administrators Archives

Winsage

January 16, 2026

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shutdown after Microsoft patch

Microsoft's January Patch Tuesday update has caused shutdown and hibernation issues for some Windows 11 23H2 users, with devices refusing to power down despite user commands. The problem is linked to the Secure Launch feature, which prevents shutdown, restart, and hibernation attempts from functioning correctly. Microsoft has suggested a workaround using the command "shutdown /s /t 0" to force shutdown. They have not disclosed how many devices are affected or provided a timeline for a fix. Additionally, there is a separate issue affecting classic Outlook POP account profiles that may freeze or hang after the update.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

Microsoft Adds Copilot AI to Windows 11 File Explorer Amid Privacy Debates

Microsoft is enhancing its artificial intelligence capabilities in Windows 11 by potentially integrating its Copilot AI into File Explorer, as indicated by recent code discoveries in insider preview builds. This integration may introduce a new Copilot button or sidebar, allowing users to engage with AI for contextual queries about files, such as summarizing documents or organizing folders. Concerns have been raised regarding privacy and system performance, as the AI could access local files. The integration may also include chat capabilities, prompting fears of data exposure. Microsoft has assured users that Copilot prioritizes local processing and operates with consent. However, critics worry about the potential for intrusive AI suggestions and the possibility of forced updates. The integration is expected to leverage Microsoft's agentic AI framework and may require advanced hardware for optimal performance. Financial incentives, such as Copilot Pro subscriptions, are also a factor in this strategic push. User feedback will be crucial in determining the success of this integration, with mixed reactions from the tech community regarding privacy and control.

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

Winsage

January 12, 2026

2026 Shift: Professionals Ditch Windows 11 for Linux’s Speed and Savings

Professionals are increasingly moving away from Windows 11 to various Linux distributions due to dissatisfaction with performance issues and intrusive features in Windows. A 2025 analysis showed Linux distributions outperforming Windows by an average of 19.5% in everyday tasks. Performance tests indicated that SteamOS, a Linux-based platform, often matched or exceeded Windows 11 in gaming performance. Linux's lightweight nature and superior system administration tools appeal to those managing servers and virtual environments. Security concerns regarding Windows 11, including privacy issues and forced updates, have led users to prefer Linux's open-source model, which allows for greater transparency and customization. Economic factors also play a role, as Linux is free and open-source, eliminating licensing fees associated with Windows 11. User-friendly distributions like Linux Mint facilitate the transition for new users, and community support helps address common challenges. Large organizations are increasingly adopting Linux for its stability and responsiveness, while the Linux community fosters rapid improvements and adaptability. User feedback highlights privacy, performance, and customizability as key benefits of switching to Linux.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

Winsage

January 12, 2026

Windows 11 Insider Build 26220.7535 Adds Narrator Copilot Features and Removal Policy

Microsoft has released Windows 11 Insider Preview Build 26220.7535 (KB5072046) to the Dev and Beta Channels, focusing on accessibility enhancements and improvements for managing Copilot features. The update introduces Copilot-powered image descriptions via the Narrator feature, allowing users to generate detailed descriptions of images on all Windows 11 devices. This functionality is available on Copilot+ PCs without cloud data transmission and is also extended to non-Copilot+ systems, though it is currently unavailable in the European Economic Area. Additionally, a new Group Policy option titled Remove Microsoft Copilot App allows administrators to uninstall the Copilot app under specific conditions. The build also includes a refresh of the Windows Spotlight desktop icon and various bug fixes addressing issues in the Start menu, File Explorer, printing dialog, Snipping Tool, and Windows Update. Known issues remain, including interaction problems in the Start menu and crashes in Settings. The features in this build are being rolled out gradually and may change before general release.

Winsage

January 12, 2026

Microsoft releases 2026’s first Insider build of Windows 11

The latest Insider build of Windows 11, KB5072046, updates the operating system to build 26220.7535 and is available to Insiders in the Dev and Beta channels. A significant enhancement is the new Narrator feature powered by Copilot, which allows users to generate AI-driven descriptions for images. This feature is not available in the European Economic Area due to regulatory restrictions. Users can press Narrator key + Ctrl + D to describe a focused image or Narrator key + Ctrl + S for a full screen description. Microsoft has also introduced a policy for system administrators to uninstall the Microsoft Copilot App under specific conditions, applicable to Enterprise, Pro, and EDU SKUs. Various fixes have been implemented, including resolving issues with the Start menu, File Explorer, input using the Snipping Tool, print dialogs, and Windows Update settings.

Winsage

January 12, 2026

Windows 11 Insider Build 26220.7535 Adds Narrator Copilot Features and Removal Policy

Microsoft has released Windows 11 Insider Preview Build 26220.7535 (KB5072046) for users in the Dev and Beta Channels, aligning both with Windows 11 version 25H2. The update includes accessibility enhancements, streamlined Copilot management, and various bug fixes. Notably, it integrates Copilot with Narrator, allowing users to generate descriptions of images and visual elements. This feature works on both Copilot+ and non-Copilot+ PCs, with image sharing initiated only upon user request, though it is unavailable in the European Economic Area. A new Group Policy option allows administrators to uninstall the Copilot app from managed devices under certain conditions. The update also refreshes the Windows Spotlight desktop icon and addresses several bugs, including issues in the Start menu and File Explorer. Some known issues remain, such as interaction difficulties in the Start menu and crashes in Settings. Features in this build are subject to controlled rollouts and may change before general release.