Windows systems Archives

Winsage

June 3, 2026

OpenAI’s Codex can finally control Windows 11 PCs on its own

OpenAI has announced that the Codex desktop's Computer Use feature is now available on Windows 11 systems, previously exclusive to macOS. This feature allows Codex to control applications on a user's computer using a virtual mouse and keyboard, enabling it to autonomously navigate the system and execute tasks. Users can direct Codex by referencing their computer or specific applications in their instructions. The feature is integrated with mobile applications, allowing users to manage tasks on their Windows systems from mobile devices. Currently, it is available across all Codex plans, including free tiers, but access may eventually be limited to premium plans.

Winsage

June 2, 2026

PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems

PHANTOMPULSE is a remote access trojan (RAT) used as a final payload in multi-stage attacks targeting Windows environments. It employs advanced post-exploitation techniques, including process injection, User Account Control (UAC) bypass, and a decentralized blockchain-based command-and-control (C2) mechanism. The malware utilizes three process injection techniques: module stomping, manual DLL mapping, and debug-driven execution. It avoids detection by using direct system calls instead of standard Windows APIs and incorporates a hardware breakpoint mechanism to disable security protections like AMSI and ETW. PHANTOMPULSE retrieves its C2 server address from Ethereum-based transaction data but has a vulnerability that allows defenders to hijack communication. It achieves persistence through scheduled tasks and supports self-healing capabilities. Privilege escalation is done using the "schuac" UAC bypass technique. The malware conducts system reconnaissance focusing on cryptocurrency wallets and messaging apps but does not directly steal credentials. It shows signs of AI-assisted development and shares tactics with DPRK-aligned threat groups, particularly in targeting cryptocurrency platforms.

Winsage

June 2, 2026

New PHANTOMPULSE RAT Campaign Uses UAC Bypass in Windows Attacks

The REF6598 intrusion set has revealed a Remote Access Trojan (RAT) named PHANTOMPULSE, which is distributed via malicious Obsidian plugins. It uses advanced evasion techniques, including a blockchain-based command and control (C2) channel and a public User Account Control (UAC) bypass to infiltrate Windows systems. The malware disables security measures like the Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP) through a hardware-breakpoint technique, allowing it to avoid detection by signature-based memory scanners. PHANTOMPULSE hides its core files in encrypted registry blobs and creates scheduled tasks that appear as .NET Framework updates. Its decentralized C2 framework queries public blockchains for operational data, but it lacks sender authentication, which can be exploited by defenders. The malware inventories the system for antivirus software and targets high-value applications. It employs a UAC bypass technique called “schuac” to gain elevated permissions. Analysts attribute this campaign to DPRK-aligned threat actors, particularly the BlueNoroff group, due to its focus on cryptocurrency wallets and blockchain exploitation. Defenders can identify new infrastructure by searching blockchain ledgers for a specific hex signature associated with the malware's C2 encryption routine.

Tech Optimizer

May 30, 2026

Best Free Antivirus Apps That Actually Protect Your PC From Viruses and Threats

Antivirus applications are essential for protecting Windows systems from online threats like viruses, malware, and phishing attempts. Many users prefer dedicated antivirus software despite improvements in built-in security features. Free antivirus software offers crucial protection without a paid subscription, balancing security, performance, and user-friendliness. Key free antivirus options include: - Microsoft Defender Antivirus: Built-in, real-time scanning, and regular updates. - Bitdefender Antivirus Free for Windows: Strong malware detection with minimal system impact. - AVG AntiVirus Free: Provides real-time protection and phishing defense. - Avast One Basic: Combines antivirus with additional security tools. - Avira Free Security: Lightweight with antivirus and privacy tools. - Panda Antivirus: User-friendly with essential protection and malware cleanup tools. Effective antivirus solutions should offer real-time protection, automatic updates, and seamless operation without hindering system performance. Trust and usability are also important factors in choosing antivirus software. The best antivirus for a user depends on their daily activities, with basic apps suitable for light users and more advanced options for those who frequently download files. Free antivirus applications can provide adequate protection for most users, but they may lack advanced features found in paid versions. Microsoft Defender and Bitdefender are noted for their low system impact. Running multiple antivirus programs simultaneously is not recommended due to potential conflicts.

Winsage

May 28, 2026

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is being deployed across supported Windows devices via Windows Update. The Secure Boot certificates from 2011 will begin to expire in June 2026, prompting Microsoft to introduce new 2023-dated certificates to maintain security. Most users will require minimal action if their PCs are updated, but older devices may face challenges. The current certificates include: - Microsoft Corporation KEK CA 2011: expires June 24, 2026 - Microsoft UEFI CA 2011: expires June 27, 2026 - Microsoft Windows Production PCA 2011: expires October 19, 2026 The new certificates will remain valid until 2038, with plans for post-quantum cryptography around 2030. While PCs using the 2011 certificates will continue to function, they will lose access to new security protections, making them vulnerable to emerging threats. A notable example of such a threat is the BlackLotus bootkit, which exploited vulnerabilities to bypass Secure Boot. Microsoft's rollout strategy involves a staged update process that typically takes around 48 hours and may require restarts. Users are advised to keep Windows updated and check their Secure Boot status. Known issues may arise for older PCs, systems that bypassed Windows 11 requirements, Legacy BIOS systems, and custom firmware configurations. IT teams managing devices should inventory their systems, monitor specific event IDs, test updates, and document devices that cannot be updated.

