 and has chosen not to modify the code, citing potential compatibility issues.

Winsage

May 1, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A security flaw in Windows RDP allows previously revoked credentials to remain functional after a password reset, enabling users to access their PCs with old passwords. Microsoft does not classify this issue as a bug, stating it is an intentional design to ensure at least one user account can always log in. This behavior is not flagged by Microsoft Defender, Azure, or Entra ID, and the company's documentation lacks clarity on the matter. Microsoft has been aware of this issue since at least August 2023 but has chosen not to modify the code, citing potential compatibility issues.

Winsage

May 1, 2025

Windows Warning — Microsoft Confirms Old Passwords Still Work To Login

Microsoft has confirmed that users can log into their Windows accounts using old passwords that have been changed and revoked under certain conditions. This behavior is classified as a feature rather than a security vulnerability. The issue arises from the Remote Desktop Protocol (RDP), which allows remote access to Windows machines. An independent security researcher discovered that after changing his password, he could still access his machine using the old credentials, even from new devices. Microsoft's documentation was updated to explain that credentials are verified against a local cached copy before network authentication, allowing continued access with the old password. Microsoft stated that this design ensures at least one user account can always log in, regardless of system offline status, and confirmed there are no plans to change this behavior.

Winsage

April 17, 2025

Forget Windows 11. These mad lads made Linux look like Windows XP!

The Linux distribution Q4OS has introduced a feature that allows users to experience the Windows XP interface, along with other Windows versions, within a Linux environment. Users can download the free Q4OS distribution and install the XPQ4 graphical user interface (GUI) to activate various Windows-like interfaces, including Windows 2000, Windows 7, Windows 8, and Windows 10. A live installation option via USB is available, allowing users to try the experience without installation by downloading the ISO file for XPQ4, referred to as FreeXP. Users can create a bootable USB stick using tools like Rufus or balenaEtcher, and upon booting, they will encounter the FreeXP or Free10 interface. The default login credentials for Q4OS are “adminq” with a blank password, and users can customize the language during startup. The XPQ4 environment allows users to switch between different Windows versions using the ‘XPQ4 Desktop Styles’ tool. The operational experience is designed to feel familiar to Windows users, with features for easy software installation and personalization. Installing Q4OS with XPQ4 involves selecting ‘Install Q4OS’ and following an installation wizard that includes options for language, keyboard model, and user account setup. After installation, users can log in with their new credentials and use a Linux environment that resembles Windows XP.

Winsage

April 1, 2025

Wintoys new update lets you set classic File Explorer, uninstall Edge and more in Windows 11

Wintoys has released a significant 2.0 update for Windows 11 users after nearly a year without updates. Key features include a new logo supporting light and dark modes, a settings restore button, the option to revert to the classic File Explorer, compliance with the Digital Markets Act allowing uninstallation of Microsoft Edge in unsupported regions, an enhanced Super-user Tweaks menu, and updated system properties cards. The update also addresses bugs and improves performance, although there is a known issue with the Alt + Tab function freezing the app. Wintoys 2.0 is available for free download from the Microsoft Store for Windows 10 and 11 users.

Winsage

March 29, 2025

New Windows 11 build makes mandatory Microsoft Account sign-in even more mandatory

Microsoft has released a new Windows Insider build of Windows 11 in its Dev Channel, which includes the removal of the bypassnro command prompt script. This script previously allowed users to bypass the mandatory Microsoft Account sign-in during the setup of new installations. The change is intended to enhance security and user experience, ensuring that all users complete setup with internet connectivity and a Microsoft Account. This decision complicates the setup process for users who prefer local accounts or who lack internet access.

Winsage

March 29, 2025

Microsoft cracks down on Windows 11 users who don’t log in with Microsoft accounts

Microsoft is increasingly favoring the use of Microsoft accounts over traditional local accounts in Windows 11, reflecting a trend towards online connectivity. The ability to create local accounts has been further restricted, with the removal of the bypassnro.cmd script that allowed users to set up local accounts without internet access. Users must now complete the setup process with internet connectivity and a Microsoft account. Third-party tools like Rufus still allow the creation of local accounts during installation, providing a workaround for those who prefer local accounts.

Winsage

March 24, 2025

How has the Windows Start menu evolved? Looking back in time as Microsoft turns 50

In 2025, Microsoft will celebrate its 50th anniversary. The Start menu was first introduced in Windows 95 on August 24, 1995, replacing the "Program Manager" and providing a more intuitive user experience. Subsequent versions included refinements in Windows 98, minimal changes in Windows ME, a redesigned two-column layout in Windows XP, enhanced search functionality in Windows Vista, and updates in Windows 7 that included "Jump Lists." Windows 8 replaced the traditional Start menu with a full-screen Start screen, while Windows 10 reintroduced the Start menu with a hybrid design. Windows 11 featured a centered Taskbar and a simplified Start menu layout with static icons. Each iteration has aimed to balance innovation with user familiarity.

Winsage

March 17, 2025

How to Change Taskbar Size in Windows 11

The taskbar in Windows 11 can be resized using the Registry Editor, as there is no direct option in the Settings menu. To resize the taskbar, users should follow these steps: 1. Open the Start Menu and search for "Registry Editor." 2. Navigate to ComputerHKEYCURRENTUSERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced. 3. Right-click the Advanced folder, select "New," and then "DWORD (32-bit) Value." 4. Rename the new value to "TaskbarSi." 5. Double-click the value and change the value data to: - 0 for a small taskbar - 1 for the default taskbar - 2 for a big taskbar 6. Restart the PC to apply the changes.