Windows system Archives

Winsage

November 8, 2024

The Windows 11 24H2 bug list grows again: 10 reasons to avoid this update for now

Microsoft released the Windows 11 24H2 update on October 1, 2023, which includes enhancements like an upgraded Copilot AI and a refreshed File Explorer. However, the update has several bugs, leading Microsoft to temporarily halt its rollout for certain problematic PCs. Key issues include: 1. The System File Checker (SFC) is caught in a loop of false positives, misidentifying WebView2-related files as corrupted. 2. An 8.63GB update cache cannot be deleted through standard methods, but can be removed using "Windows Update Cleanup." 3. The update conflicts with Easy Anti-Cheat software, causing blue screens for users with Intel's Alder Lake+ processors. 4. Blue screens can also occur due to driver incompatibilities with Intel Smart Sound Technology, certain Western Digital SSDs, and MSI Z890 motherboards. 5. The mouse pointer may disappear in Chromium-based applications when interacting with text input fields. 6. Users have reported erratic internet connectivity, with some unable to receive a valid IP address. 7. Fingerprint sensors may become unresponsive on some devices. 8. The clipboard history feature may malfunction, showing as empty despite copied items. 9. Devices may fail to appear in the network list, affecting file and printer sharing. 10. Users of Copilot+ PCs face difficulties with printer setup and usage, particularly with HP, Canon, and Brother printers. Due to these issues, users are advised to delay installation of the update until fixes are implemented.

Winsage

October 28, 2024

The Windows 11 24H2 bug list grows again: 9 reasons to avoid this update for now

Microsoft officially released the Windows 11 24H2 update on October 1, 2023, which includes enhancements to Copilot AI, a refreshed File Explorer, improved performance, and greater stability. Users can install the update via Windows Update or download it from Microsoft's page. However, there are reports of bugs, leading Microsoft to temporarily halt the rollout for certain problematic PCs. 1. The Windows System File Checker (SFC) is experiencing a glitch that causes it to falsely report corrupted files. 2. An 8.63GB update cache cannot be deleted through standard methods; Microsoft confirmed this as a reporting bug. 3. The update may conflict with the Easy Anti-Cheat application, causing blue screens for users with Intel's Alder Lake+ processors. 4. Other drivers, particularly those related to Intel Smart Sound Technology, may also cause blue screens. 5. A bug in Chromium-based applications causes the mouse pointer to disappear when interacting with text input fields. 6. Some users report erratic internet connectivity, with devices failing to receive valid IP addresses. 7. Fingerprint sensors on some devices may become unresponsive after the update. 8. The clipboard history feature may malfunction, indicating it is empty despite copied items being present. 9. A network issue prevents devices from appearing in the network list, affecting file and printer sharing capabilities.

Winsage

October 28, 2024

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A newly identified attack technique poses a risk to fully patched Windows systems by circumventing Microsoft's Driver Signature Enforcement (DSE), potentially enabling operating system downgrade attacks that allow malicious actors to load unsigned kernel drivers. This vulnerability is linked to two privilege escalation flaws in the Windows update mechanism, identified as CVE-2024-21302 and CVE-2024-38202, which can be exploited to revert updated systems to earlier versions with unpatched security weaknesses. A tool called Windows Downdate can hijack the Windows Update process, facilitating undetectable downgrades of critical OS components. The exploit takes advantage of a race condition to replace a verified security catalog file with a malicious version, allowing the loading of an unsigned kernel driver. The DSE bypass can be executed by downgrading the "ci.dll" library, but can be thwarted if Virtualization-Based Security (VBS) is active on the host. Attackers can disable VBS by manipulating registry keys, and the attack fails only if VBS is enabled with a UEFI lock and a "Mandatory" flag, which prevents booting if VBS files are corrupted. Microsoft has addressed the vulnerabilities in August and October 2024.

Winsage

October 18, 2024

Kernel shellcode persistence technique in APT attacks and SAS CTF challenge

On May 18, 2024, Kaspersky’s Global Research & Analysis Team conducted the qualifying round of the SAS Capture the Flag (CTF) competition, which involved over 800 teams addressing cybersecurity challenges. One significant challenge highlighted a security vulnerability in Windows 7 and Windows Server 2008 R2 systems, allowing kernel shellcode to be concealed in the system registry and executed during boot. This vulnerability is linked to an incomplete fix for CVE-2010-4398. Despite the end of security updates for Windows 7 in early 2020, the flaw was known to be only partially addressed, with exploitation evidence dating back to 2018. The vulnerability affects Windows operating systems from NT 4.0 through Windows 7, allowing kernel shellcode to persist and execute at boot. Attackers exploit it through stack buffer overflows in the "dxgmms1.sys" and "dxgkrnl.sys" drivers using the RtlQueryRegistryValues function. In the CTF challenge, participants analyzed registry hives to identify a crash source, set up debugging for blue screen events, and examined a keylogger payload. The final competition of the SAS CTF will take place in Bali from October 22-25, 2024.

