Tux Machines

Do you waddle the waddle?

Other Sites

LinuxGizmos.com

DietPi August 2025 Update Goes Trixie and Prepares Forky

The August 2025 release of DietPi v9.16 introduces full support for Debian 13 “Trixie,” initial support for Debian 14 “Forky,” and a wide set of software and system enhancements. Released on August 23rd, this update also includes optimizations to DietPi tools, additional RISC-V support, and numerous bug fixes.

GOWIN-Based Tiny $14 FPGA Board with 1.5K LUTs, 96 Kb SRAM, and Onboard Debugger

The main FPGA used on the board is the GW1N-UV1P5QN48XF from GOWIN’s LittleBee series. It features 1584 logic units, 96 kilobits of block SRAM, and 256 kilobits of on-chip flash memory. The device includes two PLLs and six I/O banks, offering a total of 125 general-purpose I/O pins.

OnLogic Karbon 521 Rugged Industrial PC Powered by Intel Core Ultra

The Karbon 521 supports Intel Core Ultra 5 and Ultra 7 processors (Meteor Lake, Series 1) with TDP ratings of 28 W. Graphics output is handled by Intel Arc, supporting up to four simultaneous displays via DisplayPort 2.1 and Thunderbolt 4.

AAEON MIX-MTLD1 Delivers Intel Core Ultra and OOB Management to Mini-ITX

AAEON has released the MIX-MTLD1, a Mini-ITX motherboard featuring Intel Core Ultra processors, Intel Arc graphics, and an on-chip AI Boost NPU. Built on Intel’s multi-pillar die architecture, the design combines CPU, GPU, and NPU resources to accelerate inference workloads and expand deployment potential across AI-driven and edge applications.

DongshanPi Previews RK3576-Based SBC Targeted at Computer Vision

DongshanPi has shared early details about an upcoming SBC designed for AI and computer vision education. Based on the Rockchip RK3576, the DshanPi-A1 supports OpenCV and multimedia workloads through a software stack built around ArmbianOS (community-supported) and Rockchip’s media and inference libraries.

Tor Project blog

Arti 1.5.0 released:

Arti 1.5.0 continues development on important client features, including Counter Galois Onion encryption, Conflux, flow control and congestion control, and onion service proof of work. It also includes significant backend work for Arti relay support.

9to5Linux

DXVK 2.7.1 Brings Improvements for Team Fortress 2, Crysis 3, and Other Games

DXVK 2.7.1 is here almost two months after the major DXVK 2.7 release as a maintenance update that improves support for several video games, including Dead Space 2, DCS (Digital Combat Simulator) World, AquaNox 2: Revelation, Alone in the Dark, Comanche 4, Crysis 3, and Dungeon Siege 2.

LibreOffice 25.8.1 Office Suite Is Already Out with More Than 90 Bug Fixes

LibreOffice 25.8.1 is here only 9 days after the release of LibreOffice 25.8 and it contains fixes for various bugs, crashes, and other issues reported by users. In particular, it fixes a crash related to the NotebookBar UI option and several bugs related to opening documents in the MS Office proprietary format.

Armbian 25.8 Released with Support for Linux Kernel 6.16 and Debian Trixie

Armbian 25.8 is here about three months after Armbian 25.5 and introduces support for the latest and greatest Linux 6.16 kernel series, as well as support for new ARM boards, including the Mekotronics R58 HD, NanoPi R3S LTS, Radxa Cubie A5E, Orange Pi 5 Pro, Banana Pi R4, CAINIAO CNIoT-CORE, and KickPi K2B.

Fwupd 2.0.14 Adds Support for Framework QMK Devices, SteelSeries Arctis Nova 3P

Coming about five weeks after fwupd 2.0.13, the fwupd 2.0.14 release adds support for updating the firmware on more hardware, including the SteelSeries Arctis Nova 3P gaming headset, ILITEK touch controllers, Framework QMK devices, and Egis MoC devices.

