Windows Subsystem Archives

Winsage

November 18, 2025

Microsoft Finally Makes Sysmon Native To Windows

Sysmon is a system monitoring tool that traditionally requires users to download and install it from Microsoft's Sysinternals page, often leading to its deployment only after issues arise. Pre-installing Sysmon can enhance proactive monitoring and issue diagnosis. Its effectiveness can be improved through tailored configurations, with resources available from Bleeping Computer for specific use cases like monitoring DNS queries. Additionally, Sysmon can now be installed on Linux systems via the Windows Subsystem for Linux (WSL), increasing its accessibility and versatility for users familiar with Sysmon.

Winsage

November 14, 2025

A fan project called Windows Astria resurrects Windows Phone from Microsoft’s graveyard, showing off what the OS could have been while reminding us why it still inspires tech nostalgia today

Microsoft CEO Satya Nadella reflected on the company's exit from the mobile phone market, describing it as one of his most difficult decisions and expressing a sense of missed opportunity. Former CEO Steve Ballmer noted that a mix of "paranoia and confidence" may have limited Microsoft's ability to succeed in the smartphone market. The decline of Windows Phone was attributed to a weak app ecosystem, which the new concept, Windows Astria, aims to improve by running Android apps natively. Windows Astria incorporates elements from Windows 11 and features like Live Tiles, designed for modern screens. The concept also adapts to larger screens and foldable devices, showcasing potential applications like MS Word and a system-integrated Wallet app.

BetaBeacon

November 13, 2025

Valve cracks the door on Steam to Android games

Valve's Steam has 35+ million concurrent users, making it the largest PC gaming storefront in terms of active engagement. Android games will run natively on Valve's new Steam Frame, which runs on an Arm-based Snapdragon 8 Gen 3 platform. Developers can reuse their existing toolchain when bringing Android games to Steam, but will need to integrate Steamworks features. Valve's broader Arm ambitions include paving the way for SteamOS to be more broadly supported across Arm devices. By embracing Android games, Valve is breaking down platform walls to benefit developers and players, potentially making it one of Steam's most important platform expansions in years.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 12, 2025

Microsoft Releases November 2025 Patch Tuesday Updates

Microsoft has rolled out its November 2025 Patch Tuesday updates for Windows 11, addressing 63 vulnerabilities across various platforms, including Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, and SQL Server. The update includes four critical and 59 important vulnerabilities, with one currently being exploited. Key vulnerabilities fixed include: - CVE-2025-62215: A privilege escalation vulnerability in the Windows Kernel. - CVE-2025-60724: A critical heap-based buffer overflow in the Microsoft Graphics Component (GDI+) enabling remote code execution, rated CVSS 9.8. - CVE-2025-60704: A high-severity vulnerability in Windows Kerberos, rated CVSS 7.5. - CVE-2025-62220: A heap-based buffer overflow in the Windows Subsystem for Linux GUI (WSLg), rated CVSS 8.8. - CVE-2025-60719: An untrusted pointer dereference in the Windows Ancillary Function Driver for WinSock. The update enhances features for Windows 11 versions 25H2 and 24H2, improving Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ devices. The taskbar has been updated with a new battery icon, and the Start Menu has been redesigned to include a scrollable All section. A preview of the Administrator Protection feature has been introduced to prevent unauthorized changes. Additionally, Microsoft released KB5068781 for Windows 10 Extended Security Updates, fixing an incorrect “end of support” message and addressing the same 63 vulnerabilities. Organizations are advised to conduct thorough testing before deploying the patches and to back up systems to mitigate potential issues.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

The 7 apps I always install first on a Windows 11 PC — and they’re all FREE

PowerToys is an open-source collection of utilities that enhances productivity for Windows 11 users, featuring tools like FancyZones for window management and Image Resizer. Google Chrome is a popular web browser known for its synchronization across devices. Steam is a primary gaming platform with a robust library and the ability to stream games to a Steam Deck. The Heroic Games Launcher is a third-party alternative to the Epic Games Launcher, offering customizable features and support for GOG and Amazon Games libraries. GIMP is a powerful open-source photo editing tool that provides advanced features without the cost of commercial software. The Windows Subsystem for Linux (WSL) allows seamless integration between Windows and Linux, supporting applications like Docker Desktop and Visual Studio Code. Spotify is used for audio entertainment, helping users maintain focus during work. Tools like Ninite, the Microsoft Store, and winget streamline the installation of applications on Windows 11, with winstall.app providing a user-friendly interface for generating installation scripts.

AppWizard

November 10, 2025

Windows 11 ends Android app support: practical workarounds

Microsoft has discontinued the Windows Subsystem for Android and its integration with the Amazon Appstore on Windows 11 due to low demand. Users can no longer use an official Microsoft method to install general Android apps. The primary alternatives are Google Play Games on PC, which focuses on gaming, and third-party emulators like BlueStacks, LDPlayer, and GameLoop for a broader range of applications. To use Google Play Games, users need a PC with at least 8 GB RAM, a modern quad-core processor, hardware-accelerated graphics, SSD storage with 10 GB free, and hardware virtualization enabled. Users must enable virtualization in their UEFI or BIOS settings and activate the Virtual Machine Platform and Windows Hypervisor Platform in Windows. Emulators allow users to run full Android apps on Windows. They can download apps from the Google Play Store within the emulator or sideload APK files. Users should be cautious about security risks when sideloading apps and stick to reputable sources. Performance tuning for emulators involves allocating sufficient resources, resolving virtualization conflicts, and optimizing settings like resolution and frame rate. Users are advised to install on SSDs and minimize background tasks for better performance.

Winsage

November 7, 2025

Former Microsoft engineer explains why Windows ‘sucks’ now

Retired Microsoft engineer Dave Plummer proposes the introduction of a hardcore mode for Windows to eliminate unnecessary features aimed at less technical users. He emphasizes the need for a system-wide setting that makes the OS more deterministic and less chatty, advocating for centralized settings management to avoid users having to search extensively for configurations. Plummer calls for greater transparency in telemetry, suggesting that users should have clear documentation of data sent on their behalf and the ability to mute specific telemetry categories. He critiques the update process for causing unexpected changes and suggests implementing automatic rollbacks after health checks. Plummer expresses concern about Microsoft's focus on integrating AI capabilities into Windows, fearing it detracts from user education and turns the OS into a sales channel. He also criticizes Windows for recommending Edge after a user selects a different browser and for displaying sponsored applications in the Start Menu. Despite his criticisms, he acknowledges the strengths of Windows, including its kernel, storage stack, and the Windows Subsystem for Linux. Plummer's discontent stems from the additional features that detract from the user experience.

Winsage

November 5, 2025

Russian APT abuses Windows Hyper-V for persistence and malware execution

Cyber attackers used the Import-VM and Start-VM PowerShell cmdlets to introduce a virtual machine named WSL into Hyper-V. This virtual machine hosts a compact Alpine Linux environment with two implants, CurlyShell and CurlCat, identified by Bitdefender. CurlyShell uses libcurl to connect to a command-and-control server, creating a reverse shell to execute commands and return outputs. CurlCat functions as a proxy, tunneling SSH traffic through HTTP requests to evade detection by network monitoring tools.