Windows systems Archives

Winsage

May 1, 2025

Windows RDP has a major security problem, and Microsoft has refused to do anything about it

A security flaw in Windows RDP allows previously revoked credentials to remain functional after a password reset, enabling users to access their PCs with old passwords. Microsoft does not classify this issue as a bug, stating it is an intentional design to ensure at least one user account can always log in. This behavior is not flagged by Microsoft Defender, Azure, or Entra ID, and the company's documentation lacks clarity on the matter. Microsoft has been aware of this issue since at least August 2023 but has chosen not to modify the code, citing potential compatibility issues.

Winsage

April 29, 2025

Microsoft Confirms $1.50 Windows Security Update Fee Starts July 1

Microsoft has introduced a subscription model for no-reboot security "hotpatch" updates, which will be available for Windows 11 Enterprise, version 24H2, and Windows Server 2025. Users must operate on Windows Server 2025 Standard or Datacenter, connected to Azure Arc, to access these updates. Starting July 1, 2025, there will be a charge of [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: In the realm of operating systems, security updates are paramount, especially when they pertain to software utilized by billions globally. However, Microsoft has recently found itself in a challenging spotlight following a controversial Windows security patch that inadvertently introduced a mysterious folder, sparking a wave of confusion and concern among users. Social media commentators hastily advised users to delete this folder, only for Microsoft to counter with a warning that such actions could leave systems vulnerable to attacks. This incident has now unveiled a broader issue within the Windows security update framework, particularly surrounding the introduction of a subscription model for no-reboot security “hotpatch” updates. What Is Windows Hotpatching, And Who Needs To Pay The .50 A Month Fee? As previously reported, Microsoft is advancing towards a system where hotpatching will eliminate the need for users to reboot their Windows systems after a security update. This innovative feature allows security fixes to be downloaded and installed seamlessly in the background, integrating directly into the in-memory code of processes that are already running. Initially, this functionality is set to be available for a specific segment of users: those operating Windows 11 Enterprise, version 24H2, on x64 (AMD/Intel) CPU devices managed through Microsoft Intune. Recent confirmations from Janine Patrick, Windows Server product marketing manager, and Artem Pronichkin, a senior program manager at Microsoft, indicate that the hotpatching system for Windows Server 2025, which has been in preview since 2024, will transition to a subscription-only model starting July 1. To utilize the no-reboot hotpatch security updates, users must operate on “Windows Server 2025 Standard or Datacenter,” with an essential requirement of being connected to Azure Arc. The noteworthy and contentious aspect of this announcement is the introduction of a subscription fee for the Hotpatch service. While hotpatching has long been available for Windows Server Datacenter: Azure Edition at no cost, users of Windows Server 2025 will incur a charge of .50 per CPU core each month for these security updates. Microsoft emphasizes that while hotpatching will significantly reduce the frequency of required reboots—approximately four times a year for baseline updates—this new approach aims to alleviate the traditional inconveniences associated with Patch Tuesday." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].50 per CPU core each month for the hotpatch service, which aims to reduce the frequency of required reboots to approximately four times a year for baseline updates.

Winsage

April 24, 2025

Microsoft security patch opens up new security vulnerability

Microsoft's recent update aimed at fixing a security vulnerability (CVE-2025-2104) has unintentionally created an "inetpub" folder on the system drive of Windows operating systems. This folder's creation has raised concerns among IT security researchers, particularly Kevin Beaumont, who warns that it could lead to issues with Windows updates. Users can create junctions that redirect to the "inetpub" folder, potentially causing failures in installing updates and leaving systems vulnerable. Microsoft has stated that the "inetpub" folder should not be deleted and that its presence is part of security enhancements.

AppWizard

April 24, 2025

Trojanized Alpine Quest app geolocates Russian soldiers

Russian soldiers are facing a digital threat from a modified Android application, Alpine Quest, which has been tampered with to track their locations and extract sensitive information. The malware, known as Android.Spy.1292.origin, was embedded in an older version of the app and distributed as a free upgrade to Alpine Quest Pro via a fraudulent Telegram channel. Once installed, the trojan collects various types of information, including geolocation, downloaded files, phone numbers, and app versions, and can download additional modules to exfiltrate specific files. Additionally, researchers at Kaspersky discovered a backdoor hidden in counterfeit software updates for ViPNet, a secure networking suite. The malware, disguised as msinfo32.exe, connects to a command-and-control server to steal files and deploy more malicious components. On the Ukrainian side, Russian operatives are conducting a phishing campaign targeting Ukrainian officials and allies, using social engineering tactics to hijack Microsoft 365 accounts. Attackers contact victims via messaging apps, invite them to video calls, and trick them into providing OAuth codes, granting access to their accounts.