Wireshark 4.4.9 Protocol Analyzer Released with Updated Protocols and Bug Fixes

Coming one and a half months after Wireshark 4.4.8, this release updates the support for several network protocols, including BACapp, LIN (Local Interconnect Network), MySQL, RDM (Remote Device Management), SABP (Service Area Broadcast Protocol), SCCP (Signalling Connection Control Part), sFlow (Sampled Flow), and SSH (Secure Shell).

OBS Studio 32.0 Enters Public Beta Testing with a Basic Plugin Manager

OBS Studio 32.0 promises several new features, including Voice Activity Detection (VAD) for NVIDIA RTX Audio Effects, which improves noise suppression for speech, Hybrid MOV support, a basic plugin manager, and chair removal option for NVIDIA RTX Background Removal, allowing the removal of chairs.

First Look at KDE’s Initial System Setup (KISS) Tool in KDE Plasma 6.5

Meet KDE Initial System Setup (or KISS for short), an initial system setup wizard mainly designed for OEM installation when you buy a laptop that ships with the KDE Plasma desktop environment. KISS will appear only after a new OEM system installation or when starting up a brand-new computer.

news

Microsoft Windows 11 Caches Exploitable Malware

posted by Roy Schestowitz on May 15, 2024

Fishtank PC builds

Reprinted with permission from Cybershow. Author: Helen Plews.

Figure 1: Tom's Hardware: Fishtank PC builds.

Malware is often thought of as a human interaction with a digital device that causes an infection such as a virus or worm. We assume a human used bad authentication, or the human clicked the bad link, the human downloaded the malware…

So if we have anti-virus and anti-phish educational campaigns we should be well protected right? What about the technical side of cybersecurity, where the hardware, network equipment, end device or software vulnerability is the cause?

This article will examine a case where an operating system is able to automatically open and store a phishing email attachment, leading to potential compromise. In this case Windows 11 has been caching attachments locally to provide synchronisation across devices with the Outlook Application. In many cases, it has cached exploitable malware. This is a growing issue brought to light by Windows 11 users and anti-virus providers, instead of the makers at Microsoft.

Dropper Investigation

I am a life-long gamer and from experimentation over the years, I know I have the best rig, a customisable gaming PC. It’s very nice hardware it looks stunning with rainbow glowing fans and it sounds like a mini jet engine, rendering most graphics on Ultra with a graphics card which is at most 2 years old. The only issue I have had with it is in the operating system, which of course for a big gamer is Windows 11 due to its age. After just two weeks of operation I was alerted to a dropper located in my Windows Appdata folder, it was not dropping any further viruses yet as it had been caught by my expensive AV - which is why it sounds like a jet engine due to the large use of CPU!!

Was it a false positive? Well I ran the offline scan myself as my machine took 8x longer to boot. It behaved as if rebooting after a major update. There were no updates carried out, which made me suspect something amiss.

The virus location was not new to me, it is an appdata folder present in Windows 10 and Windows 11 for Windows mail in particular it processes mail syncing across devices; the full path is:

C:\Users\’Username’\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\SO\

Now I have had viruses popping up here before, in fact it has been an ongoing problem since I adopted the Windows 11 operating system (OS) in 2022 on the household laptops. Since then, both of my son’s laptops have alerted me to droppers and Trojans in the same Appdata folder. I initially assumed my children were not so good with their cybersecurity (being aged 5 and 9 that makes sense). Maybe they had clicked an email notification. Maybe they had downloaded some Trojan in the style of a game from a requested and shoddy gaming store all parents know about, stealthy and all whilst under supervision. That was until my brand new gaming rig got one.

Examining the attack timeline of my gaming rig in detail showed that a phish had been ‘clicked’ from my Hotmail account which was logged in on my Outlook App, running in the background processes (not running in my taskbar) whilst I played some epic title the night before. This ‘click’ put an infected PDF invoice on my PC, and on boot the next day activated the dropper, slowing the machine right down - which gave me a clue.

