Cve 2024 41983
The latest Cve 2024 41983 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft's August 2025 Patches Break Reset This PC and Cloud Recovery — What Admins Must Do Now
Microsoft's August 2025 cumulative updates broke "Reset this PC" and cloud recovery on Windows 10 22H2/21H2 and Windows 11 23H2/22H2, leaving users unable to repair their systems without manual reinstallation. The company acknowledged the regression but has not yet released a fix, forcing IT admins to pause deployments, inventory affected machines, and prepare offline recovery tools. The incident adds urgency to Windows 10 end-of-support planning and highlights the fragility of built-in recovery features.
Windows Live Mail Spam Setup Guide: Maximize Filters Before You Migrate to New Outlook
Microsoft ended support for Windows Mail and Calendar in December 2024, but many users still rely on the long-discontinued Windows Live Mail. This guide details how to configure WLM’s built-in spam controls—Safe Senders, Blocked Senders, international filters, and message rules—to maximize inbox protection as a temporary measure. It also explains why the unsupported client poses security risks and walks through migration steps to the new Outlook for Windows, which offers modern authentication, server-side filtering, and a free, unified email experience.
CISA's August 19 ICS Alert: Siemens Desigo CC SAML Bypass, Tigo Hardcoded Credentials, and EG4 Inverter Firmware Risks Exposed
CISA issued four ICS advisories on August 19, 2025, detailing severe vulnerabilities in Siemens Desigo CC, Mendix SAML module, Tigo Energy Cloud Connect Advanced, and EG4 inverters. The flaws include local privilege escalation, SAML signature verification bypass, hardcoded credentials, command injection, and insecure firmware updates, with CVSS scores up to 9.3. Immediate network isolation, vendor patch application, and long-term supply chain security improvements are critical.
Mendix SAML Signature Bypass Allows Remote Account Hijacking; Siemens Urges Immediate Patches
Siemens has disclosed CVE-2025-40758, a high-severity vulnerability in the Mendix SAML module that could allow unauthenticated attackers to bypass SAML signature verification and hijack user accounts. The flaw, rated CVSS 8.7, affects multiple Mendix versions, and Siemens has released patches alongside mitigation guidance. Enterprise Windows administrators running Mendix applications should immediately inventory affected modules, enable encryption, and upgrade to fixed versions to protect against potential account takeover.
KB5063878 Update Sparks SSD Disappearances on Windows 11 24H2, Permanent Data Loss Possible
Microsoft's August 2025 cumulative update KB5063878 for Windows 11 24H2 causes SSDs to disappear during sustained write operations, with at least one drive suffering permanent data loss in community tests. Phison has acknowledged the issue and is investigating, but Microsoft has not listed a storage regression on its support page. Users should back up data, pause the update, and avoid large file transfers until a fix is released.
Portuguese Restaurant Kiosk Borked by Windows Code-Signing Check on WinRestKioskWPF.exe
A Portuguese restaurant's Windows kiosk froze with a security warning after WinRestKioskWPF.exe failed a code-signing check on July 1, 2026. The likely cause—an expired or untrusted certificate—spotlights the fragility of locked-down Windows devices when code-signing chains break, and underscores the need for vigilant certificate lifecycle management in point-of-sale deployments.
Azure Security Researcher Matthew Jensen Earns MVR Status After Exposing Entra ID Vulnerabilities in Zero Day Quest
Microsoft's June 30, 2026 MSRC profile highlights Matthew Jensen, an Azure security researcher who leveraged his sysadmin background to uncover critical identity vulnerabilities in Entra ID, earning him Most Valuable Researcher status through the Zero Day Quest bug bounty program. His practical experience proved invaluable in finding flaws that traditional pentesting often misses, and he continues to influence cloud security practices.
Quiet Update: Windows 10 Consumer ESU Now Covers Users Through October 2027
Microsoft has quietly extended its Windows 10 Extended Security Updates (ESU) program for consumers, now offering critical security patches through October 12, 2027. The change adds a second year to the previously announced one-year $30 plan, giving millions of home users more time before they must upgrade or replace unsupported hardware.
wolfSSL Warns of AES-GCM Streaming Flaw CVE-2026-55967 That Bypasses Authentication Past 64 GiB
wolfSSL disclosed CVE-2026-55967, a high-severity bug in its AES-GCM streaming API that failed to reject messages over 64 GiB, breaking authentication and confidentiality. Affecting versions 4.8.0 through 5.9.1, the flaw was patched in version 5.9.2 and has implications for Windows IoT and Azure Sphere devices. Users are urged to update immediately or implement application-level size limits.
GnuPG S/MIME Flaw CVE-2026-57062 Allows Attackers to Bypass Encryption Integrity with Short AES-GCM Tags
A low-severity flaw (CVE-2026-57062) in GnuPG's S/MIME component, gpgsm, can undermine the integrity of AES-GCM-encrypted messages by accepting improperly short authentication tags. Windows users who rely on Gpg4win should immediately upgrade to the patched version to prevent potential forgery attacks.
CrashPlan Touts Free OneDrive Backup for Microsoft 365 at TechCon 365 Atlanta
CrashPlan is set to demonstrate how Microsoft 365 users can leverage OneDrive as a free, secure backup target at TechCon 365 Atlanta this August. The sessions, led by VP Randy De Meno, will showcase granular recovery, compliance tools, and SaaS simplicity, emphasizing the need for third-party cyber resilience to fill gaps in Microsoft's native protection.
The Phishing Pipeline: How Attackers Weaponize Microsoft 365 Direct Send to Evade Every Defense
Cybercriminals are exploiting Microsoft 365’s Direct Send feature to send phishing emails that bypass traditional email security by inheriting Microsoft’s trusted reputation. The technique relies on low-cost tenant acquisition, simple configuration, and weak DMARC enforcement to achieve near-perfect inbox delivery. Organizations must adopt layered defenses, strict authentication policies, and user education to counter this growing threat.
CISA Orders Federal Agencies to Patch Critical Exchange Hybrid Flaw by August 11
CISA issued an emergency directive requiring federal agencies to patch CVE-2025-53786 by August 11, 2025. The critical vulnerability in Exchange hybrid deployments allows attackers who gain admin on an on-premises server to silently escalate privileges to Exchange Online via a shared service principal. Microsoft has released hotfixes and is phasing in traffic blocks to enforce migration to a dedicated hybrid app, with permanent blocks after October 31, 2025.