Windows services Archives

Winsage

March 6, 2026

Chinese hackers hide malware in Windows and Google Drive to hit targets

Chinese state-sponsored threat actors, specifically a group known as Silver Dragon, have been conducting espionage operations across Southeast Asia and Europe since at least mid-2024. They have targeted government entities in countries such as Russia, Poland, Hungary, Italy, Japan, Myanmar, and Malaysia. Silver Dragon is believed to be affiliated with APT41 and primarily uses phishing emails to initiate attacks, often containing weaponized documents or links. They employ a custom backdoor called GearDoor, which utilizes Google Drive for command-and-control operations, allowing them to exfiltrate stolen intelligence. The group also hijacks legitimate Windows services to load malicious code and uses tools like SSHcmd and Cobalt Strike for post-exploitation activities. Their tactics involve blending malicious activities with normal system operations, making detection difficult and increasing their dwell time within targeted networks.

Winsage

January 15, 2026

Windows App forgets how to log in with first security update of the year

Microsoft's January security update, released on January 13, 2026, has caused connection and authentication failures for users of Azure Virtual Desktop and Windows 365, particularly affecting those using the Windows App. The update has resulted in credential prompt failures during Remote Desktop connections across all supported Windows versions, from Enterprise LTSC 2016 to Windows 11 25H2, as well as Windows Servers from 2019 to 2025. Microsoft is investigating the issue and plans to release an out-of-band update soon. Users have been advised to either uninstall the update or use the Remote Desktop Client or the Windows App web client as workarounds. Reports indicate persistent issues, including an "Unable to Authenticate" error when attempting to connect via the Windows App. Microsoft has also made a Known Issue Rollback available to address these credential problems.

Tech Optimizer

October 7, 2025

6 Windows hardening steps that don’t break gaming or DRM

Windows 11 is not the most secure operating system by default but offers ways to enhance security without affecting gaming performance. Gaming PCs are vulnerable to cyber threats and should adopt security measures. Customizing Windows Firewall allows users to maintain internet access for gaming applications while ensuring security. Users should add key game executable files to the "allowed apps" list and consider using SimpleWall for better control over network activity. Using a standard account for gaming sessions enhances security by limiting admin account access, which should be reserved for software installation and updates. Implementing multi-factor authentication for both admin and standard user accounts adds an extra layer of security. Windows Defender has improved and can be an efficient antivirus option, but third-party solutions may conflict with gaming performance. Game files should be added to Windows Defender's exclusion list to avoid performance issues. Disabling unnecessary Windows services can enhance security and performance by reducing the attack surface and freeing up resources. Common services to disable include Cellular Time, Connected Devices Platform Service, and Telemetry. Secure Boot protects against malicious software during the boot process and may require BIOS adjustments. It does not affect gaming performance and is often necessary for games with kernel-level anti-cheat systems. Memory Integrity and Core Isolation are advanced security features that protect against low-level attacks by creating an isolated environment for critical processes. These features require minimal resources if the CPU supports Intel's Mode-Based Execution Control (MBEC) or AMD's Guest Mode Execution Trap (GMET). Balancing security measures with optimal system performance is essential for a secure gaming experience.

Winsage

September 5, 2025

Do these 6 things instead of using a “light” Windows build

Windows 11 has been criticized for bloat and unnecessary features that can hinder performance. Users can improve their experience by uninstalling unused applications, disabling unnecessary startup apps, turning off Windows Search and other services, using debloating programs, or considering Atlas OS for a more extensive debloating solution. Alternatives like Linux distributions (e.g., Ubuntu, Linux Mint) are also available for those seeking less bloated operating systems.

Winsage

September 3, 2025

Solve shortcut chaos with PowerToys

PowerToys has introduced a hotkey conflict detection system in its latest update, which helps users identify and resolve overlapping keyboard shortcuts. The update also includes a search function in PowerToys Settings, a new "Gliding cursor" feature in Mouse Utilities, and enhancements to the installer for improved security and reliability. Additional improvements include bug fixes and updates across various utilities, such as Command Palette, Hosts File Editor, and Quick Accent, with a focus on usability and accessibility.

Winsage

August 31, 2025

How to Fix Razer Cortex Installer Not Working or Freezing

Users may experience issues with the Razer Cortex installer due to missing or outdated system components, particularly the Microsoft Edge WebView2 Runtime, which is essential for the installer interface. If WebView2 is absent or corrupted, the installer cannot display its setup window. Additionally, the installer relies on Windows services such as Windows Installer, Background Intelligent Transfer Service (BITS), and Windows Update; if these services are disabled or not running, the installer may freeze or fail. Leftover files from previous installations can also obstruct the setup process. To resolve these issues, users should: 1. Install Microsoft Edge WebView2 Runtime by downloading the Evergreen Standalone Installer from the official Microsoft page and following the setup instructions. 2. Perform a clean boot by disabling non-Microsoft services and startup items to minimize conflicts. 3. Ensure required Windows services (Windows Installer, BITS, Windows Update) are running, setting their Startup type to Manual or Automatic if necessary. 4. Temporarily disable third-party antivirus software that may block the installer. 5. Delete any remaining Razer Cortex files and folders from specified locations to ensure a clean installation. If problems persist, users are advised to upgrade to Windows 11 or contact Razer Support for further assistance.

