diff --git a/ChangeLog.txt b/ChangeLog.txt
index 1f164356..bc02a03b 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,4 +1,4 @@
-o Version 3.22 (2022.03.25)
+o Version 3.22 (2023.03.25)
     Add SHA-1 and SHA-256 x86 acceleration on CPUs that support it (courtesy of Jeffrey Walton)
     Add an option to disable BitLocker device encryption in the Windows User Experience dialog
     Add a cheat mode (Ctrl-P) to preserve the log between sessions
diff --git a/configure b/configure
index 6b268e4e..0146579e 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for rufus 3.22.
+# Generated by GNU Autoconf 2.71 for rufus 3.23.
 #
 # Report bugs to <https://github.com/pbatard/rufus/issues>.
 #
@@ -611,8 +611,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='rufus'
 PACKAGE_TARNAME='rufus'
-PACKAGE_VERSION='3.22'
-PACKAGE_STRING='rufus 3.22'
+PACKAGE_VERSION='3.23'
+PACKAGE_STRING='rufus 3.23'
 PACKAGE_BUGREPORT='https://github.com/pbatard/rufus/issues'
 PACKAGE_URL='https://rufus.ie'
 
@@ -1269,7 +1269,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures rufus 3.22 to adapt to many kinds of systems.
+\`configure' configures rufus 3.23 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1336,7 +1336,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of rufus 3.22:";;
+     short | recursive ) echo "Configuration of rufus 3.23:";;
    esac
   cat <<\_ACEOF
 
@@ -1428,7 +1428,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-rufus configure 3.22
+rufus configure 3.23
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1504,7 +1504,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by rufus $as_me 3.22, which was
+It was created by rufus $as_me 3.23, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -1790,9 +1790,7 @@ struct stat;
 /* Most of the following tests are stolen from RCS 5.7 src/conf.sh.  */
 struct buf { int x; };
 struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
-     char **p;
-     int i;
+static char *e (char **p, int i)
 {
   return p[i];
 }
@@ -1843,6 +1841,7 @@ extern int puts (const char *);
 extern int printf (const char *, ...);
 extern int dprintf (int, const char *, ...);
 extern void *malloc (size_t);
+extern void free (void *);
 
 // Check varargs macros.  These examples are taken from C99 6.10.3.5.
 // dprintf is used instead of fprintf to avoid needing to declare
@@ -2768,7 +2767,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='rufus'
- VERSION='3.22'
+ VERSION='3.23'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -5310,7 +5309,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by rufus $as_me 3.22, which was
+This file was extended by rufus $as_me 3.23, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5366,7 +5365,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-rufus config.status 3.22
+rufus config.status 3.23
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 6cd2ef6b..e97a54bf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([rufus], [3.22], [https://github.com/pbatard/rufus/issues], [rufus], [https://rufus.ie])
+AC_INIT([rufus], [3.23], [https://github.com/pbatard/rufus/issues], [rufus], [https://rufus.ie])
 AM_INIT_AUTOMAKE([-Wno-portability foreign no-dist no-dependencies])
 AC_CONFIG_SRCDIR([src/rufus.c])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/src/dev.c b/src/dev.c
index 156f9e07..ed8f04f1 100644
--- a/src/dev.c
+++ b/src/dev.c
@@ -103,24 +103,22 @@ static BOOL GetUSBProperties(char* parent_path, char* device_id, usb_device_prop
 		r = TRUE;
 	}
 
