We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Visual Studio

Celebrating Microsoft's 50 years - The Official Microsoft Blog
Winsage
April 5, 2025

Celebrating Microsoft’s 50 years – The Official Microsoft Blog

Satya Nadella, Chairman and CEO of Microsoft, spoke at the company's 50th anniversary, reflecting on its founding by Bill Gates and Paul Allen. He emphasized Microsoft's commitment to empowering individuals through technology, highlighting the importance of the past while focusing on future innovations, particularly in AI. Nadella introduced advancements in Microsoft’s development tools, such as Agent Mode in Visual Studio Code and the Code Review Agent, which enhance the developer experience. He reiterated Microsoft's mission to empower every person and organization, stating that tools like Copilot are designed for a wide range of users. Nadella expressed gratitude to all contributors to Microsoft's success and excitement for future innovations.
silver Android smartphone
Winsage
March 20, 2025

Windows 11 File Explorer is about to get a speed boost

Microsoft has released Windows 11 Build 27818 for users in the Canary Channel, enhancing File Explorer's performance for extracting zip files. The update includes general improvements and fixes, such as displaying additional details about Pluton TPM chips in the Windows Security app. The suggested actions feature for copying phone numbers or future dates is being deprecated. A critical fix addresses a d3d9.dll crash affecting application launches. Other improvements include enhanced performance for unzipping files, fixes for File Explorer Home loading issues, taskbar app window preview corrections, resolution of a ctmon.exe crash impacting typing, fixes for Settings launch errors, graphics performance improvements, resolution of Visual Studio Code installation issues with Admin Protection, and fixes for Remote Desktop freezing issues. Additionally, a fix addresses application opening failures related to a virtual machine component error.
Bypassing Windows Defender Application Control with Loki C2
Winsage
March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

Microsoft's Windows Defender Application Control (WDAC) has become a target for cybersecurity researchers, with bug bounty payouts for successful bypasses. IBM's X-Force team reported various outcomes from WDAC bypass submissions, including successful bypasses that lead to potential bounties, those added to the WDAC recommended block list, and submissions without recognition. Notable contributors like Jimmy Bayne and Casey Smith have made significant discoveries, while the LOLBAS Project has documented additional bypasses, including the Microsoft Teams application. The X-Force team successfully bypassed WDAC during Red Team Operations using techniques such as utilizing known LOLBINs, DLL side-loading, exploiting custom exclusion rules, and identifying new execution chains in trusted applications. Electron applications, which can execute JavaScript and interact with the operating system, present unique vulnerabilities, as demonstrated by a supply-chain attack on the MiMi chat application. In preparation for a Red Team operation, Bobby Cooke's team explored the legacy Microsoft Teams application, discovering vulnerabilities in signed Node modules that allowed them to execute shellcode without triggering WDAC restrictions. They developed a JavaScript-based C2 framework called Loki C2, designed to operate within WDAC policies and facilitate reconnaissance and payload deployment. A demonstration of Loki C2 showcased its ability to bypass strict WDAC policies by modifying resources of the legitimate Teams application, allowing undetected code execution. The ongoing development of techniques and tools by the X-Force team reflects the evolving cybersecurity landscape and the continuous adaptation required to counter emerging threats.
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Winsage
March 11, 2025

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Microsoft released security updates on March 2025 Patch Tuesday, addressing 57 vulnerabilities, including six classified as critical related to remote code execution. The vulnerabilities are categorized as follows: 23 Elevation of Privilege, 3 Security Feature Bypass, 23 Remote Code Execution, 4 Information Disclosure, 1 Denial of Service, and 3 Spoofing. The updates specifically address six actively exploited zero-day vulnerabilities and one publicly disclosed zero-day vulnerability. The zero-day vulnerabilities include: 1. CVE-2025-24983 - Elevation of Privilege in Windows Win32 Kernel Subsystem. 2. CVE-2025-24984 - Information Disclosure in Windows NTFS. 3. CVE-2025-24985 - Remote Code Execution in Windows Fast FAT File System Driver. 4. CVE-2025-24991 - Information Disclosure in Windows NTFS. 5. CVE-2025-24993 - Remote Code Execution in Windows NTFS. 6. CVE-2025-26633 - Security Feature Bypass in Microsoft Management Console. The publicly disclosed zero-day is: - CVE-2025-26630 - Remote Code Execution in Microsoft Access. A comprehensive list of resolved vulnerabilities includes various CVE IDs and their respective titles and severities, with several vulnerabilities affecting Microsoft Office products, Windows components, and Azure services.
silver Android smartphone
Winsage
March 3, 2025

5 reasons why you should use Notepad++ instead of Notepad on Windows 11

Notepad++ is an open-source text editing application that serves as a comprehensive replacement for the basic Notepad in Windows 11. It supports a wide range of file types beyond the limited formats of Notepad, including XML and JSON with proper formatting through plugins. Notepad++ offers syntax highlighting for over 80 programming languages, enhancing readability and reducing errors. It includes an advanced find and replace function with Regular Expressions (RegEx) for efficient bulk text editing. The application features a focused clipboard history that allows users to retrieve previously copied text easily. Additionally, Notepad++ has a rich plugin ecosystem that enables users to expand its functionality with features like spellcheck, FTP support, and code execution for various programming languages.
I used Explorer Tab Utility to make Windows Explorer tabs work like a web browser
Winsage
February 23, 2025

I used Explorer Tab Utility to make Windows Explorer tabs work like a web browser

