我的學習手記 A technical geek blog

Wednesday, December 3, 2025

Update ADFS certificate after Microsoft deprecation of Azure AD and MSOnline PowerShell (Connect-MsolService) and retirement is on July 1, 2025.

Solution:

1. (AAD Server) Microsoft Entra Connect Sync --> (Need to use the cert.pfx file)

2. Welcome --> Configure --> Manage federation --> Manage certificates --> Update SSL certificate

3. restart ADFS Service

Remark: You still need to go to ADFS proxy to use Powershell to update the SSL cert on the proxy server after the above step to upload the public cert to Azure.

A website help you to search for Known Exploited Vulnerabilities (KEV)

https://www.k-solveglobal.ai/KEV

Purpose: The portal helps organizations focus their patching efforts on vulnerabilities that are actively being exploited by threat actors in the wild, which are considered the most urgent threats.

Source of Data: The portal dynamically integrates with the official CISA KEV Catalog via data feeds (CSV/JSON).

Functionality: Users can monitor live KEV updates, identify threats relevant to their specific systems, and generate reports filtered by vendor or CVE (Common Vulnerabilities and Exposures) to streamline their vulnerability management process.

Windows Insider

Time flying, 11 years ago.

Wednesday, November 5, 2025

How to bypass proxy for Microsoft Update via Pac file

// Bypass for Microsoft Update domains

if ( shExpMatch(host, "download.microsoft.com") || shExpMatch(host, "ntservicepack.microsoft.com") || shExpMatch(host, "cdm.microsoft.com") || shExpMatch(host, "wustat.windows.com") || shExpMatch(host, "windowsupdate.microsoft.com") || dnsDomainIs(host, ".windowsupdate.microsoft.com") || shExpMatch(host, "update.microsoft.com") || dnsDomainIs(host, ".update.microsoft.com") || dnsDomainIs(host, ".windowsupdate.com") || dnsDomainIs(host, ".windowsupdate.microsoft.com") || dnsDomainIs(host, ".download.windowsupdate.com") || dnsDomainIs(host, ".prod.do.dsp.mp.microsoft.com") || dnsDomainIs(host, ".dl.delivery.mp.microsoft.com") || dnsDomainIs(host, ".delivery.mp.microsoft.com") || dnsDomainIs(host, "tsfe.trafficshaping.dsp.mp.microsoft.com") || dnsDomainIs(host, "ctldl.windowsupdate.com") ) return "DIRECT";

Windows 11 24H2 (OS Build 26100.6901) Wifi issue on Lenovo T14s

The Wifi card will be missing (Disappear) when you switch from wired network to wifi

The problematic driver is Qualcomm FastConnect 6900 Wi0Fi 6E 2.0.0.1292

Solution: Upgrade to Microsoft Update Driver - 2.0.0.1308

Qualcomm Communications Inc. - Net - 2.0.0.1308 816d017f-d000-4277-b198-64f07f87fff9_9bf8ff15ef3ecdb207279ff6d350bf8abaeb34df.cab (SHA1: m/j/Fe8+zbIHJ5/201C/irrrNN8=) (SHA256: j4LduWL7jAobpBd4JIzDohsJYp0UPwHuADr34WWVYQA=)

https://www.catalog.update.microsoft.com/Search.aspx?q=Qualcomm%20FastConnect%206900

Monday, October 27, 2025

Windows 10 using HardeningKitty to harden it

When you click Windows update on Windows 10 you will receive the following message:

As a short term solution for end of support Windows 10, using HardeningKitty to harden it will reduce the risk.

Reference:

https://www.youtube.com/watch?v=SoceWcFh4z0

Windows 10 end of support - Some option for home users who cannot upgrade to Windows 11

After Windows 10 reached its end of support on October 14, 2025, millions of older PCs that cannot upgrade to Windows 11 have become vulnerable unless users take prompt action. Below is a structured summary addressing the three areas you requested: support status, security risks, and user recommendations.

1. End of Support Summary

Microsoft officially ended all updates, including **security patches, bug fixes, and technical assistance**, for Windows 10 on **October 14, 2025**. While Windows 10 will continue to function, unsupported devices are no longer protected against new vulnerabilities. For organizations or users needing extra time, Microsoft offers **Extended Security Updates (ESU)** through October 2026 for a paid extension—mainly serving as a temporary bridge rather than a long-term fix.

2. Security Risks of Unsupported Systems

Running an unsupported operating system poses several hidden dangers:

- **Unpatched vulnerabilities** become permanent entry points for malware and ransomware attackers. Cybercriminals actively target such systems using automated scanning tools.

- **Higher breach rates** are observed—studies show outdated systems are about three times as likely to suffer data breaches.

In short, continuing to use Windows 10 exposes home users to significant cybersecurity and privacy threats, even if the system appears to run normally.

3. Recommendations for Home Users Without New Hardware

**Option A: Migrate to a Linux Distribution**

For users who cannot or do not want to buy a new computer:

- Consider **Lubuntu** or **Deepin**, which are lightweight, stable, and easier for beginners. I installed Lubuntu on my X61 which is 4GB RAM, 64GB SSD for many years which is running well and Deepin on several old hardware e.g. X230, X240 and DELL 5400.

- Linux offers reliable **long-term support and free security updates**, making it suitable for web browsing, office work, and basic computing.

**Option B: Temporary Hardening of Existing Windows 10**

If migration is not immediately possible:

- Enroll in **Microsoft’s ESU program** for one more year of critical security updates.

- Implement **CIS (Center for Internet Security) hardening benchmarks** using automated tools or scripts such as **CIS-CAT Lite** or community **HardeningKitty**, which adjust registry policies, disable risky services, and enforce strong authentication.

- Use **regular offline backups**, **browser isolation**, and a **reputable endpoint security suite** to add layered protection.

Closing Advice:

Unsupported Windows systems are prime targets for modern cyberthreats. Users should either migrate to a maintained platform (e.g. Linux) or apply stringent CIS-based Windows hardening as a short-term safeguard. Long-term reliance on Windows 10 without updates is not recommended for security or privacy reasons.

Pages