Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Windows 11. Show all posts
Windows 11 reset
Bitlocker BitLocker encryption BitLocker recovery key Cyber Security Data Loss Microsoft account Windows 11 Windows 11 reset

Windows 11’s Auto-Enabled BitLocker Locks User Out of Terabytes of Data — Here’s What Happened

 

Microsoft first introduced BitLocker drive encryption with Windows Vista back in 2007, though it was initially limited to the Enterprise and Ultimate editions. Over the years, it evolved into a core security feature of Windows. With Windows 11, Microsoft went a step further — BitLocker now activates automatically when users sign in with a Microsoft account during the setup process (OOBE). While this auto-encryption aims to secure user data, it has also caused some serious unintended consequences.

That’s exactly what happened to one unfortunate Reddit user, u/Toast_Soup (referred to as “Soup”), who ended up losing access to their data after a Windows reinstall.

Soup noticed their PC was lagging and decided to perform a clean installation of Windows. Their system had six drives — including the boot drive and two large backup drives (D: and E:), each with around 3TB of data. But once the reinstall was complete, those two drives appeared to have vanished. They were locked by BitLocker encryption, despite Soup never manually turning the feature on.

Unaware that Windows 11 automatically encrypts drives linked to a Microsoft account, Soup didn’t have the necessary BitLocker recovery keys — keys they didn’t even know existed. Without them, the data became permanently inaccessible. Even professional data recovery software couldn’t help, since BitLocker’s encryption is designed to prevent unauthorized access.

Desperate, Soup reinstalled Windows again, only to face the same encryption prompt — this time for the boot drive. Thankfully, they noted down the new recovery key and regained access to Windows. Unfortunately, their D: and E: drives remained permanently locked. When Reddit users suggested checking Microsoft account settings, Soup confirmed that only the key for the main C: drive was listed there.

What makes this situation worse is that BitLocker doesn’t just risk unexpected data lockouts — it can also impact system performance. Previous testing has shown that the software-based version of BitLocker can reduce SSD read/write speeds by up to 45%, as the CPU must continuously encrypt and decrypt data. This slowdown could explain the lag Soup noticed before resetting their system.

It’s worth noting that hardware-based encryption (known as OPAL) performs much better but isn’t what Windows 11 enables automatically. Some users in the Reddit thread also mentioned that even small system changes — like altering boot order — can unexpectedly trigger BitLocker on Windows 11 Home, even with a local account.

Windows 10 doesn’t exhibit the same automatic encryption behavior, nor does upgrading from Windows 10 to 11. Unfortunately, in Soup’s case, there’s little left to do other than wipe the drives and start over.

To avoid similar disasters, users should check BitLocker settings immediately after setup, disable automatic encryption if desired, and securely back up recovery keys. Always maintain external backups of crucial data — because once BitLocker takes over without your knowledge, recovery may not be possible.
Read more »
Windows 11
CCleaner Microsoft PC Cleaner App Technology Windows 11

Microsoft Introduces PC Cleaner App to Boost PC Performance

 


In a move to enhance user experience, Microsoft has predicated its PC Cleaner app, now conveniently available on the Microsoft Store for both Windows 10 and Windows 11 users. Similar to popular third-party tools like CCleaner, this application aims to declutter system folders, potentially boosting your computer's performance.

Developed and tested since 2022 under the name PC Manager, originally intended for the Chinese market, the app is now accessible in more regions, including the United States. While it might not be visible on all Windows 11 devices just yet, an official Microsoft PC Cleaner page assures users that it is on its way.

The PC Cleaner offers various features through a new floating toolbar. Users can expect tools like PC Boost, focusing on eliminating unnecessary processes and temporary files. The Smart Boost option efficiently handles spikes in RAM usage and large temporary files exceeding 1 GB. Another feature, Deep Cleanup, targets older Windows update files, recycle bin items, web cache, and application caches, giving users the flexibility to choose what to keep or remove.

