Some Windows PC owners woke up earlier this week to find their computers suddenly receiving spam messages from Windows Defender warning them about a new “HackTool” called WinRing0. While these warnings are certainly concerning, chances are your computer isn’t actually under attack—at least not yet. But that doesn’t mean you should ignore the warnings.
Why WinRing0 started activating Windows Defender
The problem with random alerts like this is that it's not always clear what the threat is or why Defender considers it a threat. In the case of WinRing0, it's because an exploit in that kernel-level software has previously been linked to dangerous malware (as BleepingComputer reported).
Having kernel-level access essentially means that WinRing0 has access to core components and resources of the operating system. That's a dangerous gamble if the software can be exploited in some way, and it appears that WinRing0 has become the primary driver behind how the SteelFox malware operates and gains access to infected systems.
Even if you've taken the effort to harden your Windows PC's security with Defender, malware like SteelFox can still use the vulnerability found in WinRing0 to bypass your protections.
Another big problem with software like WinRing0 is that it tends to find its way into a lot of different software. That’s the case with this latest Windows Defender warning, which The Verge reports is part of a number of widely used PC fan control apps, including Fan Control, which was mentioned a few years ago.
Windows Defender also seems to trigger the warning if you have other third-party monitoring software installed, including Libre Hardware Monitor, MSI Afterburner , SteelSeries Engine, Razer Synapse, OmenMon, etc.
This is not surprising.
The overall impact of this on monitoring software like Afterburner and Fan Control is clear. Unless Microsoft provides some way for these apps to access these low-level permissions in the future, you’re taking a huge security risk by installing and using any of them.
The move isn’t entirely unexpected, however. Last year’s massive CrowdStrike breach had dire consequences for many companies, including some in the healthcare industry. Since then, Microsoft has been under a lot of pressure to close security holes that shouldn’t exist, like the one WinRing0 used to gain kernel-level access.
It’s unclear why it took Microsoft so long to address WinRing0. That doesn’t mean that software that uses it is completely useless, though. You can still use it if you want. But you’re likely putting your system at risk by doing so.
Unfortunately, there is a workaround, but it’s unlikely to work. According to comments on GitHub, the vulnerability found in WinRing0 has been patched. However, getting it approved and signed by Microsoft is unlikely, as the open source community behind it doesn’t believe they have the resources to get Microsoft to sign the latest version. And without Microsoft’s signature, you won’t be able to install it on your Windows system.
The only other alternative is for each of these application developers to create their own software to access kernel-level permissions. But that is an expensive endeavor that many of them cannot afford. Even if they did, it would likely result in additional costs for users of their software through software purchases.
If you use any of the monitoring software mentioned above, or if you notice Windows Defender warning you about WinRing0 on your system, then there’s probably nothing to worry about at the moment. However, it’s always better to be safe than sorry, especially when it comes to software with kernel-level access like this.
Recently, clues that Microsoft will likely "follow the path" of Apple in the field of artificial intelligence have gradually been revealed.
Windows Photo Viewer was first released alongside Windows XP and has quickly become one of the most frequently used tools on Windows.
In many cases, it is usually due to virus attacks that the hidden folders of the system cannot be displayed even after activating the “Show hidden files and folders” option in Folder Options. Some of the following methods will help to handle this problem.
One of the world's most popular VPN services - ExpressVPN - has officially launched an app version for Windows PCs running on ARM-based processors.
Did you know Microsoft is celebrating its 50th birthday this week?
Microsoft releases new Fluid Textures desktop wallpaper collection
If you asked five Windows users to explain what Vista's Digital Rights Management (DRM) is, you'd probably get five different answers. But there's one thing that's important.
Windows 11 is expected to receive two notable major updates this year.
Microsoft has officially announced a very useful new feature for Word users, allowing for easier processing of long documents with the help of AI.
Let's learn with WebTech360 how to check your computer's CPU temperature in the article below!
Back in late November 2024, Microsoft announced Edge Game Assist—a new feature that makes it easier to browse the internet while playing games on your computer.
With the default wallpapers on Windows sometimes make us bored. So instead of using those default wallpapers, refresh and change them to bring newness to work and affirm your own personality through the wallpaper of this computer.
Microsoft recently raised the price of its Microsoft 365 subscription, justifying the change by adding more AI experiences to the service.
At the Qualcomm Snapdragon Summit on October 22, Microsoft announced a series of improvements coming to Windows PCs that will improve the overall experience for musicians, music producers, and other audio professionals.
In this series of articles we will introduce you to how to customize the default user profile in Windows 7.
Screensaver - computer screensaver, which is automatically activated when the computer is not used for a certain period of time. Here are 23 beautiful screensavers for Windows.
The latest change being tested solves one of the most annoying things with Windows 11's Start menu, and hopefully it will actually make it to release.
When you can't open, edit, or delete a file in Windows File Explorer, the file is still open in a program running in the background or something isn't closing properly.
If you regularly use multiple monitor setups, FancyZones can be a game changer. This Windows PowerToys utility allows you to completely customize your monitor layout.
Google Authenticator can be useful, but it's frustrating that Google hasn't made an official desktop app yet. However, you can use Google Authenticator on your Windows PC through other means. Let's explore how you can use Google Authenticator on your PC.
Many people have encountered the problem of network adapter disappearing from Device Manager or receiving a missing network adapter message. This article will guide you on how to fix the missing network adapter driver problem on Windows 10.
In Windows 11, the taskbar takes up only a small portion of the display space at the bottom of the screen.
Recently, clues that Microsoft will likely "follow the path" of Apple in the field of artificial intelligence have gradually been revealed.
Creating a bootable USB to install Windows is becoming more and more popular, there are many software that help create a bootable USB with just a few clicks. But if you are familiar with Command Prompt, you can use this tool to create a bootable USB without installing additional software.
Microsoft is killing off its free rich text editor WordPad at the end of 2023 in an effort to transition users to premium Office apps.
This guide shows the best tools for taking long, scrolling screenshots in Windows 11 and Windows 10.
Windows Photo Viewer was first released alongside Windows XP and has quickly become one of the most frequently used tools on Windows.
The latest previews of Windows 11 that Microsoft released this week include an improved About section in the Settings app, where users can get more information about the hardware inside their computer.
To address common issues faced by PC gamers, Microsoft has finally made the Windows operating system easier to navigate with an Xbox controller.
In its new UEFI support document, AMD states that Radeon GPUs from the 9000 series onwards will only officially support UEFI mode.
