0patch Archives

Winsage

January 16, 2026

Still on Windows 10? 0patch may be your best defense in the ‘End of Support era’

In early 2023, Microsoft announced that official support for Windows 10 would end in 2025, with regular updates and security patches ceasing on October 14, 2025. Users have a little over two years to transition to Windows 11 or other operating systems. Some users have enrolled in Microsoft's Extended Security Updates (ESU) program, which will also end in October 2026. A third-party service called 0patch offers ongoing protection for Windows 10 by providing micropatches for vulnerabilities. 0patch releases two to three micropatches each month, prioritizing vulnerabilities that are publicly known, actively exploited, and lack an official Microsoft fix. 0patch has a free version that provides critical zero-day patches and a paid Pro plan that includes legacy patches. The Pro plan costs €25 per year, while an Enterprise plan is available for €35 annually. 0patch plans to support Windows 10 until at least October 2030, depending on user demand. Users have reported some performance issues with 0patch, but the updates are lightweight and do not significantly affect system performance.

Winsage

January 3, 2026

5 Free Tools To Keep Your Windows 10 PC Secure Without Further Microsoft Support

Millions of users are unable to transition to Windows 11 due to stringent hardware requirements, leaving many Windows 10 PCs vulnerable to malware threats. Microsoft has introduced Extended Security Updates (ESU) for Windows 10 Home users, available for a year at a cost. Users can enhance their Windows 10 security with various tools: - 0patch: Micropatches vulnerabilities without requiring a restart, supported until 2030. The free version addresses zero-day vulnerabilities, while the pro version offers more comprehensive protection. - TinyWall: Simplifies firewall management using the Windows Filtering Platform, allowing users to control app connections without constant pop-ups. - Patch My PC Home Updater: Automates the updating of outdated applications to enhance security. - Sandboxie Plus: Allows users to run applications in an isolated environment to prevent changes from affecting the system. - Panda Dome Free: A free antivirus solution providing real-time protection against malware, with features like USB Protection and Process Monitor.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 5, 2025

Microsoft Silently Fixes 8-Year Windows Security Flaw

Microsoft addressed a critical vulnerability in Windows, identified as CVE-2025-9491, which had existed for nearly eight years and allowed cybercriminals to conceal malicious commands within .LNK (shortcut) files. This flaw was exploited by state-sponsored hacking groups from countries including China, Iran, North Korea, and Russia, with evidence of nearly 1,000 malicious shortcut files used in various campaigns. The vulnerability was initially downplayed by Microsoft, which stated it did not require immediate servicing. However, as exploitation increased, Microsoft eventually included a fix in its November 2025 Patch Tuesday updates, which was not publicly announced. The fix allows the entire Target command to be displayed in the Properties dialog, addressing the security risk. Research indicated that around 70% of campaigns exploiting this flaw were focused on espionage and information theft across multiple sectors.

Winsage

December 5, 2025

Microsoft Silently Activates Critical Windows Security Update

Microsoft has enhanced its Windows security measures by addressing the CVE-2025-9491 vulnerability, which has existed for nearly eight years and was exploited by state-sponsored groups for cyber espionage and data theft. The vulnerability was previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro. The November Patch Tuesday updates have fixed this issue, which was described as having been demoted from a vulnerability to a functional bug. The update modifies the Properties dialog of a .lnk file to display the entire Target command in a single line. Microsoft has not officially acknowledged the update but stated that it is continuously rolling out enhancements for security and user experience.

Winsage

December 3, 2025

Microsoft mitigates Windows LNK flaw exploited as zero-day

Microsoft has addressed a security vulnerability in Windows tracked as CVE-2025-9491, which allows malicious actors to embed harmful commands in Windows LNK files, requiring user interaction to exploit. Threat actors often distribute these files in ZIP formats to bypass email security. In March 2025, 11 hacking groups, including Evil Corp and Kimsuky, were actively exploiting this vulnerability using various malware payloads. Although Microsoft initially did not consider the issue urgent, it later modified the handling of LNK files in November updates to allow users to view the entire character string in the Target field. However, this change does not eliminate the malicious arguments embedded in the files. ACROS Security has released an unofficial patch that restricts shortcut target strings to 260 characters and alerts users about risks associated with long target strings, covering multiple Windows versions.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.

Winsage

October 19, 2025

Windows 10 PC can’t be upgraded? You have 5 options – and must act now

Windows 10 reached its end-of-support date on October 14, 2025, concluding monthly security updates for over 1 billion PCs. Users with incompatible devices cannot upgrade to Windows 11 via Windows Update and are advised to purchase new hardware. Microsoft will offer Extended Security Updates (ESUs) for Windows 10 on a subscription basis for three years post end-of-support, with costs varying for consumers, educational institutions, and businesses. Users can also consider buying new PCs, renting a virtual PC through Windows 365, upgrading incompatible hardware to Windows 11 using specific methods, switching to a Linux distribution or ChromeOS Flex, or continuing to use Windows 10 without support, which poses security risks.

Winsage

October 10, 2025

Can’t upgrade your Windows 10 PC? You have 5 days left

Windows 10 will reach the end of support on October 14, 2025, with no extensions or changes to hardware requirements. Users have several options: 1. Microsoft offers Extended Security Updates (ESUs) for Windows 10 on a subscription basis for up to three years, with varying costs based on user type. 2. Users can purchase new PCs or rent a virtual PC through Windows 365, which includes extended security updates. 3. There are methods to bypass compatibility restrictions to upgrade incompatible hardware to Windows 11, though this may carry risks. 4. Users can switch to alternative operating systems like Linux or ChromeOS Flex, which may be suitable for older hardware but may not support specific Windows software. 5. Continuing to use an unsupported operating system poses security risks, and while some may use third-party antivirus solutions, this approach is not advisable for business-critical systems.

Winsage

October 8, 2025

Can’t upgrade your Windows 10 PC? You have 1 week left

The end-of-support date for Windows 10 is October 14, 2025. Microsoft will not extend support or change hardware requirements. Users can sign up for Extended Security Updates (ESUs) for an additional year after the end-of-support date, with costs varying for consumers, educational institutions, and businesses. Users are encouraged to buy new PCs or rent virtual PCs through Windows 365. There are methods to bypass compatibility checks for Windows 11 on existing machines, but this may void warranties. Users can also switch to Linux or ChromeOS Flex, though this requires technical expertise. Continuing to use an unsupported operating system poses security risks, and while third-party solutions exist, they are not recommended for critical systems. After the end-of-support date, all editions of Windows 10 will no longer receive technical support or security updates.