Winsage

April 24, 2025

Download WampServer (free) for Windows

WampServer is a web development environment designed for Windows users, integrating MySQL, Apache, and PHP into a single package for local web application development. It simplifies the setup process, allowing novice developers to create functional development servers without affecting live websites. WampServer operates independently of an internet connection and provides a user-friendly control panel for managing server components. It supports both free-form PHP coding and content management systems like WordPress, Joomla, and Drupal. WampServer is free to use and compatible with Windows 7, 8, 10, and 11, but not with macOS or Linux. Alternatives to WampServer include MAMP, XAMPP, and Apache HTTP Server, each offering different features and compatibility.

Winsage

April 17, 2025

Hackers Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals are exploiting a vulnerability in Windows systems known as CVE-2025-24054, which involves NTLM hash disclosure through spoofing techniques. This flaw allows attackers to leak NTLM hashes, leading to privilege escalation and lateral movement within networks. It is triggered when a user extracts a ZIP archive containing a malicious .library-ms file, causing Windows Explorer to initiate SMB authentication requests that expose NTLMv2-SSP hashes. Exploitation of this vulnerability began shortly after a security patch was released on March 11, 2025, with campaigns targeting government and private institutions in Poland and Romania. These campaigns utilized spear-phishing emails containing malicious ZIP archives, which, when interacted with, leaked NTLM hashes. The malicious files included various types designed to initiate SMB connections to attacker-controlled servers, allowing for pass-the-hash attacks and privilege escalation. The stolen hashes were sent to servers in several countries, indicating potential links to state-sponsored groups. One campaign involved Dropbox links that exploited the vulnerability upon user interaction. Microsoft has recommended immediate patching, enhancing network defenses, user education, network segmentation, and regular security audits to mitigate risks associated with this vulnerability.

Winsage

April 15, 2025

Don’t delete inetpub folder. It’s a Windows security fix

A new folder, typically located at C:inetpub, appears on Windows systems after installing the April Patch Tuesday updates for Windows 10 and 11. This folder is created as a security measure related to the vulnerability CVE-2025-21204, which could allow unauthorized access to system-level file management. Microsoft advises users to leave this folder untouched, as it is established with read-only SYSTEM-level access to prevent privilege escalation exploits. The folder will be created even if Internet Information Services (IIS) is not installed, and there are currently no known exploits for CVE-2025-21204. If the folder is deleted, it can be recreated by enabling IIS in the Windows features settings. Users can also manually create the folder with the appropriate permissions if desired.

Winsage

April 14, 2025

Emergency Windows update solves Active Directory problem

Microsoft is releasing emergency patches to address an issue with local audit logon policies in Active Directory Group Policy, affecting various Windows versions including Windows 11 and Windows Server editions. The problem involves a reporting error where audit logon/logoff events may not appear as enabled in the Local Group Policy Editor, despite being active. The updates released include: - Windows 11, versions 23H2 and 22H2 (KB5058919) - Windows Server 2022 (KB5058920) - Windows 10 Enterprise LTSC 2019 and Windows Server 2019 (KB5058922) - Windows 10 LTSB 2016 and Windows Server 2016 (KB5058921) - Azure Stack HCI, version 22H2 (KB5058920) These patches are not security updates and are intended for affected organizations only. They can be downloaded from the Microsoft Update Catalog. The current updates are cumulative, meaning previous updates do not need to be installed first. Microsoft notes that home users are unlikely to be affected by this issue.

Winsage

April 14, 2025

No, it’s not OK to delete that new inetpub folder

Microsoft has introduced a new inetpub folder located at %systemdrive%inetpub on user devices as part of the April Patch Tuesday updates to enhance system protection. This folder is associated with Internet Information Services (IIS), which is not installed by default. Microsoft advises that this folder should not be deleted, regardless of whether IIS is active. The vulnerability CVE-2025-21204 allows an authenticated attacker to elevate privileges locally, enabling them to perform file management operations on the victim machine. The "link following flaw" refers to inadequate prevention of filename linking to unintended resources, and mitigating this risk involves denying access to specific files and setting appropriate folder permissions. The inetpub folder serves as a protective measure against potential exploitation of vulnerabilities.

Tech Optimizer

April 12, 2025

I abandoned third-party antivirus tools, and here’s what I do instead

The author has transitioned from using third-party antivirus solutions to relying on Windows Security, which is built into Windows 10 and 11, due to its effectiveness and lack of cost. They emphasize the importance of keeping Windows Security updated and performing regular virus scans for added peace of mind. Ransomware protection features, such as Controlled Folder Access, are highlighted as essential. The Microsoft PC Manager app is recommended for optimizing system performance and security. The author advocates for good security hygiene, including avoiding suspicious emails and enabling two-factor authentication, as effective practices to maintain security without third-party antivirus software.