Windows environments Archives

Winsage

November 24, 2025

Microsoft Retires WINS in Windows Server 2025

Microsoft has officially retired the Windows Internet Name Service (WINS) as part of the transition to modern DNS-based solutions. WINS, which resolved NetBIOS names to IP addresses, is being phased out due to its outdated nature and security vulnerabilities. It was deprecated with the release of Windows Server 2022 and will be completely removed in future releases, although support will continue until November 2034. Organizations are encouraged to transition to DNS and identify systems relying on WINS for name resolution. They should implement features like conditional forwarders and update or retire legacy applications that depend on WINS.

Winsage

November 18, 2025

Microsoft is bringing native Sysmon support to Windows 11, Server 2025

Microsoft is integrating Sysmon into Windows 11 and Windows Server 2025, eliminating the need for separate deployments of Sysinternals tools. This integration will allow users to utilize custom configuration files for filtering captured events, which will be logged in the Windows event log. Sysmon is a free tool that monitors and blocks suspicious activities while logging events such as process creation, DNS queries, and executable file creation. It will be easily installable via the "Optional features" settings in Windows 11, with updates delivered through Windows Update. Sysmon will retain its standard features, including support for custom configuration files and advanced event filtering. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025, eliminating the need for standalone deployment. Sysmon will allow users to utilize custom configuration files for event filtering, logging events in the Windows event log. It tracks events such as process creation, DNS queries, executable file creation, changes to the clipboard, and auto-backup of deleted files. Users can access Sysmon through "Optional features" in Windows 11 and receive updates via Windows Update. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 11, 2025

UK’s £312M Windows 10 Fiasco: Upgrading to Obsolescence on EOL’s Doorstep

The UK’s Department for Environment, Food and Rural Affairs (Defra) has allocated £312 million to upgrade its IT systems to Windows 10, just months before Microsoft ends support for the operating system on October 14, 2025. Defra faces challenges in migrating thousands of devices, with 24,000 outdated machines incompatible with newer systems. A survey indicates that 90% of UK finance firms also struggle with outdated IT infrastructure, increasing cybersecurity risks. The National Cyber Security Centre has warned organizations to prepare for migrations to Windows 11. Defra's £312 million expenditure includes software licenses, consulting fees, and hardware refreshes, but additional risks such as increased downtime and regulatory fines could lead to significant consequences. The department's outdated devices do not meet Windows 11’s TPM 2.0 requirements, complicating the upgrade process. Experts advocate for an upgrade to Windows 11, but extensive compatibility testing and user training are necessary. Government oversight bodies are scrutinizing Defra’s expenditures, and discussions suggest alternatives like Windows 10 IoT Enterprise LTSC, which offers updates until 2032. The financial implications of Microsoft’s Extended Security Updates pricing add strain, as costs double in subsequent years. The urgency for upgrades is emphasized by the potential cybersecurity risks, with experts warning of vulnerabilities affecting national food security and environmental initiatives.

Tech Optimizer

November 5, 2025

Hackers Are Using Linux Malware to Invisibly Bypass Windows Security

Hackers are refining tactics to evade detection by EDR systems and antivirus software, with a notable strategy being the use of Linux malware to infiltrate Windows systems. Investigations by Bitdefender and CERT-GE revealed a campaign by the Russian hacker group Curly COMrades, which exploits the Hyper-V virtualization platform on Windows 10 to create covert access channels. They utilize Alpine Linux for lightweight virtual machines that are difficult to detect, requiring only 120 MB of disk space and 256 MB of RAM. The attackers maintain persistent access using tools like Resocks and Stunnel, starting their activities in early July 2024 by activating Hyper-V on compromised systems and deploying misleading virtual machines labeled “WSL.” They introduced custom malware, CurlyShell and CurlCat, for communication and remote access. This trend of using Linux malware against Windows systems is growing, as seen in recent Qilin ransomware attacks documented by Trend Micro.