Now let's be clear about how Microsoft works, as I understand it, and why this is a gripe serious enough to warrant its own blog post.

You must sign in online to a Microsoft account to access the PC at all times, then it creates session keys for all applications that come installed as standard with the OS. So, unless you take some drastic measures I will discuss in a moment, you will undoubtedly be running sessions of Windows apps in the background; Outlook, OneDrive, Teams, Xbox, Photos, Office, Store, the list is quite extensive.

Moving on, I look for the phish email I had. According to my AV "clicked on" log, I located the suspicious subject of the email. It was something akin to;

AMAZON ACCOUNT ###U$IIHknDBWON38383y4y29~~~

Now, you do not need to be a cybersecurity expert to tell that is a phish from the subject which was located using the now foreground Outlook app. And as expected, it was unread. It showed me that within a few minutes of receiving the unread email, the attached PDF invoice was added to the Windows Communication Appdata folder, which led to the dropper found by the offline scan.

It seemed that Outlook App was saving unread attachments to the appdata folder where the virus was located. Some of the located viruses over the past two years were found on multiple devices that used the same MS credentials which unless stated otherwise, auto sync application data. That is exactly what the

microsoft.windowscommunicationsapps_8wekyb3d8bbwe

folder is for. It contains both the application data for Windows apps like Outlook to run and sync as well as data obtained in the process. I synced between my children's laptops as my account was the administrator for the network, it kept them safer online. Or so I thought.

Vulnerability Research

So I start down the usual process of researching the vulnerability to find a permanent mitigation. I find nothing at first, no CVE, no reports. I do find some details on the MS community website like this one from "2020 Trojan Found and Deleted"… but it Returns (Trojan: HTML/Phish.AB!MSR) . It is here I see the same problem and I see a response from an expert.

“The trojan is an email attachment synced to your PC. Do you have some Hotmail or Microsoft email setup in an email client applications like Outlook?” - Independent Expert, MS Community, 2020

So I search all around this topic and I cannot find anything from Microsoft about this issue right away, but I do find many victims. Anti-Virus companies, affected users and experts alike are all drawing attention to this problem. Eventually, thanks to Reddit I find a similar experience from a commentor who managed to find the reported exploit listed by Microsoft. You can find many more threads on the issue on Reddit with a search.

“Looking into the report we have a "Exploit:O97M/CVE-2017-11882.AZA!MTB" match, which doesn't seem to be that ominous since it requires the file to be executed on a non-updated Office/WordPad, still it ain't something I'd like to find lying around because the app found it was a good thing to download it, without my consent.” - JVMTG, Reddit, 2023

It is a known software error marked as severe on their own security intelligence website, with 24 exploits under the O97M CVE. I’d like to say I have more details from Microsoft but I do not, instead they offer very little default cybersecurity steps, such as "remain up to date and don’t click a phish".

This does seem rather severe. It locally caches attachments from emails including those which have not been opened to the windowscommunicationsapps folder from the Outlook App. It will then auto sync the data in the folder to all devices using the same credentials in their Outlook App on their phones, laptops, desktops, anywhere the Outlook App runs.

The only step missing for a full compromise is that infected files are auto-run… a feature I feel sure Microsoft are working on at this exact moment!

Attacks are becoming more complex, in 2022 they were able to add the dropper, which very slowly downloaded a fairly rubbish Trojan, which was easily removed. Recently there were 74 password protected files and multiple Trojans appearing as game applications in the same appdata folder. These were located only weeks after a fresh OS install and could not be explained by known activities on the machine or entirely resolved by AV due to the encryption of the folders they were located in.

Impact

Take a moment to think about how many commercial users of the Outlook application have auto-sync enabled in daily use. All those using Office 365 who sync between devices on their smartphone, personal devices and company equipment, or amongst family member's tablets and laptops. You should be concerned. And then get mad as hell, because it seems Microsoft have created their own quite special service for propagating malware, one that's been ongoing since at least 2020.

