Windows vulnerabilities Archives

Winsage

May 15, 2025

Microsoft Copilot+ Recall: who should disable it, and how

Microsoft's Recall feature for Copilot+ PCs was initially announced a year ago but delayed due to privacy concerns raised by cybersecurity experts. The updated version was released in April 2025 for Windows Insider Preview builds and rolled out more broadly in May. Key updates include requiring user permission for activation, encrypting database files with hardware-based Trusted Platform Module (TPM), and implementing a filter to prevent saving sensitive information. Recall is enabled on a per-user basis, can be uninstalled, does not require a Microsoft account, and processes data locally. However, it still has vulnerabilities, such as allowing access with a regular Windows PIN after initial biometric authentication and failing to consistently filter sensitive data. Recall can log interactions during calls and capture self-destructing messages, posing privacy risks. It can impact performance and battery life, especially during gaming. Users handling sensitive data or frequently using video conferencing may want to disable or remove Recall. Instructions for disabling or removing Recall are provided, along with precautions for those who choose to use it.

Winsage

April 20, 2025

587 Windows Vulnerabilities — A Microsoft Security Record Breaker

Microsoft has reported a record number of 1,360 security vulnerabilities for its products in 2024, marking an 11% increase from 2023. This includes 587 vulnerabilities in Windows (33 classified as critical) and 684 in Windows Server (43 classified as critical). The increase in reported vulnerabilities suggests that security researchers are effectively identifying weaknesses, and Microsoft has invested over a million dollars in bounties to encourage this. The proactive communication and remediation process during Patch Tuesday enhances security, indicating that Microsoft is committed to addressing vulnerabilities rather than being indifferent to user security.

Winsage

March 12, 2025

Critical Windows Warning As 6 Zero-Day Attacks Confirmed—Update Now

In March, Microsoft confirmed six zero-day vulnerabilities in its Patch Tuesday security announcement, marking an increase from five reported in January and February combined. The March update includes a total of 57 Common Vulnerabilities and Exposures (CVEs), with all six zero-days classified as critical. These vulnerabilities can be addressed with a single cumulative update, requiring no additional configuration steps post-patch. The zero-days affect critical components such as the Microsoft Management Console, NTFS, Fast FAT, and the Win32 Kernel Subsystem. The specific vulnerabilities are: 1. CVE-2025-26633: Security feature bypass in the Microsoft Management Console, requiring social engineering to exploit. 2. CVE-2024-24993: Heap-based buffer overflow in Windows NTFS, allowing unauthorized code execution through a specially crafted virtual hard disk. 3. CVE-2025-24991: Information disclosure vulnerability affecting Windows 10 to 11 and Server 2008 to 2025, deemed critical. 4. CVE-2025-24985: Vulnerability in the Windows fast FAT file system driver, posing a risk of remote code execution via a specially crafted virtual hard disk. 5. CVE-2025-24983: Elevation of privilege vulnerability in the Windows Win32 kernel subsystem, potentially granting unauthorized access to sensitive data. 6. CVE-2025-24984: Another information disclosure vulnerability in Windows NTFS, also affecting the same range of Windows editions and considered critical.