Since October 14th, 2025, Microsoft has disabled previews in Windows File Explorer, for at least all downloaded files from the Internet and stored on network shares.1 Attackers could capture NTLM hashes simply by viewing the preview. I had to smile. It’s as if Microsoft had read my blog post “Why Every Windows AD Should Be Kept Offline” earlier this month,2 where I discussed exactly this kind of NTLM leakage. Read more

It was the early 2000s and I was sitting there with a massive brick from Microsoft Press.1 The proud price back then: 129 Deutsche Mark. I flipped through it and felt a déjà vu: I knew these pages! Not in terms of content, but the layout, the structure, the examples, even the icons in the side notes: These were the lost manuals of the 1990s! Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Read more

In a developer forum today I came across a Netcraft statistic that shows how meaningless Mirosoft has become with its IIS server, .aspx and .NET webservices.1 The largest loss in sites for a major vendor this month comes from Microsoft, which is down 2,866,173 sites (-9. Read more