I have wasted countless hours re-installing OS’s, searching files, reading reports and researching this issue to find my only salvation in Reddit. Reddit of all places! This looks like something Microsoft rather wanted to sweep under the rug.

If you sync with Outlook App between devices with the same MS account, you are vulnerable to this malware propagation. Microsoft insist users take advantage of auto-synced features across devices and use this as a clear marketing tool especially for commercial settings. It seems my trust in this feature was misplaced.

Mitigation And Loss of Trust

Some will say that this is "just a feature" of sync. I disagree because like so many Microsoft processes it feels out of control. It does not just synchonise expected user data. It inappropriately populates and copies undocumented files into system folders and, without any knowledge or intervention from the user, replicates them across devices.

The mitigation is you must live without synchronisation in Microsoft applications. So far it has worked 100%. Turning off sync across applications does work. This can be done during an OS install by refusing all sync options when prompted. You must also make sure it is off in the account settings for the user. This can be done from the settings panel when logged on to Windows. There are many guides available like this one from Process.st. Even with sync off, you can still access email and other services using the web applications, which will sync files and emails but will not store these to the local machine.

If like myself, you have lost trust in the applications themselves, removing windows apps entirely may be more fitting, this allows the folder

microsoft.windowscommunicationsapps_8wekyb3d8bbwe

to be deleted and does not appear, like a lurking background threat at a later date just in case you change your mind. My gaming rig has only one MS app remaining, Xbox and that is the way it will stay until the situation is openly discussed by MS and the vulnerability resolved. No more Appdata Phishes please.

In summary, no amount of phishing training will prevent a bad design in the operating system. Caching malware infected attachments to system folders and replicating them is bad design in my opinion. In this case, the operating system has been phished, not the human.

Other Recent Tux Machines' Posts

Wine 10.14
The Wine development release 10.14 is now available
Fwupd 2.0.14 Adds Support for Framework QMK Devices, SteelSeries Arctis Nova 3P
Fwupd 2.0.14 has been released today as the thirteenth maintenance update to the fwupd 2.0 series of this open-source Linux firmware update utility, adding support for more devices, new features, and bug fixes.
Armbian 25.8 Released with Support for Linux Kernel 6.16 and Debian Trixie
The Armbian team informs 9to5Linux today about the release of Armbian 25.8 as a significant update that enhances performance, security, and hardware compatibility for a variety of ARM-based single-board computers.
Energy-Wasting Ponzi Schemes Promoted by Misusing the Brand "Linux" and Word "Pi"
very bad, again
China unveils KylinOS V11 to enhance the nation’s OS ecosystem
On Tuesday, China Electronics’s subsidiary Kylin Software released KylinOS V11 at the 2025 China Operating System Industry Conference, marking the launch of the first commercial operating system in China built on Linux Kernel 6.6
CachyOS ISO Snapshot for August 2025 Introduces a New Package Dashboard
Arch Linux-based CachyOS distribution has a new ISO snapshot for August 2025 that brings the latest package updates from the Arch Linux repositories, as well as various other improvements.
OBS Studio 32.0 Enters Public Beta Testing with a Basic Plugin Manager
OBS Studio 32.0 has entered public beta testing today for this powerful, open-source, cross-platform, and free software for video recording and live streaming on Linux.
Sharing Food is Not a Crime, Sharing in General is a Good and Moral Thing [original]
What does this have to do with GNU/Linux and Free software? Well, Google has decided that the Linux-based Android will prohibit sharing and modifying programs
 