Winsage

August 30, 2025

How to Fix Razer Cortex Installer Not Working or Freezing

Users may experience issues with the Razer Cortex installer due to missing or outdated system components, particularly the Microsoft Edge WebView2 Runtime, which is essential for rendering the installer’s interface. If this runtime is absent or corrupted, the installer cannot display its setup window. Additionally, the installer relies on specific Windows services, including Windows Installer, Background Intelligent Transfer Service (BITS), and Windows Update. If any of these services are disabled or not running, the installer may stall or fail. Leftover files from previous installations can also cause complications, as corrupted data or registry entries may obstruct updated components. To resolve these issues, users can take the following steps: 1. Install Microsoft Edge WebView2 Runtime by downloading the Evergreen Standalone Installer from the official Microsoft website and following the setup instructions. 2. Perform a clean boot by disabling all non-Microsoft services and startup items through the System Configuration tool and Task Manager. 3. Ensure that the required Windows services (Windows Installer, BITS, Windows Update) are running and set to Manual or Automatic startup. 4. Temporarily disable third-party antivirus software that may block the installer. 5. Delete any remaining Razer Cortex files and folders from specified locations after uninstalling the program. If issues persist, consider upgrading to Windows 11 or contacting Razer Support for assistance.

Winsage

August 11, 2025

Win-DoS Epidemic: New DoS and DDoS Attacks Start with Microsoft Windows

During DEF CON 33, Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic.” They identified four significant Windows DoS vulnerabilities, all categorized as “uncontrolled resource consumption,” including: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in the Windows print spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints and servers, including domain controllers (DCs), which are essential for managing authentication and resources in enterprise networks. The researchers also revealed a new DDoS attack method, termed Win-DDoS, which exploits a flaw in the Windows LDAP client referral process, allowing attackers to redirect DCs to a victim server and continuously repeat this redirection, creating a large-scale DDoS botnet using public DCs without leaving forensic traces.

Winsage

August 11, 2025

New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet

Researchers Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic” at DEF CON 33. They identified four new vulnerabilities in Windows DoS and one zero-click distributed denial-of-service (DDoS) flaw, classified as “uncontrolled resource consumption.” The vulnerabilities include: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in Windows Print Spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints or servers, including Domain Controllers (DCs), potentially allowing for the creation of a DDoS botnet. The researchers also discovered a DDoS technique called Win-DDoS that exploits a flaw in the Windows LDAP client’s referral process, enabling attackers to redirect DCs to a victim server for continuous redirection. This method can leverage public DCs globally, creating a large, untraceable DDoS botnet without specialized infrastructure. Additionally, the researchers examined the Remote Procedure Call (RPC) protocol and found three new zero-click, unauthenticated DoS vulnerabilities that can crash any Windows system. They also identified another DoS flaw exploitable by any authenticated user on the network. The researchers released tools named “Win-DoS Epidemic” to exploit these vulnerabilities, highlighting the need for organizations to reassess their security measures regarding internal systems and services like DCs.

Winsage

May 11, 2025

10 Windows services I safely disable, and you can too

Windows 11 includes various background services that can be disabled to enhance performance or privacy. Users can access the Services window by searching for "Services" in the search bar. Key services that may be unnecessary for many users include: - Windows Mobile Hotspot Service: Often unnecessary as most laptops lack a mobile data connection. - Fax: Rarely needed for personal computers. - Downloaded Maps Manager: Manages downloaded maps, likely to become less relevant with the deprecation of Windows Maps. - Certificate Propagation: Essential for smart card functionality; can be disabled if not using smart cards. - Windows Insider Service: Manages enrollment in the Windows Insider program; advisable to disable if not participating. - Parental Controls: Useful for families; can be disabled if the device is for personal use. - Windows Image Acquisition: Facilitates image acquisition from scanners and cameras; can be disabled if no scanner is used. - TCP/IP NetBIOS Helper: Aids communication with local network devices; can be disabled for most home users. - Xbox Live Game Save: Syncs save data with Xbox Live; unnecessary for users who primarily use other gaming platforms. - Connected User Experiences and Telemetry: Collects diagnostic data; disabling it can enhance privacy. Disabling these services may not lead to significant performance improvements but can create a more personalized computing experience. Users can re-enable any service if needed later.