The Process tool provides a comprehensive view of all running processes, allowing users to end any process within PC Cleaner without the need for Task Manager. The Startup feature empowers users to manage applications launching at startup, optimising system boot times. Large Files tool deftly locates sizable files on any drive, streamlining the process compared to manual searches through File Explorer.

Additional tools include Taskbar Repair to revert it to its original state and Restore Default Apps, which restores default app preferences. Notably, Microsoft seems to use the latter feature to encourage users to explore Microsoft apps, such as Edge.

Microsoft has been critical of third-party system cleaner apps in the past, expressing concerns about potential harm to crucial system files. Despite labelling apps like CCleaner as potentially unwanted programs (PUPs), they are still available for download from the Microsoft Store. However, with PC Cleaner, Microsoft assures users that the application, designed in-house, won't delete necessary system files, presenting a safer alternative to third-party options.

Offering a host of useful tools for free, PC Cleaner aligns with Microsoft's commitment to providing quality applications for Windows users. The app, matching your Windows theme, is set to be a secure and reliable choice straight from the Microsoft Store. While third-party apps like CCleaner have faced security concerns in the past, PC Cleaner's direct association with Microsoft provides users with a trustworthy solution. The app is free to use, and an official Microsoft page for PC Cleaner suggests a direct download link will be available soon for those who can't find it on the Microsoft Store yet.

To simplify this, Microsoft's introduction of PC Cleaner signifies a positive step toward providing users with a reliable, in-house solution for system optimisation. With its user-friendly features and assurance of not deleting crucial system files, PC Cleaner aims to facilitate the ins and outs of PC performance for Windows users.


Read more »
Windows 11
Data Breach Email Breach Microsoft Outlook Privacy Windows 11

Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge

 



Microsoft's data collection practices are under scrutiny, as a recent report suggests the Outlook for Windows app might be sharing more user information than expected. With this app now default on Windows 11, the impact could be widespread. ProtonMail, a competitor to Outlook, discovered that user data collected includes emails, contacts, browsing history, and potentially location data. They even labeled Outlook for Windows as "a surveillance tool for targeted advertising." Users are automatically opted in to share their data with hundreds of third parties, mainly for advertising. Opting out involves a manual process for each of the 772 companies, making it cumbersome for users. This discovery raises concerns about user privacy, especially for those who use Outlook for daily communication and work-related tasks.

Microsoft is no stranger to data privacy issues, and recent reports indicate that Outlook for Windows might be playing a part in it. Last year, concerns were raised about Windows 11 collecting and sending data even before users connected to the internet. This time, ProtonMail, a direct competitor of Microsoft's email services, has shed light on data collection practices by Outlook for Windows, labelling it as "a surveillance tool for targeted advertising."

However, it's crucial to consider ProtonMail's position as a privacy-focused service competing with Microsoft. Their motive to criticise Outlook for Windows should be taken into account, as they aim to highlight the superiority of their own privacy and security features.

Outlook for Windows being a free app raises questions about how Microsoft supports it. Some argue that user data is used to support the app and introduce new features. While users can opt out of data sharing, the process is not as straightforward as it could be, requiring a per-advertiser toggle click rather than a simple 'reject all' button.

Actions to take

If the data-sharing concerns have you on edge, opting out is possible. Navigate to the 'General' section in your Outlook for Windows settings and find 'Advertising Preferences.' Here, a list of companies with toggles set to 'enable' will be displayed. While there's no universal 'reject all' button, each advertiser allows you to learn more about their privacy policies and opt out.

Creating a new Outlook email account may present an easier option, as the 'reject all' option appeared during testing. However, for existing accounts, manually deselecting advertisers is the route to take.

This scenario prompts us to reconsider the trade-off between free apps and data sharing. While Microsoft appears to make turning off data sharing relatively straightforward, it emphasizes the importance of scrutinizing user agreements and disclaimers for free apps, particularly those from Microsoft.

