Windows Registry Archives

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

Winsage

April 13, 2026

Stealthy Malware Campaign Uses Fake Windows Update Site To Infect PCs

A new malware campaign targets Windows users by using a fraudulent clone of a Microsoft website to steal sensitive information. Victims are directed to a typo-squatted web address that resembles an official site, where they are prompted to download a file named WindowsUpdate 1.0.0.msi. This file uses a legitimate open-source installer framework and incorporates Electron, JavaScript, and Python, making it difficult to detect; VirusTotal showed zero detections across 69 engines. The malware maintains persistence by modifying the Windows registry and placing a shortcut named Spotify.lnk in the startup folder. Currently, the campaign primarily targets French-speaking users, but similar tactics may spread to other regions. Users are advised to apply updates only through the Windows Update feature in the Settings menu.

Winsage

April 9, 2026

This fake Windows support website delivers password-stealing malware

A phishing campaign has been identified that uses a counterfeit Microsoft support website, microsoft-update[.]support, to trick users into downloading a malicious Windows update disguised as WindowsUpdate 1.0.0.msi. This file, created on April 4, 2026, appears legitimate but contains malware designed to steal sensitive information. The campaign targets French-speaking users, leveraging recent data breaches in France to create convincing scams. The malware, once executed, installs an Electron application that runs a Python interpreter, which then deploys various data theft tools. It employs two persistence mechanisms: modifying the Windows registry and creating a shortcut in the Startup folder. The malware connects to external sites for reconnaissance and data exfiltration, using domains like datawebsync-lvmv.onrender[.]com and store8.gofile[.]io. The malware's components have evaded detection by antivirus tools, with VirusTotal reporting zero detections for the main executable and its launcher. Users are advised to check their registry, remove suspicious files, change passwords, and run a full system scan if they suspect installation of the malicious update. Safe updating practices include using the built-in Windows update feature and being cautious of phishing attempts. Indicators of compromise include specific file hashes, domains associated with the phishing campaign, and file system artifacts related to the malware's installation.

Winsage

April 5, 2026

How to Reset Registry to Default in Windows 11

Many applications modify the Windows 11 registry without user awareness, potentially leading to issues such as boot problems, application crashes, and settings reverting unexpectedly. Windows 11 does not have a "Reset Registry to Default" button, but there are methods to restore the registry to a functional state. Common indicators of registry issues include: - Applications crashing or failing to open. - Blue Screen of Death errors after registry edits or software installations. - Prolonged boot times. - Settings not saving or reverting unexpectedly. - Error messages about missing DLL files or broken file associations. - USB devices or peripherals not being recognized. To address registry issues, users can try the following methods: 1. System Restore: This method restores system-level changes without erasing personal files, provided a restore point exists. 2. Reset Windows 11: This reinstalls the operating system and resets the registry, with options to keep personal files or remove everything. 3. Import a Registry Backup File: This method restores specific registry keys if a backup exists. 4. Offline Registry Repair via Command Prompt: This is an advanced method for unbootable systems, involving manual replacement of registry hive files. Users are advised to back up the registry before making changes and to avoid using registry cleaners, as they can cause more harm than good. Regularly creating restore points and being cautious with online advice can help prevent registry problems.

Winsage

March 31, 2026

Microsoft confirms Windows 11 update to modernize legacy UI, as Control Panel and other legacy features continue to live

Microsoft is phasing out legacy features in Windows 11, including the Control Panel, and is modernizing aspects of the operating system in response to user feedback. The company is working on an overhaul of the dark mode feature, which will extend to legacy pop-ups like the Windows Run dialog and the Windows Registry Editor, although no specific timeline has been provided for these updates. Microsoft is developing new tools to modernize legacy dialogs and user interfaces, with a focus on modernizing Windows as a primary goal. Recent Windows preview builds show a modernized Windows Run developed with WinUI 3, which supports dark mode and will include enhanced search capabilities. The legacy Run will remain available and will also receive a dark mode update. Microsoft plans to roll out these changes throughout 2026. Additionally, features like a movable and resizable taskbar and a native Start menu are being prioritized, along with the introduction of 100% native applications for Windows 11. A major update for Windows 11 was unveiled on March 20, which included plans to reduce ads and potentially remove the requirement for a Microsoft account.

