Active Directory Archives

Winsage

November 25, 2025

Microsoft to remove WINS support after Windows Server 2025

Microsoft will remove the Windows Internet Name Service (WINS) from all future Windows Server releases after November 2034. WINS was officially deprecated with Windows Server 2022 in August 2021, and Windows Server 2025 will be the last version to support it. Standard support for WINS will continue until November 2034. Organizations are encouraged to migrate to DNS-based name resolution solutions before this deadline. The removal will include the WINS server role, management console snap-in, automation APIs, and related interfaces. Microsoft recommends auditing services dependent on NetBIOS name resolution and migrating to DNS solutions. Static host files are not advised as a workaround. Organizations should begin migration planning to avoid operational disruptions.

Winsage

November 24, 2025

Microsoft Retires WINS in Windows Server 2025

Microsoft has officially retired the Windows Internet Name Service (WINS) as part of the transition to modern DNS-based solutions. WINS, which resolved NetBIOS names to IP addresses, is being phased out due to its outdated nature and security vulnerabilities. It was deprecated with the release of Windows Server 2022 and will be completely removed in future releases, although support will continue until November 2034. Organizations are encouraged to transition to DNS and identify systems relying on WINS for name resolution. They should implement features like conditional forwarders and update or retire legacy applications that depend on WINS.

Winsage

November 24, 2025

How to get free Windows 10 security patches on your PC – from now to October 2026

Windows updates will roll out automatically on November 11. Official support for Windows 10 has ended, meaning PCs with default settings will no longer receive monthly security updates. Microsoft has introduced Extended Security Updates (ESU) for Windows 10, allowing users to receive security updates until October 2026. Any personal Windows 10 PC running version 22H2 can access free ESU subscriptions, excluding Enterprise and Education editions. Enrollment requires a Microsoft account and is available for up to 10 PCs. In Europe, customers in the EEA qualify for free ESU subscriptions without needing a Microsoft account. Enterprise customers will incur higher costs for commercial ESU subscriptions. Users must ensure they meet eligibility requirements to see the ESU offer.

Winsage

November 17, 2025

You can still get free Windows 10 security patches – here’s how until October 2026

This month's Windows updates will roll out automatically on Patch Tuesday, November 11. Official support for Windows 10 has concluded, meaning PCs running this operating system with default settings will no longer receive essential monthly security updates from Microsoft. Microsoft has introduced options for users to continue receiving critical security updates until October 2026. The Extended Security Updates (ESU) for Windows 10 consumer PCs are available for free enrollment, particularly for those who do not qualify for a free Windows 11 upgrade. ESU coverage begins immediately and extends through October 13, 2026, for personal devices. Users must sign in with a Microsoft account to activate the subscription, which can be applied to up to ten PCs. The ESU subscription is available for personal Windows 10 PCs running version 22H2, excluding Enterprise and Education editions. Users in Europe qualify for free ESU subscriptions without needing a Microsoft account. Enrollment can be initiated through the Settings menu under Windows Update. Enterprise customers are not eligible for free ESU options and must pay a fee starting at per device per year. If the ESU offer does not appear, users should ensure all requirements are met, including the installation of the latest updates for Windows 10, version 22H2. Users should be cautious of the default 5GB storage limit on OneDrive when syncing settings to the cloud.

Tech Optimizer

November 13, 2025

Emotet: The horse returns to a gallop more dangerous than ever

Emotet is a Trojan Horse malware that emerged in 2014, impacting over 1.6 million devices and originally designed to steal banking credentials. Developed by the MealyBug criminal organization, it evolved into a modular Trojan-dropper, enabling it to download various payloads and act as Malware-as-a-Service on the dark web. Emotet spreads primarily through spam emails, often using malicious Word or Excel files, and has been disseminated via local area networks and password-protected zip folders. The malware operates through botnets categorized into epochs, with Epochs 1, 2, and 3 dismantled in 2021 by a coordinated international operation. Following this, Emotet resurfaced in November 2021 as Epochs 4 and 5, incorporating a Cobalt Strike beacon for enhanced propagation. Recommended precautions include keeping software updated, using two-factor authentication, and educating employees about email threats. Network administrators are advised to block unscannable email attachments, configure specific email filters, and maintain secure backups.

Winsage

November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.

