vulnerabilities Archives

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.

Winsage

May 23, 2026

‘Pause Windows Updates’—Microsoft Starts Fixing PC Problem

Microsoft is changing its approach to Windows updates by allowing users to pause updates for one week and is developing a new feature called “Pick a date” that will enable users to pause updates for up to 35 days. Users will have the option to extend the pause period through a calendar feature. This shift comes in response to user frustrations and the increasing number of updates, which may indicate a need for better user control over update timing. However, experts advise against indefinite postponement of updates due to security risks.

Winsage

May 23, 2026

Microsoft says you should pause Windows 11 Updates when you need to work, as it tests greater controller

Microsoft is shifting its approach to Windows updates, responding to user frustrations about receiving update notifications during critical work hours. The company is currently testing more nuanced controls for updates with Windows Insiders, including a "Pick a date" feature that allows users to pause updates for up to 35 days, with the option to extend the pause indefinitely. Retail Windows 11 users can pause updates for up to five weeks, after which updates will automatically download without further pause options. Microsoft acknowledges that the frequency of updates can disrupt workflows for its 1.6 billion users, many of whom view mandatory updates as interruptions. The time required for updates has increased due to larger cumulative update packages, which can exceed 4GB, and the complexity of the operating system. To improve user control, Microsoft is testing a new power menu that separates update and shutdown options, allowing users to power down without installing updates. Additionally, updates will now include device class information in their titles for better user awareness. These changes aim to streamline the update experience and address long-standing user complaints.

Winsage

May 23, 2026

Microsoft Windows Дефендер тизимидаги хавфли заифликларни бартараф этди

Microsoft has identified two significant vulnerabilities in Windows Defender, specifically related to the Malware Protection Engine, which could allow denial-of-service attacks. These vulnerabilities could destabilize the security mechanism of Windows. Microsoft has released patches in versions 1.1.26040.8 and 4.18.26040.7 of the Malware Protection Engine to address these issues. Users with automatic updates enabled will receive these patches without further action, but it is recommended that users manually check for updates in the Windows Security settings. There is currently no evidence that these vulnerabilities have been exploited in real-world scenarios.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Tech Optimizer

May 23, 2026

CVE-2026-9082: Critical Drupal Core SQLi Flaw

Drupal has issued critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which affects sites using PostgreSQL databases. This flaw allows anonymous attackers to exploit the system through arbitrary SQL injection, posing risks such as sensitive information disclosure, privilege escalation, and remote code execution. The vulnerability is rated 20 out of 25 by Drupal and 6.5 out of 10 by CVE.org. It specifically impacts the database abstraction API, which fails to properly sanitize queries. The fixed versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10, with best-effort patches available for unsupported versions 9.5 and 8.9. Organizations are advised to inventory their Drupal installations, verify PostgreSQL usage, and prioritize patching for public-facing sites.

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

Tech Optimizer

May 22, 2026

Microsoft confirms two major Defender security issues — so update now or face possible attack

Microsoft has addressed two critical zero-day vulnerabilities in its Defender antivirus software: CVE-2026-41091 (privilege escalation) and CVE-2026-45498 (denial of service). The patches were delivered through Malware Protection Engine version 1.1.26040.8 and Antimalware Platform version 4.18.26040.7. Users are advised to verify their software versions to ensure they have the latest updates. Both vulnerabilities have been included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, requiring federal agencies to patch them or stop using the affected software by June 3.

AppWizard

May 22, 2026

I’ve been playing games for 40 years, writing about them for 20, and I’m here to say parts of Roblox need to be legislated out of existence

An experiment by Professor Marcus Carter's team found that children quickly converted gift cards into Robux on Roblox, raising concerns about the platform's monetization strategies, which include deceptive practices in 14 of the top 15 games. Tactics like "near miss" visuals and countdown timers encourage spending, while many children reported being scammed through item swaps and gem-doubling schemes. Complaints to the Federal Trade Commission from organizations like Fairplay and the National Centre on Sexual Exploitation highlight how Roblox's design exploits children's developmental vulnerabilities, particularly impulse control. One case involved a 10-year-old girl who spent over ,000 in two months despite parental attempts to limit purchases. Critics argue that Roblox prioritizes profit over user well-being, with features designed to maximize engagement rather than genuine enjoyment. Experts advocate for legislative changes to address these issues, warning that without intervention, Roblox will continue to exploit young users.

Tech Optimizer

May 21, 2026

CVE-2024-55638: Highly Critical Drupal Core Vulnerability Threatens PostgreSQL Sites with Remote Code Execution (RCE)

A critical vulnerability, CVE-2024-55638, has been identified in Drupal Core, affecting installations using PostgreSQL as their backend database. This vulnerability involves PHP Object Injection, which can lead to full Remote Code Execution (RCE) when combined with another deserialization flaw. It cannot be exploited independently but increases the risk for Drupal installations that use third-party modules or custom code that improperly employs the unserialize() function. The affected versions include Drupal Core 7.x prior to 7.102, 8.0.0 and above prior to 10.2.11, and 10.3.0 prior to 10.3.9, with patched versions being 7.102, 10.2.11, and 10.3.9. The vulnerability is particularly relevant for sites using PostgreSQL, and organizations are urged to upgrade to the patched versions and audit their code for unsafe unserialize() usage. Currently, there are no confirmed reports of exploitation in the wild, but the risk remains high due to insecure deserialization bugs in third-party modules. The EPSS score for this vulnerability is 9.93%, indicating a significant likelihood of exploitation in the near future.