Winsage

October 22, 2025

Patching required for exploited Windows vulnerability

Microsoft is facing a significant security vulnerability in the Windows Server Message Block (SMB) client, which has been added to the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. Despite a patch being released, the flaw, designated as CVE-2025-33073 and rated with a CVSS score of 8.8, remains a target for exploitation. The vulnerability allows attackers to connect a Windows system to a malicious SMB server, enabling remote execution of plans with elevated access privileges. CISA has mandated that all federal agencies must install the update by November 10, 2025, and encourages private organizations to assess their patch status and consider temporary measures if immediate updates are not possible.

Winsage

October 22, 2025

Critical Windows SMB vulnerability being actively exploited in attacks

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a critical security vulnerability in the Windows SMB protocol, identified as CVE-2025-33073, which allows attackers to escalate their privileges to SYSTEM level. All versions of Windows Server, Windows 10, and Windows 11 up to version 24H2 are affected. Microsoft addressed this issue in June 2025 during its Patch Tuesday updates. The vulnerability arises from inadequate access control, enabling authenticated attackers to elevate their privileges by deceiving victims into connecting to a malicious server. Information about this vulnerability was public at the time of the patch, but Microsoft has not confirmed any active exploitation. CISA has mandated that U.S. federal agencies must secure their systems by November 10 and encourages the private sector to address the vulnerability as well. Organizations should prioritize installing the June 2025 security updates.

Winsage

September 23, 2025

Microsoft Launches Windows AI Labs for Experimental AI Features

Microsoft has launched Windows AI Labs, allowing a select group of Windows 11 users early access to experimental AI features in applications like Microsoft Paint. The program is a pilot effort that enables participants to test unreleased AI capabilities, such as advanced image editing options. Eligibility is based on hardware requirements, specifically devices with neural processing units (NPUs). The initiative aims to gather user feedback while minimizing risks associated with a full public beta. Concerns regarding data privacy and access limitations for users with high-end hardware have been raised. Future expansions may include integration with Microsoft's Copilot stack and features like real-time language translation and predictive text in Office tools.

Winsage

September 14, 2025

This free and open-source app runs any Windows app on Linux with ease

WinBoat is a free and open-source application designed to run Windows environments on Linux using Docker. It operates as a lightweight, containerized tool that allows the Windows OS to run as a virtual machine within a Docker container, avoiding the resource demands of traditional virtual machines. To set up WinBoat, users need at least 4GB of RAM, 2 CPU threads, 32GB of storage, virtualization enabled, Docker and Docker Compose v2 installed, FreeRDP for access, and loaded iptables and iptable_net modules. The installation process involves downloading the latest release, launching it via the terminal, and creating a Windows instance through an intuitive GUI. WinBoat provides a prebuilt image for immediate use, allowing for customizable resource allocation and isolated application execution. However, familiarity with Docker is necessary, and it may not be suitable for running modern, GPU-intensive games.

Winsage

September 13, 2025

Microsoft To Depreciate VBScript In Windows Warns Developers To Adapt Their Projects

Microsoft is phasing out VBScript from Windows, a decision announced in May 2024, affecting developers using Visual Basic for Applications (VBA). The deprecation will occur in three phases: the first phase, ongoing until at least 2026, classifies VBScript as a "Feature on Demand" (FOD), allowing existing VBA projects to function without disruption. The second phase, starting around 2027, will disable the default status of the VBScript FOD, leading to potential failures in unupdated applications. The final phase will involve the complete removal of VBScript from future Windows releases. This change will impact VBA projects that rely on VBScript for executing external scripts and using the VBScript type library for regular expressions. To address these issues, Microsoft has integrated RegExp classes into the VBA runtime library starting with Microsoft 365 Version 2508, allowing developers to use regular expressions natively without relying on vbscript.dll. Developers are encouraged to upgrade to the latest Office build and test their projects for dependencies on VBScript.