Free, Libre, and Open Source Software and Standards
programming and more
GNU/Linux Leftovers
Games, Pi, and more
System76’s COSMIC Desktop Hits Initial Setup Completion
Since late April, we haven’t really heard much about System76’s eagerly anticipated new desktop environment
Announcement of LibreOffice 25.8.1
LibreOffice 25.8.1, the first minor release of the free, volunteer-supported office suite for personal productivity in office environments
The Fourth Snapshot Release of Ubuntu 25.10 is Out!
Ubuntu 25.10 snapshot 4, the new monthly snapshot release of the next Ubuntu release
Radxa OS – Debian-based Linux distribution
Radxa OS, or Radxa, is an open source operating system developed by the Radxa team based on the Debian Linux distribution
This Week in Plasma: Saved clipboard items and tablet touch rings
This week saw huge improvements to the Plasma clipboard, KRunner, and drawing tablet support
DXVK 2.7.1 Brings Improvements for Team Fortress 2, Crysis 3, and Other Games
DXVK 2.7.1 was released today as the latest stable version for this Vulkan-based implementation of D3D9, D3D10, and D3D11 for Linux / Wine, bringing improvements for various games.
4 tricks to make migrating from Windows to Linux so much easier
So, as someone who recently made the jump from decades of Windows usage to Linux, here are some ways you can make the leap a lot easier for yourself
This updated Windows 11 clone is Linux underneath and makes your old PC run faster - get it now
Linuxfx mirrors the look and feel of Windows 10 and 11, right down to the Start menu, taskbar, control panel, and desktop icons
My top 6 productivity apps for Linux that are lesser known - but shouldn't be
Let me see if I can pique your interest in a few handy apps that might just make you a bit more productive
RefreshOS 2.5 mixes desktops but keeps Debian underneath
KDE-based distro that used so many non-KDE components in its default installation
MODICIA O.S. 6.12.41 rt — Codename Caravaggio
MODICIA O.S.: New Releases
Free, Libre, and Open Source Software Leftovers
FOSS leftovers
GNU/Linux Leftovers
GNU/Linux picks
BSD: zpool and NetBSD
some BSD picks
Programming Leftovers
Development leftovers
today's howtos
more howtos
Fedora and Red Hat
Red Hat leftovers
Open Hardware/Modding: Hackaday Podcast, Raspberry Pi, and More
Hardware leftovers
Security Leftovers and Windows TCO
Windows TCO and more
The Quiet Revolution: GNU/Linux Crosses 6% Desktop Market Share—And It’s Just the Beginning
GNU/Linux is rising!
Games: Vampire Survivors, RIG Riot, and More
8 Friday stories from GamingOnLinux
Invidious/YouTube Latest on GNU/Linux
Some recent videos
Today in Techrights
Some of the latest articles
Canonical and Microsoft Pay 'Linux' Foundation Money for Marketing SPAM and Fake (Paid-for) Articles, Videos
as usual
I tried daily-driving a privacy-focused portable Linux distro on a USB drive, and it worked surprisingly well
The Linux world is full of interesting projects
Rosenzweig Defects to Intel (Defective Chips Maket), Mesa 25.1.9 Released
Graphics picks
Windows 10 support shutdown offers window of opportunity for a Linux OS developed in Dublin – The Irish Times
Windows 10 will – with some exceptions – no longer be supported from October
7 Things I Wish I Knew Before Getting Into the Linux Terminal
Let’s be realistic: moving over to Linux can be daunting, so you’ll need as much help as you can get
It's Linux Time!
Some of them, no doubt, figured on buying — “upgrading” assumes facts not in evidence — Windows 11. The company last year began force-feeding Windows 10 users advertisements for the new product.
You don't need to wait for SteamOS to ditch Windows: I've been running Linux for the past 2 months and the revolution is already here
1v1 me in SuperTuxKart.
GNU/Linux and BSD Leftovers
Some daily leftovers
Security Leftovers
Security related picks
Free, Libre, and Open Source Software Leftovers
databases and more
Web Browsers Related News