Protect Your Data

In an era where data privacy is paramount, understanding how apps utilise your information is crucial. As you use free apps like Outlook for Windows, take the time to review and adjust your settings to protect your data. Being proactive ensures that you are in control of what information is shared and with whom. Stay informed, stay secure.


Read more »
Windows 11
Cyber Security DLL Search Order Hijacking Exploitation Malicious Code Privilege Escalation Security Bypass Security Joes Threat actors Windows 10 Windows 11

New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections

 

Security researchers have outlined a fresh variant of a dynamic link library (DLL) search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and Windows 11.

The new method, disclosed in a report by cybersecurity firm Security Joes and exclusively shared with The Hacker News, exploits executables commonly present in the trusted WinSxS folder, utilizing the classic DLL search order hijacking technique. By doing so, adversaries can avoid the need for elevated privileges when attempting to run malicious code on a compromised system, introducing potentially vulnerable binaries into the attack chain.

DLL search order hijacking involves manipulating the search order used to load DLLs, allowing the execution of malicious payloads for purposes such as defense evasion, persistence, and privilege escalation. This technique targets applications that do not specify the full path to required libraries, relying on a predefined search order to locate DLLs on disk.

Threat actors exploit this behavior by relocating legitimate system binaries into non-standard directories that contain malicious DLLs, named after legitimate ones. This tricks the system into loading the attack code-containing library instead of the authentic one.

The unique aspect introduced by Security Joes focuses on files within the trusted "C:\Windows\WinSxS" folder. WinSxS, short for Windows side-by-side, is a crucial Windows component used for OS customization and updates to ensure compatibility and integrity.

According to Ido Naor, co-founder and CEO of Security Joes, the discovery diverges from traditional cyber attack methods, providing a more subtle and stealthy exploitation technique. The strategy involves identifying vulnerable binaries in the WinSxS folder and combining them with DLL search order hijacking methods. This entails strategically placing a custom DLL with the same name as a legitimate DLL into an actor-controlled directory, triggering code execution when executing a vulnerable file in the WinSxS folder.

Security Joes emphasized the potential for additional binaries in the WinSxS folder susceptible to this DLL search order hijacking, urging organizations to take precautions. They recommended examining parent-child relationships between processes, particularly focusing on trusted binaries, and closely monitoring activities performed by binaries in the WinSxS folder, including network communications and file operations.
Read more »
Windows 11
Data Safety malware Safe Boot UEFI Bootkit User Security Windows 11

Fully patched Windows 11 Systems are Susceptible to the BlackLotus Bootkit

 

ESET's analysis of the malware has shown that the BlackLotus bootkit may circumvent security safeguards on fully updated Windows 11 PCs and permanently infect them. 

BlackLotus is a brand-new threat actor that first appeared on darknet forums in October 2022. For $5,000, it gives advanced persistent threat (APT) actors like cybercriminals access to capabilities that were once only available to nation-states. 

The main danger posed by UEFI bootkits is well-known. By controlling the operating system's boot process, they can disable security safeguards and introduce kernel- or user-mode payloads while the machine is booting up, acting covertly and with elevated privileges. 

ESET, which discovered BlackLotus for the first time in late 2022, has so far located six installers, allowing it to thoroughly examine the threat's execution chain and pinpoint the malware's primary capabilities.

BlackLotus has a wide range of evasion capabilities, including anti-debugging, anti-virtualization, and code obfuscation, as evidenced by early reports. It can also disable security measures like BitLocker, Hypervisor-protected Code Integrity (HVCI), and Windows Defender. 

There is little that can be done to protect systems from attacks, even if the most recent patches have been installed, especially with proof-of-concept (PoC) exploit code being publicly available since August 2022, according to ESET, as the bootkit exploits a year-old vulnerability in Windows (tracked as CVE-2022-21894) to disable secure boot. 

