Windows environments Archives

Winsage

March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.

Winsage

March 24, 2025

New Browser-Based RDP for Secure Remote Windows Server Access

Cloudflare has launched a clientless, browser-based Remote Desktop Protocol (RDP) solution that enhances its Zero Trust Network Access (ZTNA) capabilities for secure access to Windows servers. This solution eliminates the need for traditional RDP clients and utilizes IronRDP, a high-performance RDP client developed in Rust, which operates within the browser. The implementation secures RDP sessions using TLS-based WebSocket connections and integrates with Cloudflare Access for authentication through JSON Web Tokens (JWT). The system supports modern security standards, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and device posture checks. Cloudflare plans to add session monitoring, data loss prevention features, and pursue FedRAMP High certification for compliance with government standards.

Winsage

March 12, 2025

March Patch Tuesday fixes 6 Windows zero-day exploits

A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.

Winsage

March 10, 2025

Get Windows 11 on Your Mac (Apple Silicon): Here’s How

Parallels Desktop is a Microsoft-authorized virtualization software that allows users to install and run Windows 11 on Apple Silicon Macs (M1, M2, M3, M4 chips). It is optimized for these processors, ensuring a fast and responsive experience. The installation process is straightforward, requiring users to download and install the software, which automates the Windows 11 setup. Key features include seamless integration between macOS and Windows, allowing file sharing and access to applications across both operating systems without rebooting. Parallels Desktop offers a 14-day free trial, after which users can choose between subscription plans or a one-time purchase. The software is designed to maximize performance for Apple Silicon Macs, making it suitable for various users, including professionals and students.

Winsage

March 5, 2025

Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely

A critical remote code execution vulnerability, designated as CVE-2024-43639, has been identified in Microsoft’s Windows Key Distribution Center (KDC) Proxy. This flaw arises from an integer overflow due to a missing validation check for Kerberos response lengths, allowing unauthenticated remote attackers to execute arbitrary code with the privileges of the target service. The vulnerability specifically affects KDC Proxy servers and was addressed in a November 2024 security update by implementing necessary length validation checks. Organizations using remote authentication services reliant on the KDC Proxy, such as RDP Gateway or DirectAccess, are particularly at risk. Immediate patching is advised, and monitoring for potential exploitation attempts is recommended.

Winsage

December 27, 2024

Mythbusters: Windows IoT Enterprise LTSC for Arm

Advantech's infographic addresses myths about Microsoft Windows IoT Enterprise LTSC for Arm, distinguishing it from Windows Home or Professional editions. Myths about the operating system include: 1. Windows on Arm consumes significant power and resources, leading to poor performance. 2. The image size of Windows on Arm is greater than or equal to that of Windows on x86. 3. Desktop mode is unavailable on Windows on Arm. 4. Windows on Arm is a stripped-down version of Windows. 5. Arm architecture may face limitations with complex tasks. 6. All Windows devices are power-hungry, and switching to Arm offers no improvement. Key facts include: - Windows IoT Enterprise LTSC typically occupies about 6GB of storage, with a minimum requirement of 16GB. - Desktop mode is available on Windows on Arm. - Windows on Arm retains core functionalities, though some hardware drivers may have compatibility issues. - Arm processors are generally more efficient than x86 counterparts. Myths regarding applications and workload include: 7. Windows on Arm exclusively supports Arm64 applications. 8. Multimedia applications perform poorly on Windows on Arm devices. 9. Windows Copilot can be extended to all versions of Windows running on Arm. Key facts include: - An emulation system allows x86 applications to run on Arm hardware. - Multimedia performance depends on hardware acceleration, which is supported by major SoC manufacturers. - Cloud-based services like Windows Copilot operate effectively on Windows IoT Enterprise LTSC for Arm, but on-device Copilot+ requires specific hardware capabilities. Myths about licensing and development include: 10. The Windows license fee for x86 is expensive, and the fee for Windows on Arm is similarly high. 11. Windows on Arm has limited support for certain Windows frameworks. 12. Development and debugging on Windows for Arm architecture present challenges requiring extended transition periods. Key facts include: - Windows IoT Enterprise LTSC is priced between 0 and 0, offering a decade of security updates. - Transitioning from x86 to Arm for application development is streamlined, with common programming languages and frameworks remaining compatible. Tools like Visual Studio facilitate the development process.

Winsage

November 23, 2024

The future of Windows is cloud and AI

Microsoft has introduced the Windows 365 Link mini PC, which streams Windows 11 from the Windows 365 cloud service and does not store data or run applications locally. The device was well-received by IT professionals at the Ignite conference, indicating its potential appeal for businesses transitioning from Windows 10. The Link is designed for organizations migrating to cloud-hosted virtual machines, enhancing security by keeping sensitive data off physical devices and reducing risks related to employee turnover and device loss.

Winsage

November 13, 2024

DirectML unlocks new silicon for AI experiences across Windows Copilot+ PCs

October saw the introduction of various applications utilizing the Neural Processing Unit (NPU) on Copilot+ PCs, enhancing AI innovations on the Windows platform. Adobe Premiere Pro became the first Adobe application to leverage NPU capabilities, integrating features like the Audio Category Tagger, which automatically tags audio clips. Capture One announced two AI-powered features, Match Look and AI Crop, for Copilot+ PCs, utilizing Qualcomm's NPU. Affinity Photo 2 introduced AI-enhanced Object Selection capabilities, automating the creation of layer masks using machine learning with Qualcomm's Hexagon NPU. DirectML facilitates compatibility across hardware architectures, supporting these advancements in AI applications on Windows.

Winsage

November 5, 2024

Exploring eBPF for Windows: Opportunities and Limitations

The extended Berkeley Packet Filter (eBPF) allows for the execution of custom code in kernel space, enhancing application performance management and security. Windows has introduced support for eBPF, but it has limitations. Microsoft began a project in 2021 to enable eBPF capabilities on Windows, allowing the use of existing Linux eBPF tools and libraries. To install eBPF on Windows, a kernel debugger or test-signing mode is required, which is impractical for production systems. eBPF for Windows is still in development, suitable for experimentation, but not yet ready for real-world deployment. There is no clear timeline for a production-ready version, and development activity has slowed.

Winsage

October 28, 2024

“We automated 150 tasks with AI agents, just copy us”: Microsoft’s Windows Agent Arena brings AI assistants keyboard-deep to Windows PCs but there are critical security and performance concerns

Microsoft introduced Windows Agent Arena, a benchmark for testing AI agents in realistic Windows environments. Multi-modal AI agents currently have a performance success rate of 19.5%, compared to the average human performance rating of 74.5%. The benchmark includes over 150 diverse Windows tasks and allows for evaluations in Azure, potentially completing assessments in 20 minutes. Microsoft Research developed a multi-modal agent named Navi, which demonstrated a 19.5% success rate in tasks like converting a website to a PDF. Privacy and security concerns are highlighted, with Microsoft recalling the Windows Recall feature to enhance user security. The open-source framework promotes research and the development of reliable AI models, with an emphasis on responsible AI practices. Other companies, like Anthropic, are also advancing AI capabilities, exemplified by their new API "Computer Use" for human-like interactions with computers.