-	// In their great wisdom, Microsoft decided to BREAK the USB speed report between Windows 7 and Windows 8
-	if (nWindowsVersion >= WINDOWS_8) {
-		size = sizeof(conn_info_v2);
-		memset(&conn_info_v2, 0, size);
-		conn_info_v2.ConnectionIndex = (ULONG)props->port;
-		conn_info_v2.Length = size;
-		conn_info_v2.SupportedUsbProtocols.Usb300 = 1;
-		if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX_V2, &conn_info_v2, size, &conn_info_v2, size, &size, NULL)) {
-			uprintf("Could not get node connection information (V2) for device '%s': %s", device_id, WindowsErrorString());
-		} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedPlusOrHigher) {
-			props->speed = USB_SPEED_SUPER_PLUS;
-		} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedOrHigher) {
-			props->speed = USB_SPEED_SUPER;
-		} else if (conn_info_v2.Flags.DeviceIsSuperSpeedPlusCapableOrHigher) {
-			props->lower_speed = 2;
-		} else if (conn_info_v2.Flags.DeviceIsSuperSpeedCapableOrHigher) {
-			props->lower_speed = 1;
-		}
+	// The USB speed report of modern Windows is a complete mess
+	size = sizeof(conn_info_v2);
+	memset(&conn_info_v2, 0, size);
+	conn_info_v2.ConnectionIndex = (ULONG)props->port;
+	conn_info_v2.Length = size;
+	conn_info_v2.SupportedUsbProtocols.Usb300 = 1;
+	if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX_V2, &conn_info_v2, size, &conn_info_v2, size, &size, NULL)) {
+		uprintf("Could not get node connection information (V2) for device '%s': %s", device_id, WindowsErrorString());
+	} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedPlusOrHigher) {
+		props->speed = USB_SPEED_SUPER_PLUS;
+	} else if (conn_info_v2.Flags.DeviceIsOperatingAtSuperSpeedOrHigher) {
+		props->speed = USB_SPEED_SUPER;
+	} else if (conn_info_v2.Flags.DeviceIsSuperSpeedPlusCapableOrHigher) {
+		props->lower_speed = 2;
+	} else if (conn_info_v2.Flags.DeviceIsSuperSpeedCapableOrHigher) {
+		props->lower_speed = 1;
 	}
 
 out:
diff --git a/src/pki.c b/src/pki.c
index 9eb77dd7..5ce16f68 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -1,7 +1,7 @@
 /*
  * Rufus: The Reliable USB Formatting Utility
  * PKI functions (code signing, etc.)
- * Copyright © 2015-2022 Pete Batard <pete@akeo.ie>
+ * Copyright © 2015-2023 Pete Batard <pete@akeo.ie>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -539,14 +539,15 @@ uint64_t GetSignatureTimeStamp(const char* path)
 	timestamp = GetRFC3161TimeStamp(pSignerInfo);
 	if (timestamp)
 		uprintf("Note: '%s' has timestamp %s", (path==NULL)?mpath:path, TimestampToHumanReadable(timestamp));
-	// Because we are currently using both SHA-1 and SHA-256 signatures, we are in the very specific
-	// situation that Windows may say our executable passes Authenticode validation on Windows 7 or
-	// later (which includes timestamp validation) even if the SHA-1 signature or timestamps have
-	// been altered.
-	// This means that, if we don't also check the nested SHA-256 signature timestamp, an attacker
-	// could alter the SHA-1 one (which is the one we use by default for chronology validation) and
+	// Because we were using both SHA-1 and SHA-256 signatures during the SHA-256 transition, we were
+	// in the very specific situation where Windows could say that our executable passed Authenticode
+	// validation even if the SHA-1 signature or timestamps had been altered.
+	// This means that, unless we also check the nested signature timestamp, an attacker could alter
+	// the most vulnerable signature (which may also be the one used for chronology validation) and
 	// trick us into using an invalid timestamp value. To prevent this, we validate that, if we have
 	// both a regular and nested timestamp, they are within 60 seconds of each other.
+	// Even as we are no longer dual signing with two versions of SHA, we keep the code in case a
+	// major SHA-256 vulnerability is found and we have to go through a dual SHA again.
 	nested_timestamp = GetNestedRFC3161TimeStamp(pSignerInfo);
 	if (nested_timestamp)
 		uprintf("Note: '%s' has nested timestamp %s", (path==NULL)?mpath:path, TimestampToHumanReadable(nested_timestamp));
diff --git a/src/process.c b/src/process.c
index b5e91abc..c58be973 100644
--- a/src/process.c
+++ b/src/process.c
@@ -610,7 +610,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
 		if (!bGotCmdLine)
 			bGotCmdLine = (GetModuleFileNameExU(processHandle, 0, cmdline, MAX_PATH - 1) != 0);
 