"Although the vulnerability was fixed in Microsoft’s January 2022 update, its exploitation is still possible as the affected, validly signed binaries have still not been added to the UEFI revocation list. BlackLotus takes advantage of this, bringing its own copies of legitimate – but vulnerable – binaries to the system in order to exploit the vulnerability,” ESET stated. 

When BlackLotus is run on the machine, it installs a kernel driver to prevent removal, sets up the user-mode component, runs kernel payloads, and removes the bootkit. By safeguarding handles for the bootkit's files on the EFI System Partition and causing a Blue Screen Of Death if these handles are closed, removal is avoided.

Command-and-control (C&C) communication through HTTPS, command execution, and payload delivery are all handled by the user-mode component, an HTTP downloader. Under the context of the winlogon.exe process, the downloader is run by the SYSTEM account. 

BlackLotus installers have been found both offline and online, and a typical attack begins with an installer distributing bootkit files to the ESP, turning off system safeguards, and rebooting the device. 

Following the enrolment of the attackers' Machine Owner Key (MOK) to the MokList variable for persistence, CVE-2022-21894 is exploited to deactivate secure boot. The self-signed UEFI bootkit is used to deliver the kernel driver and user-mode payload on subsequent reboots (the HTTP downloader). 

Additionally, the bootkit was found by ESET to rename the genuine Windows Boot Manager binary before replacing it. When the bootkit is told to remove itself, the renamed binary is used to start the operating system or to bring back the initial boot sequence. 

Although BlackLotus is covert and equipped with a number of anti-removal safeguards, ESET thinks they have uncovered a flaw in the way the HTTP downloader transmits instructions to the kernel driver that would allow users to uninstall the bootkit. 

According to ESET, "in the event that the HTTP downloader wishes to send a command to the kernel driver, it merely creates a named section, writes a command with associated data inside, and waits for the command to be processed by the driver by creating a named event and waiting until the driver triggers (or signals) it." 

The kernel driver can be tricked into completely uninstalling the bootkit by creating the aforementioned named objects and sending the uninstall command. The kernel driver supports install and uninstall commands. The bootkit would still be present on infected devices even though upgrading the UEFI revocation list would lessen the threat posed by BlackLotus. A new Windows installation and the deletion of the attackers' enrolled MOK key would be necessary in order to clear them. 

"The low number of BlackLotus samples we have been able to obtain, both from public sources and our telemetry, leads us to believe that not many threat actors have started using it yet. But until the revocation of the vulnerable bootloaders that BlackLotus depends on happens, we are concerned that things will change rapidly should this bootkit get into the hands of the well-known crimeware groups,” ESET concluded.
Read more »
Windows 11
Data Breach Data Safety Personal Data User Privacy User Security Windows 11

Watch Out for Windows 11, as it Collects Data Even While you are Offline

 

You turned off the privacy sliders in Windows 11 because you don't want to share your data with Microsoft, and you must have thought that was the end of the matter. It turns out that Windows 11 is still gathering a lot of your data, even on a brand-new computer. 

In a recent YouTube video by The PC Security Channel, Neowin reported on how the behaviour of a brand-new Windows 11 laptop and a brand-new Windows XP installation differed in terms of what data, if any, was being shared online. 

The YouTubers were able to find out some intriguing but not unexpected details regarding the kind of telemetry that Windows 11 was sending by using the Wireshark network protocol analyzer. They discovered that Windows 11 was actively sending data to Microsoft and outside servers during boot-up, even before an internet connection was established. For instance, the data was sent to marketing and advertising networks as well as software servers (perhaps for upgrades, antivirus updates, checking for trial versions, etc.).

In stark contrast, the 20-year-old 64-bit version of Windows XP scarcely, if at all, produced a sound. To check for OS updates, Microsoft servers received the sole telemetry that was supplied.

The video shows how drastically background traffic has changed over time, going from almost no outgoing data to a flood of data relating to advertisements, MSN, Bing, and other things. Obviously, this volume of data relates to the expanded features and capabilities of contemporary operating systems. We depend on fast weather reports, news, and the most recent security fixes these days; it's just the way things are.