Winsage

October 17, 2024

8 reasons to avoid the latest Windows 11 update (hint: they’re all bugs)

Microsoft has released the 2024 update for Windows 11, known as Windows 11 24H2, which includes enhancements to Copilot AI, a refreshed File Explorer, and performance improvements. Users can access the update through Windows Update or Microsoft's Download Windows 11 page. However, the update has several bugs, including: 1. System File Checker Bug: The SFC tool shows false positives for corrupted files related to WebView2. 2. Cache File Deletion Glitch: An 8.63GB update cache is resistant to deletion, but can be removed using "Windows Update Cleanup" in Disk Cleanup. 3. Conflict with Easy Anti-Cheat: Users may experience blue screens with the Easy Anti-Cheat software, especially on Intel Alder Lake+ devices. 4. Blue Screens from Driver Compatibility: Compatibility issues with Intel Smart Sound Technology drivers and certain Western Digital SSDs can cause blue screens. 5. Disappearing Mouse Pointer: The mouse cursor may vanish in Chromium-based applications when interacting with text fields. 6. Internet Connection Issues: Users may face problems obtaining a valid IP address, despite seemingly functional Ethernet or Wi-Fi connections. 7. Fingerprint Sensor Glitch: Fingerprint sensors may become unresponsive after the update. 8. Broken Clipboard History: The clipboard history feature may appear empty despite items being copied. Microsoft has acknowledged these and other issues on its Known Issues and Notifications page. Users are advised to consider delaying the update due to these challenges.

Winsage

October 17, 2024

7 reasons to avoid the latest Windows 11 update (hint: they’re all bugs)

Microsoft has released the 2024 update for Windows 11, known as Windows 11 24H2, which includes enhancements to Copilot AI, a new File Explorer, improved performance, and increased stability. The update is available through Windows Update and Microsoft's Download Windows 11 page. However, it has been reported to contain several bugs, including: 1. The System File Checker (SFC) tool is producing false positives for corrupted files. 2. An 8.63GB update cache is not deletable by standard methods, though it can be removed via "Windows Update Cleanup." 3. A conflict with the Easy Anti-Cheat application may cause blue screens for users with Intel Alder Lake+ processors. 4. Blue screens may also occur due to driver incompatibilities with Intel Smart Sound Technology and specific Western Digital SSDs. 5. A glitch in Chromium-based applications causes the mouse pointer to disappear in text input fields. 6. Users are experiencing erratic internet connections, with the system failing to assign valid IP addresses. 7. Some devices have unresponsive fingerprint sensors after the update. Microsoft has acknowledged these issues, and users may want to delay the update until these problems are resolved.

Winsage

October 16, 2024

Windows Security won’t start? Here’s how to get it back

Users have encountered issues with the "Windows Security" feature failing to launch. To troubleshoot, users can follow these steps: 1. Restart Windows. 2. Check for updates by navigating to Windows logo > Settings > Windows Update > Check for updates. 3. Temporarily disable any third-party antivirus software to see if Windows Security starts functioning. 4. Repair Windows services by opening Command Prompt as an administrator and running the commands PLACEHOLDER4cb1ea79c0 and PLACEHOLDERda8b0e12e2, followed by DISM /Online /Cleanup-Image /RestoreHealth if errors are found. 5. If necessary, reset Windows for further troubleshooting.

Winsage

October 16, 2024

Dev boasts “tiny” Windows 11 24H2 that you can run off a DVD

Microsoft unveiled Windows 11 Enterprise LTSC 2024, generating interest in the tech community. NTDEV released an update to tiny11, based on Windows 11 LTSC 2024, with a size of 3.54 GB that fits on a standard DVD. This compression is achieved using LZX delta compression. Tiny11 can operate on as little as 176 MB of RAM, and a "text-only" version has been created that requires only 100 MB of RAM.

Tech Optimizer

October 14, 2024

Windows users are being tricked by sneaky malware scheme – CyberGuy

Hackers are targeting Windows users with a new strain of malware called Lumma Stealer, which spreads through deceptive human verification pages that mimic Google CAPTCHA. These phishing sites, often hosted on various platforms using Content Delivery Networks (CDNs), trick users into clicking a button that copies a PowerShell script to their clipboard. When executed, this script downloads Lumma Stealer from a remote server. The malware is packaged as a file named “dengo.zip,” which must be unzipped and run on the user's machine to become active. Researchers from Cloudsek have identified an increase in malicious sites using this method. To protect against such threats, it is recommended to keep Windows and antivirus software updated, avoid clicking on suspicious links, and refrain from executing unknown commands.

Winsage

October 13, 2024

Registry hack fixes WD SN770, SN580 Windows 11 24H2 blue screens (BSOD)

Windows 11 version 24H2 has introduced undocumented bugs affecting disk functionalities, including an inability to delete about 8.63 GB of data and a malfunctioning Windows System File Checker (SFC) scan feature. Microsoft is working on a resolution through the upcoming KB5044384 update. Users with Western Digital NVMe SSDs, specifically the WD_Black SN770 and WD Blue SN580, are experiencing blue screen crashes due to incorrect allocation of the host memory buffer size, which is increasing to 200 MB instead of the typical 64 MB to 100 MB. A workaround involves adjusting the HmbAllocationPolicy in the Registry Editor to set the allocation back to 64 MB. Users are encouraged to report issues via the Feedback Hub to help Microsoft prioritize fixes.