3 picks for now
FreedomBox 2025-08-28 and Debian 13 Trixie
Some Debian releases/comments]
Programming Leftovers
Development related picks
Free Software Coverage in Linux Links
latest 4 pages
Games: Regata OS 25, Steam Games, and More
gaming related news/leftovers
Open Hardware/Modding: PureOS, Raspberry Pi, and More
hardware bits
KDE: Work on Merkuro (GSoC 2025) and Back in Action on Plasma (Mobile)
Some KDE news
today's howtos
many howtos for today
A Decade of Kubernetes and v1.34 Release
coverage has begun
DDoS Attacks Against Arch Linux
bad news again
FFmpeg 8.0 “Huffman” Released with AV1 Vulkan Encoder, VVC VA-API Decoding
FFmpeg 8.0 has been released today as a major update to this open-source multimedia framework that introduces numerous features, including new decoders, as well as various improvements.
LibreOffice 25.8.1 Office Suite Is Already Out with More Than 90 Bug Fixes
The Document Foundation announced today the general availability of LibreOffice 25.8.1 as the first maintenance update to the latest LibreOffice 25.8 office suite series with various bug fixes.
Games: Quartet, Bye Sweet Carole, and More
8 stories from GamingOnLinux
Away From Home, But Still Active [original]
It'll take another 4 weeks or so before returning to the normal pace
Today in Techrights
Some of the latest articles
Wireshark 4.4.9 Protocol Analyzer Released with Updated Protocols and Bug Fixes
Wireshark 4.4.9 has been released today as the ninth maintenance update to the latest Wireshark 4.4 stable series of this popular, open-source, free, and cross-platform network protocol analyzer software for Linux.
Omarchy, Free Software, and More
Some FOSS leftovers
Audiocasts/Shows: OpenWRT, FLOSS Weekly, and "Protecting Privacy in Your Brain"
3 new episodes
LibreOffice 25.8 in Numbers and One week to the LibreOffice Conference in Budapest
Some LibreOffice news
Applications: syslog-ng, Lists in Linux Links, Wayfire, and More
software leftovers
Mobile Systems: PINE64, Android, and More
mostly Linux related
Programming Leftovers
Development related news and posts
Security Leftovers
patches, incidents, and FUD
Games and Bottles in GNU/Linux
gaming leftovers
Open Hardware/Modding: Arduino, DongshanPi, Raspberry Pi, and Lots More
many hardware picks
Red Hat, RHEL, and CentOS Leftovers
mostly from Red Hat's site
OpenSUSE: Agama, OBS, and GSoC
OpenSUSE leftovers
Orphaned Linux drivers for floppy disks gets first patch of any significance in three years - cleanup effort implies floppies spared the axe for a few more years
Linux gets it first floppy disk driver patch in three years
today's howtos
Instructionals/Technical posts
Ubuntu Pro Minimal 22.04 LTS, Jetson Thor, New Software, and Promoting of Proprietary Software
Canonical/Ubuntu leftovers
These 5 lightweight operating systems can make any slow PC fast
If you've got an old PC that's painfully slow to use, the hardware takes only half the blame. Thankfully, there are lightweight OSes that can bring any slow PC back to life.
First Look at KDE’s Initial System Setup (KISS) Tool in KDE Plasma 6.5
With the upcoming KDE Plasma 6.5 desktop environment series, scheduled for release in late October 2025, the KDE Project will introduce a new tool called KDE Initial System Setup that makes it easier for users to set up their newly installed systems.
BSD: Release of GhostBSD 25.02 OpenBSD Home Network Setup
BSD news
Games: PEAK, No Man's Sky, Vintage Story, and More
GamingOnLinux's 11 latest
2,000 Days of Uptime [original]
Across 3 laptops
Free and Open Source Software
This is free and open source software
Today in Techrights
Some of the latest articles
Update on Holidays While Sites Hammered by Bots [original]
The Web is a very turbulent place these days
LWN Latest
a handful of articles outside paywall today
Lucky 13: a look at Debian trixie
Debian's stable releases are aptly named; the project prioritizes stability over shipping the latest software