Windows versions Archives

Winsage

May 5, 2026

Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say

Researchers at Striga have identified two vulnerabilities (CVE-2026-42248 and CVE-2026-42249) in Ollama’s Windows auto-updater that could allow an attacker to install a persistent executable that runs at user login. CVE-2026-42248 fails to properly verify signatures of downloaded content, while CVE-2026-42249 is a path traversal flaw that allows an attacker to inject malicious code into the user's Startup folder. Exploitation requires control over the update response, with potential methods including compromising the update infrastructure or redirecting the client. The vulnerabilities affect Ollama versions 0.12.10 through 0.17.5, and users are advised to disable auto-updates and remove shortcuts from the Startup folder to mitigate risks.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.

Winsage

May 4, 2026

Miss Windows XP or 7? Then I have a free, open-source alternative for you

ReactOS has merged its Live and Boot ISOs into a single installation image, simplifying the installation process for users. This integration allows users to test the OS in a live environment and transition to installation without needing multiple discs or USB drives. The installation process still resembles older Windows versions with a text-based setup, but a full graphical installation interface is expected in the upcoming 0.4.16 build. Additionally, ReactOS is expanding its hardware compatibility with a new ATA storage driver, enabling it to boot on a wider range of storage devices. ReactOS is currently in its alpha stage of development and is not yet suitable for everyday use.

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

Winsage

April 28, 2026

Here’s How Microsoft’s New Windows Insider Channels Work

Microsoft has transformed its Windows Insider program by introducing three new channels: Experimental, Beta, and Release Preview. The Experimental channel combines the previous Dev and Canary options, allowing users to test new features with less stability. The Beta channel has been updated to ensure all users receive the same features simultaneously, eliminating gradual rollouts. The Release Preview channel offers the least risk, providing access to updates before their official release. Users now have more control over the features they trial, with the ability to enable or disable specific features through a new "Feature flags" page. Additionally, switching between channels has been simplified, allowing smoother transitions without needing a complete PC wipe, except when moving to the Experimental Future Platforms channel.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.

Winsage

April 24, 2026

Microsoft beefs up Remote Desktop security with … hard-to-read messages

Microsoft has released an update to improve the security of its Remote Desktop feature, which includes a warning for users opening Remote Desktop (.rdp) files. However, this warning is not displaying correctly for some users due to a bug identified in the Known Issues list after the April 14 update. The issue primarily affects users with multiple monitors set to different display scaling, leading to overlapping text or obscured buttons. Microsoft has advised users to synchronize their display scaling settings or use keyboard navigation as a workaround. The company plans to address this issue in a future Windows update but is not issuing an Out-of-Band update specifically for it. Additionally, a serious vulnerability (CVE-2026-40372) was discovered in the .NET framework, affecting versions 10.0.0 to 10.0.6, which requires immediate attention. This vulnerability impacts all Windows versions that received the update, including Windows 11 26H1.

Winsage

April 22, 2026

Hate the Windows 11 Taskbar? Here’s the ultimate way to bring back a classic look from Windows 95 to Windows Vista

Windows 11 has received criticism for its restrictive Taskbar, with users wanting the ability to reposition it to the top of the screen. RetroBar is a free application that restores functionalities from earlier Windows versions, allowing users to customize the Taskbar's position and appearance, including nostalgic themes from Windows XP, Longhorn, and Vista. RetroBar supports custom designs, is compatible with multi-monitor setups, and can be easily installed from GitHub. Users can revert to the standard Windows 11 Taskbar with a simple exit command. The application offers various themes and can be set to launch at startup. RetroBar's code is available on GitHub, including a native ARM64 build for Snapdragon devices.

Winsage

April 20, 2026

I tested this Windows 11 customization app with 42 million downloads — why aren’t more people discussing it?

ExplorerPatcher is a free, open-source application that has surpassed 42 million total downloads and received 32,200 stars on GitHub. It allows users to customize their Windows 11 experience by restoring features from older Windows versions, such as reverting the taskbar to its Windows 10 counterpart. The app is compatible with both x86-64 Windows and Windows on ARM. It offers a simple settings menu for adjusting the Taskbar, File Explorer, Start menu, and System Tray, as well as advanced features like improved multi-display taskbar support and a customizable Win+X menu. Users can save and share custom configurations, and there are preset options like the "Classic Windows 10" preset. Despite its popularity, ExplorerPatcher faces challenges such as being flagged by Windows' security systems and potential disruptions after major Windows updates.