This is the second installment of the Defender’s Guide series. In keeping with the theme, we are discussing Windows Services, the underlying technology, common attack vectors, and methods of securing/monitoring them. Services are an important part of the Windows operating system, allowing the control and configuration of long-running processes essential to keeping the OS functional. This also allows services to be a common vector of escalation and persistence by attackers. Some services (especially custom services) run with high privilege levels, and are set to restart themselves on boot. This is a slam dunk for the enterprising attacker looking to gain a foothold in an environment.
Everything you ever wanted to know about services in Windows, particularly as it relates to security.
Windows is really broken. Almost no old software works any more with update 19025.2469. No matter if you have the steam of origin library up to date. And to make it worse is that no games on gog that relies on gdi works. anymore.
I do get that microsoft want to remove “cruft! but hey, please removing woking sollutions. ist not one of them.
I have options for most in linux and old windows programs works fine in that envionment, and it plays red alert 2 without fixes.
Anyone who unfortunately has to use windows 11 and products that use SQL backends also has issues with all versions of windows 11. A a workaround to get all versions of SQL working is here https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/database-file-operations/troubleshoot-os-4kb-disk-sector-size.
All of our currently supported industrial software requires this. I understand Microsoft considers this an improvement and I understand the logic of taking the actual sector size reported by the NVMe rather then an emulated one, but they could at least update their supported SQL versions to function properly with it.
kepta,
This is the first time I hear about windows sector sizes that are larger than 4k.
I can see why this would cause a problem. I realize this is just a windows reporting bug, the real minimum allocation size is smaller than windows 11 drivers are reporting. What microsoft should have done was to add a new disk property rather than try to repurpose the old one, since they’d inevitably create bugs like this. In any case though, with these ever increasing allocation units, I have to wonder what the best practice is for storing database records where the record data is much smaller than the disk allocation unit? On the one hand you want to maximize performance by using the OS & disk native allocation units, but at 8K and 16K we might be looking at a large number of mostly empty sectors. 512B and 4kB sectors were reasonably balanced, but larger sectors seem very space inefficient without storing more data per sector at the expense of performance. I’m wondering if anyone here has studied this in detail?