vulnerability Archives

Winsage

June 6, 2025

Microsoft Issues Critical Windows Update—Do Not Delete This

Users may face a significant vulnerability related to a Windows update from April 2025, particularly concerning the "inetpub" folder, which is essential for the security of Windows 11 systems. Microsoft clarified that this folder, linked to Internet Information Services (IIS) and necessary for hosting capabilities, should not be deleted. If users have removed the folder, they must restore it to address the security patch for CVE-2025-21204, as its absence can lead to risks such as privilege escalation and unauthorized access. Microsoft has provided a PowerShell script to restore the folder without enabling IIS, and users are advised to follow specific commands to execute the fix. However, many users may not take action, leaving their systems vulnerable.

Winsage

June 6, 2025

Your Windows PC might be at risk if you deleted the “inetpub” folder, but there’s a fix

Windows users have encountered a new "inetpub" folder on their primary drive after the April 2025 Patch Tuesday update. This folder is empty and occupies no storage space, but many users have deleted it out of concern. Microsoft has stated that the folder is part of a security patch for vulnerability CVE-2025-21204 and should not be removed, as it is linked to Internet Information Services (IIS). Users can restore the folder using a PowerShell script if they have deleted it. The folder addresses a security flaw related to improper link resolution that could allow local attackers to manipulate files. Instructions for restoring the folder include running PowerShell as Administrator, allowing signed scripts, downloading a specific script, and applying the fix.

AppWizard

June 3, 2025

Jonathan Joss, who appeared in Cyberpunk 2077 and Red Dead Redemption, shot dead in Texas

Jonathan Joss, a 59-year-old actor known for his roles in video games and as John Redcorn in King of the Hill, was shot multiple times during a confrontation with a neighbor, Sigfredo Alvarez Ceja, near his former residence, which had burned down earlier this year. Emergency medical services pronounced him dead at the scene. Joss's husband, Tristan Kern de Gonzales, reported that they had faced over two years of harassment from local residents, including violent homophobic slurs, leading up to the incident. De Gonzales stated that Joss pushed him out of the way during the shooting, saving his life. Joss had previously indicated that the fire that destroyed their home was an accident caused by a barbecue grill, while de Gonzales claimed it was part of ongoing harassment. Joss's career included voice work in various television shows and video games, with notable roles in Red Dead Redemption, Days Gone, Wasteland 3, and Cyberpunk 2077. He was set to reprise his role in a revival of King of the Hill scheduled to premiere on Hulu in August.

AppWizard

June 2, 2025

Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands

On May 30, 2025, CERT Polska disclosed three security vulnerabilities affecting preinstalled Android applications on Ulefone and Krüger&Matz smartphones: CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917. - CVE-2024-13915: The com.pri.factorytest application allows any app to invoke the FactoryResetService, enabling unauthorized factory resets due to improper export controls (CWE-926). - CVE-2024-13916: The com.pri.applock application exposes a public method that allows malicious apps to steal the user’s PIN, representing an exposure of sensitive system information (CWE-497). - CVE-2024-13917: The exported activity in com.pri.applock allows privilege escalation by enabling malicious apps to inject intents with system-level privileges if they have access to the compromised PIN (CWE-926). Users of affected devices are advised to seek firmware updates or mitigations from their vendors.

AppWizard

June 2, 2025

Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection

Significant vulnerabilities have been identified in pre-installed applications on Ulefone and Krüger&Matz Android smartphones, disclosed on May 30, 2025. Three vulnerabilities affect these devices, including CVE-2024-13915, which targets the com.pri.factorytest application, allowing unauthorized factory resets. CVE-2024-13916 and CVE-2024-13917 affect the com.pri.applock application on Krüger&Matz smartphones, enabling malicious apps to extract user PIN codes and inject arbitrary intents. These vulnerabilities stem from improper export of Android application components, allowing malicious applications to bypass Android’s permission model. Users are advised to check for updates and consider disabling vulnerable applications.

BetaBeacon

June 2, 2025

The best Nintendo 3DS emulator on Android just got even better

The update brings performance and compatibility gains on all platforms.

