VBScript Archives

Winsage

March 18, 2025

Learn how the Windows Server 2025 editions differ

Microsoft is set to release Windows Server 2025 in November 2024, featuring several editions: Essentials, Standard, Datacenter, and Datacenter Azure. Windows Server Essentials is limited to servers with a single CPU and fewer than 10 cores and can only be obtained through hardware OEMs. The Standard edition allows Hyper-V licensing for up to two virtual machines, while the Datacenter edition has no such limits and offers more flexibility with disaster recovery features. The Datacenter Azure edition is optimized for the cloud and receives annual updates. The hardware requirements for Windows Server 2025 include a minimum 64-bit CPU at 1.4 GHz, support for various instructions, and the ability to accommodate up to 2,048 logical processors. The minimum memory requirement is 512 MB, with 2 GB recommended for optimal performance. Storage requirements suggest at least 64 GB for better performance, especially with Desktop Experience, and a Gigabit Ethernet adapter is necessary for networking. Several features have been deprecated in Windows Server 2025, including Computer Browser, Failover Clustering Cluster Sets, and NTLM, among others. Completely removed features include IIS 6 Management Console, NTLMv1, and Windows PowerShell 2.0 Engine. Organizations planning to migrate to Windows Server 2025 must ensure their hardware meets the minimum requirements and can perform an in-place upgrade if currently using Windows Server 2012 R2 or newer. Testing in a lab environment and backing up servers before migration are recommended steps.

Winsage

February 27, 2025

LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager

LCRYX ransomware, a VBScript-based threat, re-emerged in February 2025 after first appearing in November 2024. It encrypts files with the .lcryx extension and demands a ransom of 0 in Bitcoin for decryption. The ransomware operates with administrative privileges, disables essential system tools like Task Manager and Command Prompt, and restricts access to the Control Panel. It prevents the execution of diagnostic tools and disables inactivity timeouts. LCRYX ensures persistence by modifying registry settings and remapping keyboard keys. It uses a combination of Caesar cipher and XOR encryption techniques, eliminates backups, and makes recovery nearly impossible. The malware terminates essential processes, overwrites the Master Boot Record, and disables real-time monitoring features of antivirus solutions. After encryption, it generates a ransom note directing victims to a payment website. Some variants display pop-ups revealing the victim’s IP address or launch unrelated applications. Users are advised to implement comprehensive security solutions and maintain regular backups.

Winsage

November 12, 2024

Revamped Remcos RAT Deployed Against Microsoft Users

Threat actors have enhanced the Remcos remote access tool, making it a more sophisticated malware variant by using multiple layers of scripting languages to evade detection. This new campaign exploits a known remote code execution vulnerability in unpatched Microsoft Office and WordPad applications, initiated through a phishing email containing a disguised Excel file. The malware employs various encoding methods and obfuscation techniques to avoid analysis, including the use of PowerShell scripts and API hooking. It gathers information from the victim's device and transmits it to a command and control server. Experts emphasize the importance of patching, employee training, and robust endpoint protection to defend against such attacks.

Winsage

November 4, 2024

Big update for admins as Windows Server 2025 lands

Windows Server 2025 has been released, featuring significant updates including a larger Active Directory Domain Services database page size of 32k, enhancements in Software Defined Networking (SDN), improved security protocols for Server Message Block (SMB), and better virtualization capabilities. It is available in Standard, Datacenter, and Datacenter: Azure editions, and upgrades are possible from Windows Server 2012 R2. Key features removed include WordPad, the SMTP service, and the IIS 6 management console, while the Windows PowerShell 2.0 engine is no longer supported. Features no longer receiving development support include all versions of NTLM, the Computer Browser driver and service, and VBScript. The hardware requirements include a 64-bit processor with a minimum of 1.4 GHz, support for the x64 instruction set, POPCNT instruction, and SSE4.2 instruction set. Known issues include installation text appearing in English in non-English environments and a "boot device inaccessible" error in some iSCSI setups. Windows Server 2022 will remain under mainstream support until October 13, 2026, while Windows Server 2025 will receive mainstream support until October 9, 2029, followed by extended support until October 10, 2034.