Winsage

November 12, 2025

Microsoft Releases November 2025 Patch Tuesday Updates

Microsoft has rolled out its November 2025 Patch Tuesday updates for Windows 11, addressing 63 vulnerabilities across various platforms, including Windows, Office, Microsoft Edge, Azure Monitor Agent, Dynamics 365, Hyper-V, and SQL Server. The update includes four critical and 59 important vulnerabilities, with one currently being exploited. Key vulnerabilities fixed include: - CVE-2025-62215: A privilege escalation vulnerability in the Windows Kernel. - CVE-2025-60724: A critical heap-based buffer overflow in the Microsoft Graphics Component (GDI+) enabling remote code execution, rated CVSS 9.8. - CVE-2025-60704: A high-severity vulnerability in Windows Kerberos, rated CVSS 7.5. - CVE-2025-62220: A heap-based buffer overflow in the Windows Subsystem for Linux GUI (WSLg), rated CVSS 8.8. - CVE-2025-60719: An untrusted pointer dereference in the Windows Ancillary Function Driver for WinSock. The update enhances features for Windows 11 versions 25H2 and 24H2, improving Click to Do, File Explorer, Voice Access, and Windows Search for Copilot+ devices. The taskbar has been updated with a new battery icon, and the Start Menu has been redesigned to include a scrollable All section. A preview of the Administrator Protection feature has been introduced to prevent unauthorized changes. Additionally, Microsoft released KB5068781 for Windows 10 Extended Security Updates, fixing an incorrect “end of support” message and addressing the same 63 vulnerabilities. Organizations are advised to conduct thorough testing before deploying the patches and to back up systems to mitigate potential issues.

Winsage

October 31, 2025

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Counter Threat Unit™ (CTU) researchers are investigating a remote code execution vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Service (WSUS). Microsoft released patches for affected Windows Server versions on October 14, 2025, and issued an out-of-band security update on October 23 after the emergence of proof-of-concept code. On October 24, Sophos detected exploitation of this vulnerability targeting internet-facing WSUS servers across various industries. The first recorded activity occurred at 02:53 UTC, where a threat actor executed a Base64-encoded PowerShell script to collect and exfiltrate sensitive information to Webhook.site. The script gathered data such as external IP addresses, Active Directory domain users, and network configurations, attempting to send this information via HTTP POST requests. By 11:32 UTC, the maximum limit of 100 requests was reached. Affected entities included universities and organizations in technology, manufacturing, and healthcare sectors, primarily in the United States. Censys scan data confirmed that the exploited servers had default WSUS ports 8530 and 8531 exposed publicly. CTU recommends organizations review vendor advisories, apply patches, identify exposed WSUS server interfaces, and examine logs for malicious activity. Sophos has implemented specific protections to detect related activities.

Winsage

October 29, 2025

Windows 10 end of life has passed – here’s your business guide to Windows 11

Organizations are transitioning from Windows 10 to Windows 11, with major companies addressing potential deployment issues. Windows 10 mainstream support ended in October 2025, but users can access the Extended Security Update program for an additional 12 months of coverage. Windows 11 features a refined user interface with a centered taskbar, enhanced visual elements, and productivity tools like snap layouts and Cloud Clipboard. The Start menu has been simplified, and the File Explorer sidebar has been reorganized. Focus Assist is improved with direct settings and integrates with the Windows Clock app. Windows 11 includes Copilot for natural language queries and task automation, with enhanced features for devices with neural processing units. Security is strengthened with Windows Hello and optional integration with Microsoft Defender for Endpoint. The minimum system requirements for Windows 11 include a 1GHz processor, 4GB of RAM, 64GB of storage, and TPM version 2.0. All editions of Windows 11 support encryption and biometric security, with Pro and Enterprise editions offering additional features. Upgrading from Windows 10 to Windows 11 is typically free if the device meets the requirements, with prices for new purchases starting at around £119 for Windows 11 Home and £219 for Windows 11 Pro.

Winsage

October 27, 2025

Microsoft: New policy removes pre-installed Microsoft Store apps

Microsoft has introduced a new app management policy for IT administrators managing Windows 11 Enterprise and Education devices, allowing the removal of pre-installed Microsoft Store apps (in-box apps). This feature is available for devices running Windows 11 Enterprise 25H2 and Windows 11 Education 25H2 through management tools like CSP, GPO, and Microsoft Intune. The policy simplifies app management by eliminating the need for custom installation images and complex scripting, enabling administrators to efficiently select and remove apps from a predefined list. The policy is disabled by default and must be enabled by administrators. It is compatible with both Group Policy and MDM solutions, including Microsoft Intune. Implementation steps for Microsoft Intune include creating a new policy in the admin center, configuring settings to enable the removal of default Microsoft Store packages, and assigning the policy to desired device groups.