VMware Archives

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

December 25, 2025

Native NVMe support in Windows Server 2025 promises dramatic speed gains

Microsoft has introduced native NVMe support in Windows Server 2025, enhancing the performance of modern NVMe devices, including PCIe Gen5 SSDs and high-end Host Bus Adapters (HBAs). This feature eliminates the translation layers that previously routed NVMe I/O through SCSI, resulting in reduced processing overhead and latency. Testing shows that Windows Server 2025 can achieve up to 80% higher 4K random read IOPS and approximately 45% fewer CPU cycles per I/O compared to Windows Server 2022. The enhancements benefit enterprise applications such as SQL Server, OLTP workloads, and virtualization environments using Hyper-V, as well as analytics and AI/ML workloads. To utilize native NVMe, system administrators must use the in-box Windows NVMe driver, and the feature requires an opt-in process with the latest cumulative update and registry key or Group Policy configuration. Organizations should validate the implementation to assess its impact on their production environments.

Winsage

December 15, 2025

Repurposing an ‘Obsolete’ Windows 10 Laptop into a Thin Client, Part 2 — Virtualization Review

The article discusses the potential of extending the lifespan of aging Windows 10 hardware by repurposing it with 10ZiG's RepurpOS, particularly on a Dell Latitude E7440. It evaluates how well RepurpOS handles Virtual Desktop Infrastructure (VDI) workloads, including tests with Microsoft Office applications, high-resolution video streaming, and unified communications via Zoom. The performance during these tests was comparable to that of a Windows 11 system. RepurpOS supports dual-monitor setups and utilizes Multimedia Redirection (MMR) to optimize unified communications processing. It also allows access to SaaS applications through a local web browser, with Google Chrome functioning smoothly for tasks like streaming and using MS Office 365. Additionally, 10ZiG introduced the 10ZiG Secure Browser to enhance web security for businesses. The dual monitor support was confirmed, allowing for independent and mirrored display modes.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

AppWizard

November 10, 2025

Windows 11 ends Android app support: practical workarounds

Microsoft has discontinued the Windows Subsystem for Android and its integration with the Amazon Appstore on Windows 11 due to low demand. Users can no longer use an official Microsoft method to install general Android apps. The primary alternatives are Google Play Games on PC, which focuses on gaming, and third-party emulators like BlueStacks, LDPlayer, and GameLoop for a broader range of applications. To use Google Play Games, users need a PC with at least 8 GB RAM, a modern quad-core processor, hardware-accelerated graphics, SSD storage with 10 GB free, and hardware virtualization enabled. Users must enable virtualization in their UEFI or BIOS settings and activate the Virtual Machine Platform and Windows Hypervisor Platform in Windows. Emulators allow users to run full Android apps on Windows. They can download apps from the Google Play Store within the emulator or sideload APK files. Users should be cautious about security risks when sideloading apps and stick to reputable sources. Performance tuning for emulators involves allocating sufficient resources, resolving virtualization conflicts, and optimizing settings like resolution and frame rate. Users are advised to install on SSDs and minimize background tasks for better performance.

Winsage

October 31, 2025

Veteran Windows insider creates Windows 7 install measuring just 69MB in size — system boots, but has been pruned so severely ‘virtually nothing can run’ for now

A bootable version of Windows 7 has been created that occupies 69MB of disk space, developed by Xeno, a Windows Insider. This version requires users to provide their own system files for basic functionality and is described as a "fun proof of concept" rather than a fully functional operating system. The installer is a 7zip compressed file of 40.4MB hosted on Archive.org, containing a compact VMware virtual disk and configuration file. The current version has limited functionality due to missing critical files, but Xeno has received encouragement to refine it into a more usable version. There is potential for further optimization, as many included files may be unnecessary.

Winsage

October 22, 2025

Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

Microsoft has identified an authentication issue affecting users of Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025, due to updates rolled out since late August 2025. These updates have caused failures in Kerberos and NTLM protocols on devices with identical Security Identifiers (SIDs), leading to widespread login disruptions in enterprise networks. Users have reported repeated credential prompts, error messages, and compromised network access, including issues with Remote Desktop Protocol (RDP) sessions and Failover Clustering operations. Event Viewer logs indicate machine ID mismatches and potential session discrepancies. The problem is particularly severe in virtual desktop infrastructure (VDI) environments where multiple machines share SIDs. Microsoft has emphasized the importance of using the Sysprep tool to ensure unique SIDs during cloning, as the recent updates now strictly verify SIDs during authentication. IT administrators can temporarily alleviate the authentication blocks with a specialized Group Policy, but a permanent solution involves rebuilding devices using approved cloning procedures. As of October 21, 2025, no broader patch has been released.

AppWizard

October 19, 2025

Virtual Android Cloud Phone Market by Type and Application Set for 20.5% CAGR Growth Through 2033

The global Virtual Android Cloud Phone market is projected to reach USD 10 billion by 2031, with a compound annual growth rate (CAGR) of 20.5% from 2025 to 2031. The market is expected to achieve USD 2.5 billion in 2024. Key drivers of growth include increased demand for cloud-based mobile testing, virtual device management, and remote app deployment. Major players in the market include Google, Amazon Web Services, Microsoft, VMware, Alibaba Cloud, Citrix, Samsung, Huawei, NVIDIA, Oracle, Zoho, and MobiCloud. The market is experiencing varied growth across regions, with North America holding a significant share, Europe rapidly growing, and Asia-Pacific anticipated to have the highest growth potential. Emerging markets in Latin America, the Middle East, and Africa are also showing moderate growth.