-		// The above may not work on Windows 7, so try QueryFullProcessImageName (Vista or later)
+		// The above may not work on all Windows version, so fall back to QueryFullProcessImageName
 		if (!bGotCmdLine) {
 			bGotCmdLine = (QueryFullProcessImageNameW(processHandle, 0, wexe_path, &size) != FALSE);
 			if (bGotCmdLine)
diff --git a/src/rufus.c b/src/rufus.c
index c77e4fa1..cc0f365b 100755
--- a/src/rufus.c
+++ b/src/rufus.c
@@ -3325,7 +3325,7 @@ FARPROC WINAPI dllDelayLoadHook(unsigned dliNotify, PDelayLoadInfo pdli)
 {
 	if (dliNotify == dliNotePreLoadLibrary) {
 		// Windows 7 without KB2533623 does not support the LOAD_LIBRARY_SEARCH_SYSTEM32 flag.
-		// That is is OK, because the delay load handler will interrupt the NULL return value
+		// That is OK, because the delay load handler will interrupt the NULL return value
 		// to mean that it should perform a normal LoadLibrary.
 		return (FARPROC)LoadLibraryExA(pdli->szDll, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
 	}
@@ -3685,8 +3685,7 @@ skip_args_processing:
 		nWindowsVersion = forced_windows_version;
 
 	// ...and nothing of value was lost
-	// TODO: Set to <= for 3.23
-	if (nWindowsVersion < WINDOWS_7) {
+	if (nWindowsVersion <= WINDOWS_7) {
 		// Load the translation before we print the error
 		get_loc_data_file(loc_file, selected_locale);
 		right_to_left_mode = ((selected_locale->ctrl_id) & LOC_RIGHT_TO_LEFT);
diff --git a/src/rufus.rc b/src/rufus.rc
index 2f1a5087..5f0e5e72 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.22.2009"
+CAPTION "Rufus 3.23.2010"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -392,8 +392,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,22,2009,0
- PRODUCTVERSION 3,22,2009,0
+ FILEVERSION 3,23,2010,0
+ PRODUCTVERSION 3,23,2010,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -411,13 +411,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.22.2009"
+            VALUE "FileVersion", "3.23.2010"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
-            VALUE "OriginalFilename", "rufus-3.22.exe"
+            VALUE "OriginalFilename", "rufus-3.23.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.22.2009"
+            VALUE "ProductVersion", "3.23.2010"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/src/stdlg.c b/src/stdlg.c
index 53a3ab39..234cd7eb 100644
--- a/src/stdlg.c
+++ b/src/stdlg.c
@@ -1351,7 +1351,7 @@ LONG GetEntryWidth(HWND hDropDown, const char *entry)
 }
 
 /*
- * Windows 7 taskbar icon handling (progress bar overlay, etc)
+ * Windows taskbar icon handling (progress bar overlay, etc)
  */
 static ITaskbarList3* ptbl = NULL;
 
diff --git a/src/vhd.c b/src/vhd.c
index 9f8b5aab..f0310813 100644
--- a/src/vhd.c
+++ b/src/vhd.c
@@ -636,7 +636,7 @@ char* GetExistingMountPoint(const char* image, int index)
 	return (path[0] == 0) ? NULL: path;
 }
 
-// Extract a file from a WIM image using wimgapi.dll (Windows 7 or later)
+// Extract a file from a WIM image using wimgapi.dll
 // NB: if you want progress from a WIM callback, you must run the WIM API call in its own thread
 // (which we don't do here) as it won't work otherwise. Thanks go to Erwan for figuring this out!
 BOOL WimExtractFile_API(const char* image, int index, const char* src, const char* dst, BOOL bSilent)
@@ -857,7 +857,7 @@ out:
 	return r;
 }
 
-// Apply a WIM image using wimgapi.dll (Windows 7 or later)
+// Apply a WIM image using wimgapi.dll
 // https://docs.microsoft.com/en-us/previous-versions/msdn10/dd851944(v=msdn.10)
 // To get progress, we must run this call within its own thread
 static DWORD WINAPI WimApplyImageThread(LPVOID param)