Winsage

March 27, 2026

Microsoft Confirms Dark Mode Expansion For Windows 11 Legacy Interfaces

Microsoft is working to enhance dark mode support in Windows 11, focusing on older system components, particularly legacy interfaces. Marcus Ash, head of Windows Design and Research, stated that efforts are underway to incorporate dark mode into more areas, including the Windows Registry Editor, although no timeline has been provided. Dark mode remains inconsistent across various system areas, such as File Properties dialogs, Registry Editor, Run dialog, Device Manager, and Disk Management. While some aspects of File Explorer have received dark mode support, others still display light-themed interfaces. Users should expect inconsistencies and are advised to use the system dark mode setting while regularly checking for updates. Microsoft has not disclosed specific details or timelines for future updates related to dark mode enhancements.

Winsage

March 25, 2026

Your Windows 11 File Explorer stutters because of an XP-era feature you can turn off in seconds

Windows 11's File Explorer has received mixed reviews, particularly due to delays in opening folders caused by the Automatic Folder Type Discovery feature. This feature scans folder contents to determine the best view, which can lead to frustrating delays, especially in folders with many files. Users can disable this feature through a registry edit, specifically by creating a new string value named FolderType and setting it to NotSpecified in the Registry Editor. After making this change and restarting the PC or File Explorer, the delays associated with Automatic Folder Type Discovery will be eliminated.

Winsage

March 18, 2026

Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges

A Windows vulnerability named "RegPwn" (CVE-2026-24291) allows low-privileged users to elevate their access to full SYSTEM privileges. Discovered by the MDSec red team, it has been in use since January 2025 and was addressed in a recent Microsoft Patch Tuesday update. The vulnerability exploits the management of Windows accessibility features, which generate a registry key that grants full control to low-privileged users. When a user activates an accessibility tool, the configurations are copied into the local machine registry hive, which remains writable by the logged-in user. This creates an opportunity for manipulation, especially when user-controlled settings interact with the Windows Secure Desktop environment. An attacker can exploit this by modifying their user-level accessibility registry key and using an oplock on a system file, allowing them to replace the local machine registry key with a symbolic link to an arbitrary system registry key. This process operates under SYSTEM privileges, enabling the attacker to write arbitrary values to restricted areas of the Windows registry. MDSec demonstrated this technique to gain access to a SYSTEM-level command prompt. Microsoft has released security updates to address this vulnerability, and MDSec has made the exploit code available on GitHub for research purposes.

Winsage

March 15, 2026

I stopped letting Windows 11 “help” with my files—my PC feels faster now

Windows File Explorer's performance has declined due to the accumulation of features that have made it more cumbersome. Users can improve performance by disabling certain features: 1. Disable OneDrive: OneDrive consumes over a gigabyte of memory during syncing. To disable it, right-click the cloud icon in the system tray, access settings, unlink the PC, and disable it from auto-launching in Task Manager. 2. Turn off Bitlocker: Bitlocker encrypts drives by default, which can slow down file operations. To disable it, go to Control Panel > System & Security > Bitlocker Encryption and select Turn Bitlocker off. 3. Disable automatic folder type discovery: This feature can cause lag when opening folders. To disable it, edit the Windows Registry by navigating to a specific path and creating a new String Value named "FolderType" with the value "NotSpecified." 4. Turn off Windows Search indexing: Windows Search consumes resources and may perform poorly. To disable it, access services.msc, stop Windows Search, and change its Startup type to Disable. Users can then download and use the tool "Everything" for a more efficient search experience.

Winsage

March 12, 2026

How to Block Windows Upgrade for Good

Recent reports indicate concerns among users about automatic upgrades of Windows PCs, particularly for those who prefer to stay on Windows 10 or a specific feature update. Despite these fears, there is no evidence that Microsoft upgrades PCs without user consent; many users may unintentionally accept upgrade prompts or face bugs that trigger updates. Microsoft's upgrade approach can feel aggressive, especially when feature updates are bundled with regular updates. If the option to receive the latest updates is enabled, automatic installations may occur, particularly when a version reaches its end of service. Users can prevent unwanted upgrades through several methods: 1. Group Policy Editor: For Windows Pro or Enterprise users, they can lock in a specific feature update by accessing the Group Policy Editor and setting the desired OS edition and feature update version. 2. Windows Registry: Windows Home users can modify the Windows Registry to restrict upgrades. This involves creating specific DWORD and String Values to set the target OS edition and feature update version. 3. InControl App: A user-friendly application that allows users to freeze their current OS edition and feature update version, preventing upgrades while still allowing monthly updates. These methods enable users to maintain control over their operating systems and avoid unexpected upgrades.