Winsage

May 27, 2026

My new favorite Windows app made my PC safer and more reliable

A significant shift in Windows applications is enhancing user experience and security, with experts recommending the use of digitally signed packages from trusted sources instead of random installers. Most commonly used Windows applications are now available through the Microsoft Store or the WinGet package repository, simplifying installation and enhancing security. The UniGetUI application streamlines software management and updates, allowing users to create bundles for easy transfer between PCs. It supports packages from various repositories and tracks applications for easy updates and uninstallation. Originally developed by Martí Climent, UniGetUI is now maintained by Devolutions, focusing on stability and security.

Winsage

May 27, 2026

Is it time to move from Windows to Linux?

The evolution of software development has progressed from intricate coding practices in the era of Windows 3.1 to more user-friendly programming environments. Linux applications typically require less RAM, often functioning efficiently with 8 to 16 GB, compared to 32 GB for Windows. Users can explore Linux through platforms like WSL, Hyper-V, or VirtualBox without fully committing. Linux serves as a viable alternative for older PCs that cannot support Windows 11 and acquiring Linux development skills can enhance professional profiles. Linux updates generally do not require reboots, and users can choose when to install them. Windows systems tend to slow down over time due to registry clutter, while Linux maintains performance integrity. Windows runs numerous background processes that could be disabled for better performance, but users may not know which ones are safe to turn off. Developers may find Windows frustrating due to increasing restrictions and limited administrative privileges. In contrast, Linux provides transparency regarding telemetry data. Microsoft's Visual Studio Code is a leading text editor for Linux, highlighting Microsoft's influence on Linux development. The introduction of Python and C# on Linux has showcased its performance advantages. While Windows has an edge in GUI development, tools like Flutter are enabling Linux GUI application creation. Many Linux utilities work seamlessly from the terminal. Transitioning to full-time Linux use is a personal choice, especially for gamers or those with specific project needs. The ability to develop in languages like Rust, Flutter, and C# across both operating systems encourages exploration of various Linux distributions.

Winsage

May 26, 2026

How to Remove Microsoft Edge (Windows 10 and 11)

Removing Microsoft Edge from Windows can be complex due to its integration as a system component, especially in Windows 10 and standard Windows 11 installations. Edge may not have a straightforward Uninstall button in the Settings page, but methods exist for uninstallation, including using Edge's own installer or command-line approaches. In the EU, users may find an easier uninstall option in Settings due to the Digital Markets Act (DMA). To uninstall Edge, users should check their Windows version and region, install a replacement browser beforehand, and be aware that updates might reinstall Edge. Elevated permissions are typically required for uninstallation methods. Method A involves using Edge's setup.exe in uninstall mode from its Installer directory, which is widely compatible. Method B allows for a Settings-based uninstall in certain EU Windows 11 builds influenced by DMA. Method C uses PowerShell to remove Edge partially but may not be effective on newer builds. Method D suggests disabling Edge instead of fully uninstalling it for better system stability. Advanced techniques exist but carry risks, including potential system integrity issues. Users should consider application dependencies and the likelihood of Windows updates restoring Edge. For enterprise environments, policy-based control is preferred over complete removal. The EU DMA is driving changes toward a more modular Windows architecture, allowing for greater user choice regarding browser components.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Tech Optimizer

May 21, 2026

Nvidia tells users to update GPU drivers now or face possible attack — here’s what we know

NVIDIA has released an update to its GPU display drivers that addresses 14 vulnerabilities across its product lines, including GeForce, RTX, Quadro, Tesla, NVS, vGPU, and Cloud Gaming software. The most critical vulnerability is CVE‑2026‑24187, a high-severity use-after-free bug rated 8.8 out of 10, which could allow code execution, privilege escalation, data theft, or system crashes. Linux systems are vulnerable due to improper access to GPU resources at the kernel level, while Windows systems are at risk from a timing flaw. Two vulnerabilities in NVIDIA’s Unified Virtual Memory subsystem on Linux could lead to denial-of-service attacks without elevated permissions. The vGPU software also received patches for vulnerabilities in its virtual GPU manager component. Users can download the updated drivers from the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal, with Windows users needing version 569.49 or newer and Linux users needing version 590.48.01. Users are advised to maintain their antivirus programs for enhanced security. NVIDIA thanked external security researchers for their responsible disclosure of these vulnerabilities.