Winsage

October 23, 2024

Not just Western Digital – Windows 24H2 BSODs Asus kit

Microsoft has issued a cautionary note regarding compatibility issues with the Windows 11 24H2 update affecting certain Asus systems, specifically the X415KA and X515KA models, which may encounter a Blue Screen of Death (BSOD) during the update process. The update has led to user dissatisfaction due to the removal of features like WordPad and VBScript, as well as an unexpected accumulation of 8.63 GB of unnecessary data in the "Windows Update Cleanup" folder, which Microsoft has addressed with a fix. Western Digital also released an urgent fix for its hard drives experiencing BSOD incidents post-update. Microsoft advised administrators to verify safeguard ID: 54157480 to ensure their systems remain unaffected, while users of Voicemeeter should be aware of potential BSOD errors linked to the update.

Winsage

October 3, 2024

What’s gone from Windows 11 24H2

WordPad has been officially deprecated as of 2023 and will no longer be included in any editions of Windows starting with version 24H2 and Windows Server 2025. Users are directed to use Microsoft Word for rich text documents and Notepad for plain text. Windows Mixed Reality has also been discontinued in Windows 11 24H2, with no support or updates after November 2026. Additionally, the AllJoyn framework has been removed from Windows 11 24H2.

Winsage

August 21, 2024

Windows 11 Insider Dev Channel build 26120.1542 (KB5041872) makes a Widgets taskbar change

Microsoft has released a new Windows 11 build, 26120.1542, for Windows Insider Program participants in the Dev Channel, identified under KB5041872. The update enhances the Widgets feature on the taskbar, introduces a new position for the Widgets entry-point, and adds taskbar navigation enhancements. It also includes bug fixes such as improvements to text suggestions for hardware keyboards, a fix for the emoji panel, and corrections in the Registry Editor. General fixes address issues with adding languages, driver vulnerability updates, Group Policy Preferences, DNS security, PowerShell and VBScript limitations, and BitLocker firmware update failures. Known issues include a repair version notice for certain users and potential crashes in Task Manager.

Winsage

August 6, 2024

Microsoft is getting rid of another Windows feature soon

Microsoft is discontinuing Adobe PostScript Type 1 fonts from its Windows operating system, aligning with Adobe's cessation of support for this font series that began in January 2023. Developers are encouraged to transition to more modern font types. This change affects users of Adobe products, as Type 1 fonts will no longer be available for content authoring. While PDFs with embedded Type 1 fonts will still display correctly in Adobe Acrobat Reader, unembedded fonts will be substituted based on Adobe's font substitution table. Most mobile operating systems and web browsers have already stopped supporting Type 1 fonts, and Microsoft has not provided a specific timeline for the transition on Windows PCs.

Winsage

July 29, 2024

New Specula tool uses Outlook for remote code execution in Windows

Microsoft Outlook has a vulnerability, CVE-2017-11774, that allows for remote code execution through a new framework called "Specula." This vulnerability, a security feature bypass, was patched in October 2017 but can still be exploited in file-sharing attacks. Attackers can create malicious document files to trick users into opening them, and despite Microsoft's mitigation efforts, they can set harmful home pages via Windows Registry values. Specula operates within Outlook's context, allowing non-privileged threat actors to manipulate WebView registry entries to connect to an external server. This enables the execution of arbitrary commands on compromised systems using custom VBScript files. Once the registry entry is set, it can be used for persistence and lateral movement across systems, taking advantage of Outlook's trusted process status to evade security measures. U.S. Cyber Command previously warned about the risks of CVE-2017-11774, which has been exploited by Iranian-sponsored APT groups since at least 2018.

Winsage

July 13, 2024

Microsoft fixes bug causing Windows Update automation issues

Microsoft has resolved an issue caused by the June 2024 KB5039302 preview update, impacting only client platforms in enterprise environments. To resolve the bug, admins must install and set up a KIR Group Policy targeting the affected Windows versions.