Tech Optimizer

June 1, 2025

Bitdefender vs. Norton: Which Antivirus Titan Reigns Supreme for Your Digital Safety?

Bitdefender was established in 1996 and rebranded in 2001, becoming the most popular mobile antivirus in North and South America in 2022. Norton was founded in 1982 and became well-known after Symantec's acquisition. Bitdefender achieves over 98% detection rates online and offline, with five false positives in tests, while Norton exceeds 99% online and 97% offline but has a higher false positive rate. Bitdefender offers a configurable firewall in its Total Security package, while Norton provides a customizable firewall across all products. Bitdefender lacks identity theft protection in its core offerings but offers a separate service, while Norton includes comprehensive identity theft protection in its highest tier. Bitdefender includes a VPN with a 200MB daily cap, while Norton offers an unlimited VPN in most tiers. Bitdefender features an integrated password manager without two-factor authentication, while Norton allows credential sharing and has standalone options. Bitdefender provides basic parental controls, while Norton includes additional features like GPS tracking. Bitdefender enhances its packages with a file shredder and vulnerability scanner, while Norton offers SafeCam and Dark Web Monitoring. Bitdefender is known for resource efficiency, receiving awards for performance, while Norton also received recognition for its performance. Bitdefender has an easy-to-navigate interface, while Norton has a more complex interface. In AV-Comparatives tests, Bitdefender slightly surpassed Norton in offline detection and online protection rates. Bitdefender pricing starts at approximately .99/year for one device, while Norton starts at .99/year for one device as well.

Winsage

May 30, 2025

Microsoft May Patch Tuesday fails on some Windows 11 VMs

Microsoft's recent Patch Tuesday update for Windows 11 has faced significant issues, particularly affecting users on versions 22H2 and 23H2. The installation of the May 13 update is failing on some machines, especially in virtual environments, leading to recovery mode entries and boot errors. Users are advised to avoid the update temporarily. The error message indicates a problem with the ACPI.sys file, which is crucial for managing hardware resources. Windows 11 Home and Pro users are likely unaffected, as virtual machines are typically used in enterprise settings. Microsoft has not provided the number of impacted users or a workaround beyond uninstalling the patches, but engineers are working on a resolution. This incident follows previous patching challenges faced by Microsoft this year, including an emergency update for Windows 10 and issues with Remote Desktop sessions in earlier updates.

Tech Optimizer

May 29, 2025

Windows PCs at risk as new tool disarms built-in security

All modern Windows PCs come with Microsoft Defender, a built-in antivirus solution. A tool called Defendnot can disable Microsoft Defender by tricking Windows into believing another antivirus is active. It uses an undocumented API to register a counterfeit antivirus, which leads to Microsoft Defender being automatically disabled without user notification. Defendnot creates a scheduled task for persistence and allows customization of the antivirus name. It is a successor to a previous project, No-Defender, which was removed due to copyright issues. Currently, Microsoft Defender flags Defendnot as a threat.

Tech Optimizer

May 29, 2025

Sophos warns MSPs over DragonForce threat

Sophos has warned managed service providers (MSPs) about their vulnerability to ransomware attacks targeting remote monitoring and management (RMM) tools. They reported a ransomware incident involving DragonForce, where attackers accessed the SimpleHelp RMM to deploy ransomware across multiple endpoints and exfiltrate sensitive data using a double extortion strategy. An alert was triggered by a suspicious SimpleHelp installer file pushed through the MSP's legitimate RMM instance. MSPs utilizing Sophos's managed detection and response (MDR) services successfully prevented hacker access, while those without security investments were impacted by the ransomware and data exfiltration. Following the incident, the affected MSP sought help from Sophos Rapid Response for digital forensics. Mark Appleton from Also Cloud UK stressed the importance of MSPs investing in advanced exposure management tools to mitigate cyber threats, noting that endpoints are primary targets for breaches. He highlighted the significance of continuous threat exposure management as essential for MSPs to protect themselves and their clients from attacks.