However, it's vital to remember that this laptop is brand-new. Think about that for a moment, the YouTuber said. The owner of this machine has not even attempted to use the internet, opened a web browser, or entered any information. Without the user's input, the system is acting in this way on its own.

As soon as you begin using the device, the collection expands. Software like ShutUp10 reveals the various metrics that Microsoft collects while using a Windows PC, including information about handwriting, typing, and advertising. 

Nevertheless, you can thankfully manage and restrict the data that your computer transmits. The purpose of services and programmes like Privatezilla and W10Privacy, which let you choose which undesired functionality should be disabled, is to harden your PC.
Read more »
Windows Defender
Chrome Cyber Security Gaming PCs Microsoft Patch Fix Security Updates Windows 11 Windows Defender

Microsoft Announced the End of Support for Windows 7 & 8

Microsoft has published a warning over the imminent end of support for Windows 8.1, which would not receive any updates or patches after January 10th, 2023.

According to the research, over 100 million computers were still running Windows 7 as of 2021, giving their owners little time to update them before they face the security hazards associated with utilizing an antiquated browser and operating system.

Windows 8.1 is still the fourth most popular Microsoft operating system in the world, according to the Statcounter team, with 2.45% of all Windows users having it installed on their computers. Given the fact that it will affect millions of individuals and expose numerous PCs to attack, this end of support is quite concerning. 

PCs running Windows XP, 7, or 8 were more prevalent than those running Windows 11 according to a Lansweeper survey of 27 million Windows devices conducted in October.

For systems running Windows 10 2004 or 20H2, Windows 10 21H1 was a minor feature update that was designed to be simple to install. It contained improvements to Windows Defender Application Guard, Windows Management Instrumentation via Group Policy, and support for several Windows Hello-enabled cameras. 

Along with the release of a new Chrome version, Google also disclosed that it will discontinue support for Windows 7 and Windows 8.1 in early 2023. For users to continue receiving new Chrome updates, their device must be running Windows 10 or later.

It would be wise for anyone running an outdated version of Windows to inspect their computers and make some critical adjustments this week. Microsoft has issued the warning because Windows 8.1 will soon stop receiving security updates and patches after January 10, 2023.

Read more »
Windows 11
Microsoft Microsoft Office Phishing Attacks User Privacy Windows Windows 11

Microsoft : Windows 11's Upgraded Phishing Tools


Microsoft installed phishing defense in Windows 11 Version 22H2 to help reduce the ongoing danger of identity fraud.

A phishing attempt frequently takes the shape of an email that closely resembles the real thing and leads the recipient to a bogus login page. The most convincing phishing attempts closely resemble the logos, language, and layout.

The Windows 11 software system includes improved phishing security that instantly recognises risk when users type their passwords into any app or website. According to a post by Microsoft, Windows can determine whether an app or website is secure and will alert users when it isn't.

Admins can better defend themselves against such exploits by being aware of when a password has been stolen. When Windows 11 defends against one phishing attack, the threat intelligence streams to defend other Windows users using other apps and websites that are also under attack.

Users are also advised to update their passwords. Once activated, it can alert users using Chrome or Microsoft Edge to potentially dangerous websites. The improved phishing protection function integrates with ones system's local PC account, Azure, or Microsoft Active Directory.

Compared to earlier releases, Windows 11 has greater security features. For maximum security, you will want to modify Windows Security in addition to biometrics like Windows Hello's facial recognition.

Enable BitLocker encryption on the system drive as well to safeguard your data. The user may occasionally need to turn Windows Security off and back on for a variety of reasons, even if utilising it is a no-brainer.

If users enter their password into a malicious website in any Chromium browser or in an app that connects to a phishing site, a blocking dialogue warning is presented asking them to change it.

Windows 11 alerts users that storing their password locally, such as in Notepad or any Microsoft 365 software, is risky and prompts them to delete the password from the file.
Read more »
Subscribe to: Comments (Atom)