Windows Explorer is a key application for file navigation on Windows PCs, but managing multiple instances can be cumbersome. The Explorer Tab Utility enhances this experience by allowing users to open multiple Windows Explorer instances as tabs within a single window, similar to web browsers. This utility requires Windows 11 (22H2 Build 22621 or later) and integrates seamlessly with Windows Explorer upon installation. Users can rearrange tabs, open multiple folders as individual tabs, and utilize customizable hotkeys for efficiency. Although some antivirus programs may flag it as malware, it is an open-source application. After using the utility, many users find it challenging to return to standard Windows Explorer due to its improved functionality and streamlined interface.
Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild
Winsage
February 12, 2025

Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild

Microsoft's February Patch Tuesday update addresses 61 vulnerabilities, including 25 critical Remote Code Execution (RCE) vulnerabilities. Three of these are zero-days, actively exploited before the update: 1. CVE-2023-24932: Secure Boot security feature bypass requiring physical access or administrative rights. 2. CVE-2025-21391: Windows Storage elevation of privilege vulnerability that could lead to data deletion. 3. CVE-2025-21418: Vulnerability in Windows Ancillary Function Driver for WinSock allowing privilege escalation. Critical vulnerabilities include: - CVE-2025-21376: Windows LDAP RCE vulnerability. - CVE-2025-21379: RCE vulnerability in DHCP Client Service. - CVE-2025-21381: RCE vulnerability in Microsoft Excel. The update also addresses additional vulnerabilities related to remote code execution, elevation of privilege, denial of service, security feature bypass, spoofing, and information disclosure across various Microsoft products. Microsoft advises immediate application of the updates to mitigate risks.
Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE's Fixed
Winsage
February 12, 2025

Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE’s Fixed

Microsoft released its February 2025 Patch Tuesday security updates, addressing over 61 vulnerabilities across its products. The updates include: - 25 Remote Code Execution vulnerabilities - 14 Elevation of Privilege vulnerabilities - 6 Denial of Service vulnerabilities - 4 Security Feature Bypass vulnerabilities - 2 Spoofing vulnerabilities - 1 Information Disclosure vulnerability Notable critical vulnerabilities include: - CVE-2025-21376: Remote code execution risk via LDAP protocol. - CVE-2025-21379: Flaw in DHCP client service allowing system compromise via crafted network packets. - CVE-2025-21381, CVE-2025-21386, CVE-2025-21387: Multiple vulnerabilities in Microsoft Excel enabling code execution through specially crafted files. - CVE-2025-21406, CVE-2025-21407: Vulnerabilities in Windows Telephony Service allowing remote code execution. Two vulnerabilities confirmed as actively exploited: - CVE-2023-24932: Bypass of Secure Boot protections. - CVE-2025-21391: Elevated privileges on affected systems. - CVE-2025-21418: Gain SYSTEM privileges through exploitation. Other notable fixes include vulnerabilities in Visual Studio and Microsoft Office that could lead to remote code execution. Users can apply updates via Windows Update, Microsoft Update Catalog, or WSUS. Microsoft emphasizes the urgency of these updates due to the active exploitation of certain vulnerabilities.
Zero Day Initiative — The February 2025 Security Update Review
Winsage
February 11, 2025

Zero Day Initiative — The February 2025 Security Update Review

Adobe released seven bulletins in February 2025, addressing 45 CVEs across products such as InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. The updates include: - InDesign: Seven bugs fixed, four rated Critical. - Illustrator: Three critical bugs allowing arbitrary code execution when opening malicious files. - Substance 3D Stager: One DoS bug fixed. - InCopy: One critical-rated code execution vulnerability patched. - Substance 3D Designer: One critical-rated code execution vulnerability patched. - Photoshop Elements: One important-rated privilege escalation vulnerability addressed. None of the patched vulnerabilities were publicly known or under active attack at the time of release. Microsoft released patches for 57 new CVEs affecting Windows, Office, Azure, Visual Studio, and Remote Desktop Services, totaling 67 CVEs including third-party submissions. The severity ratings are: - 3 rated Critical - 53 rated Important - 1 rated Moderate Two vulnerabilities are publicly known, and two are under active attack. Notable vulnerabilities include: - CVE-2025-21391: Windows Storage Elevation of Privilege Vulnerability allowing file deletion and privilege escalation. - CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability requiring authenticated user interaction. - CVE-2025-21376: Windows LDAP Remote Code Execution Vulnerability allowing unauthenticated remote code execution. - CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability exploitable through the Preview Pane requiring user interaction.
5 reasons you should use PowerShell even if you don’t use Windows
Winsage
February 4, 2025

5 reasons you should use PowerShell even if you don’t use Windows

PowerShell is a command-line interface that operates across Windows, Linux, and macOS, designed for automation and system management. It utilizes the Common Language Runtime (CLR) from the .NET framework, allowing it to function on any OS with CLR support. PowerShell automates repetitive tasks, enhancing productivity in file management, data processing, and system administration. It provides a familiar interface for system administrators managing mixed environments, facilitating effective cross-platform network management. PowerShell is compatible with Microsoft services like Azure, AWS, VMware, Exchange, and Active Directory, and can execute certain Linux commands natively. Since becoming open-source under the MIT license, it has encouraged community contributions and adaptation for modern IT environments. PowerShell differs from Windows PowerShell by offering cross-platform functionality and regular updates, making it a versatile tool for managing systems and services across various operating systems.
Search