0patch Archives

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Winsage

January 26, 2026

Microsoft said my Windows 10 PC no longer supported updates – but this software saved it

In early 2023, Microsoft announced the end of official support for Windows 10 by 2025, with regular updates and security patches ceasing on October 14, 2025. Users have options such as upgrading to Windows 11, switching to Linux, or subscribing to Microsoft's Extended Security Updates (ESU), which will end in October 2026. 0patch is a third-party service that provides micropatches for Windows 10, addressing specific vulnerabilities identified by security researchers. The service offers a free tier for zero-day patches and a paid Pro plan that includes legacy patches and post-End of Service updates. The free version should be used alongside Microsoft's ESU for comprehensive protection. 0patch plans to support Windows 10 until at least October 2030. The Pro plan is priced at approximately €35 annually, with a 30-day trial available. Users have reported some performance issues after installing patches, but the updates are lightweight and do not significantly affect system performance. Uninstallation is straightforward, and users can opt out at any time.

Winsage

January 20, 2026

I tried 0patch as a last resort for my Windows 10 PC – here’s how it compares to its promises

In early 2023, Microsoft announced that official support for Windows 10 will end on October 14, 2025, with Extended Security Updates (ESU) concluding in October 2026. 0patch offers a service providing micropatches for Windows 10, addressing specific vulnerabilities with an average of two to three micropatches released monthly. 0patch operates by quickly responding to newly discovered vulnerabilities, focusing on those that are publicly known, actively exploited, and not officially fixed by Microsoft. It has a free tier for critical vulnerabilities and a paid Pro plan that includes additional updates post-End of Service. Users have reported some performance issues, but the updates generally do not significantly impact system performance. 0patch plans to support Windows 10 until at least October 2030, with potential extensions based on demand. The Pro plan costs approximately per year, with a 30-day trial available, and an Enterprise plan for organizations is offered at around annually.

Winsage

January 16, 2026

Still on Windows 10? 0patch may be your best defense in the ‘End of Support era’

In early 2023, Microsoft announced that official support for Windows 10 would end in 2025, with regular updates and security patches ceasing on October 14, 2025. Users have a little over two years to transition to Windows 11 or other operating systems. Some users have enrolled in Microsoft's Extended Security Updates (ESU) program, which will also end in October 2026. A third-party service called 0patch offers ongoing protection for Windows 10 by providing micropatches for vulnerabilities. 0patch releases two to three micropatches each month, prioritizing vulnerabilities that are publicly known, actively exploited, and lack an official Microsoft fix. 0patch has a free version that provides critical zero-day patches and a paid Pro plan that includes legacy patches. The Pro plan costs €25 per year, while an Enterprise plan is available for €35 annually. 0patch plans to support Windows 10 until at least October 2030, depending on user demand. Users have reported some performance issues with 0patch, but the updates are lightweight and do not significantly affect system performance.

Winsage

January 3, 2026

5 Free Tools To Keep Your Windows 10 PC Secure Without Further Microsoft Support

Millions of users are unable to transition to Windows 11 due to stringent hardware requirements, leaving many Windows 10 PCs vulnerable to malware threats. Microsoft has introduced Extended Security Updates (ESU) for Windows 10 Home users, available for a year at a cost. Users can enhance their Windows 10 security with various tools: - 0patch: Micropatches vulnerabilities without requiring a restart, supported until 2030. The free version addresses zero-day vulnerabilities, while the pro version offers more comprehensive protection. - TinyWall: Simplifies firewall management using the Windows Filtering Platform, allowing users to control app connections without constant pop-ups. - Patch My PC Home Updater: Automates the updating of outdated applications to enhance security. - Sandboxie Plus: Allows users to run applications in an isolated environment to prevent changes from affecting the system. - Panda Dome Free: A free antivirus solution providing real-time protection against malware, with features like USB Protection and Process Monitor.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 5, 2025

Microsoft Silently Fixes 8-Year Windows Security Flaw

Microsoft addressed a critical vulnerability in Windows, identified as CVE-2025-9491, which had existed for nearly eight years and allowed cybercriminals to conceal malicious commands within .LNK (shortcut) files. This flaw was exploited by state-sponsored hacking groups from countries including China, Iran, North Korea, and Russia, with evidence of nearly 1,000 malicious shortcut files used in various campaigns. The vulnerability was initially downplayed by Microsoft, which stated it did not require immediate servicing. However, as exploitation increased, Microsoft eventually included a fix in its November 2025 Patch Tuesday updates, which was not publicly announced. The fix allows the entire Target command to be displayed in the Properties dialog, addressing the security risk. Research indicated that around 70% of campaigns exploiting this flaw were focused on espionage and information theft across multiple sectors.

Winsage

December 5, 2025

Microsoft Silently Activates Critical Windows Security Update

Microsoft has enhanced its Windows security measures by addressing the CVE-2025-9491 vulnerability, which has existed for nearly eight years and was exploited by state-sponsored groups for cyber espionage and data theft. The vulnerability was previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro. The November Patch Tuesday updates have fixed this issue, which was described as having been demoted from a vulnerability to a functional bug. The update modifies the Properties dialog of a .lnk file to display the entire Target command in a single line. Microsoft has not officially acknowledged the update but stated that it is continuously rolling out enhancements for security and user experience.

Winsage

December 3, 2025

Microsoft mitigates Windows LNK flaw exploited as zero-day

Microsoft has addressed a security vulnerability in Windows tracked as CVE-2025-9491, which allows malicious actors to embed harmful commands in Windows LNK files, requiring user interaction to exploit. Threat actors often distribute these files in ZIP formats to bypass email security. In March 2025, 11 hacking groups, including Evil Corp and Kimsuky, were actively exploiting this vulnerability using various malware payloads. Although Microsoft initially did not consider the issue urgent, it later modified the handling of LNK files in November updates to allow users to view the entire character string in the Target field. However, this change does not eliminate the malicious arguments embedded in the files. ACROS Security has released an unofficial patch that restricts shortcut target strings to 260 characters and alerts users about risks associated with long target strings, covering multiple Windows versions.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.