administrators Archives

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Tech Optimizer

May 22, 2026

AI Data Platform Modernization in Financial Services | Microsoft Azure PostgreSQL | The Microsoft Cloud Blog

Financial service institutions are increasingly exploring AI applications to alleviate operational burdens and gain a competitive edge, but face challenges with legacy data infrastructures that may not meet modern demands. The need for continuous availability and compliance is critical, as even brief downtime can have catastrophic consequences. Aging databases struggle with high-volume transactions and real-time analytics, prompting a focus on predictive maintenance and infrastructure automation. Microsoft Azure's PostgreSQL managed services, including Azure Database for PostgreSQL, address these challenges by providing flexible performance scaling and ensuring high availability. The service can trigger automatic failover within 60 to 120 seconds during outages, guaranteeing up to a 99.99% availability SLA. It supports read replicas for offloading analytics without impacting primary database performance and offers layered security controls, including encryption at rest and network isolation. Azure Database for PostgreSQL simplifies compliance with standards such as PCI DSS and SOC by enabling centralized identity and access management through Microsoft Entra ID authentication. It integrates seamlessly with the Microsoft ecosystem, allowing organizations to connect data to analytics and AI services without complex ETL processes. BNY Mellon successfully modernized its data platform by migrating to Azure Database for PostgreSQL in nine months, achieving improved resilience and allowing engineering teams to focus on innovation. The platform supports high availability, backup capabilities, and extensibility, empowering financial institutions to remain innovative in the era of AI.

Winsage

May 21, 2026

A Windows 11 bug blocks all updates since February. Here’s what to do

A segment of Windows 11 users has been unable to receive updates since February due to issues stemming from the January Preview Update, which caused download timeouts. This has resulted in missed security patches and critical updates related to Secure Boot certificates. Users may experience crashes during the update process, indicated by the error code 0x80010002. To check if affected, users can view their update history in Settings; if no updates have been installed since January and updates have not been paused, they are likely impacted. Microsoft is working on a fix linked to download timeout changes and firewall settings. A Known-Issue Rollback (KIR) can be executed to revert to a previous state before the problematic update, restoring normal functionality. This rollback is available for specific Windows 11 versions and Windows Server 2025.

Winsage

May 21, 2026

Windows 11’s new SecureBoot folder isn’t malware. Here’s what it does

Users have observed a new folder named “SecureBoot” in the Windows system folder following the installation of Windows 11's May update (KB5089549). This update may cause installation issues for some devices and introduces a directory that contains example scripts for IT professionals to manage Secure Boot certificate updates. Windows Secure Boot certificates are set to expire next month, and outdated certificates will lead to loss of support starting in June, potentially compromising Secure Boot functionality. Microsoft is distributing new certificates through Windows Update. The SecureBoot folder does not require individual users to take action, and deleting it is discouraged as it may cause complications with future Windows updates.

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Winsage

May 20, 2026

Microsoft confirms Windows 11’s May 2026 update is failing to install with error 0x800f0922 and outlines a mitigation for affected PCs

Microsoft has acknowledged installation issues with the May 2026 Security Update for Windows 11, specifically error code 0x800f0922, affecting devices on versions 24H2 and 25H2 after installing update (KB5089549) released on May 12. The failures occur during the reboot phase, often around 35 percent, primarily on devices with 10MB or less free space in the EFI System Partition (ESP). For consumer and unmanaged business devices, Microsoft has implemented a Known Issue Rollback (KIR), and restarting the computer may resolve the issue. For managed devices, network administrators must manually deploy a Group Policy workaround. Microsoft suggests modifying a Registry value to decrease reserved padding in the EFI partition as a potential fix, along with restarting the computer and checking for updates. A permanent solution is planned for a future Windows update.

Tech Optimizer

May 20, 2026

Critical PostgreSQL Flaws Enable Code Execution and SQL Injection

On May 14, 2026, PostgreSQL released critical security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 Common Vulnerabilities and Exposures (CVEs) related to stack buffer overflows, SQL injection, memory disclosure, and denial-of-service vulnerabilities. The most critical vulnerability, CVE-2026-6637, has a CVSS score of 8.8 and allows remote, unprivileged database users to execute arbitrary code. Other notable vulnerabilities include CVE-2026-6473, which affects memory allocation leading to potential memory corruption, and CVE-2026-6475, which allows overwriting sensitive OS-level files. Additional vulnerabilities include SQL injection flaws and authentication issues, with various CVSS scores ranging from 3.7 to 7.5. The updates can be implemented without a database dump, and PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 19, 2026

Critical PostgreSQL Vulnerabilities Enables Code Execution and SQL Injections

The PostgreSQL Global Development Group has released security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 vulnerabilities, including critical issues related to arbitrary code execution and SQL injection flaws. All supported branches from 14 through 18 are affected by vulnerabilities, necessitating updates. Database administrators can perform in-place upgrades without needing a dump/restore. Key vulnerabilities include: - CVE-2026-6637: Stack buffer overflow in the refint module allowing arbitrary code execution. - CVE-2026-6472: Privilege bypass and arbitrary SQL execution. - CVE-2026-6473: Potential remote code execution and memory corruption. - CVE-2026-6474: Server memory information leak. - CVE-2026-6475: Arbitrary file overwrite vulnerability. - CVE-2026-6476: SQL injection with superuser execution. - CVE-2026-6477: Client-side code execution risk. - CVE-2026-6478: MD5 credential timing leak. - CVE-2026-6479: SSL/GSS denial-of-service flaw. - CVE-2026-6575: Limited memory disclosure issue. - CVE-2026-6638: SQL injection in logical replication. Organizations using PostgreSQL 14 should upgrade to version 14.23 and plan migration to a newer version before the end-of-life on November 12, 2026. The updates are urgent for deployments exposed to the internet or in multi-tenant environments.

Winsage

May 19, 2026

Microsoft confirms patching issues in restricted Windows networks

Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.

Winsage

May 18, 2026

Windows boot partition runs out of space for Microsoft’s May security update

Microsoft has acknowledged a potential issue with its May 2026 security update, which may fail to install properly due to insufficient space in the EFI System Partition (ESP). If the available space in the ESP drops below 10 MB, users may encounter a 0x800f0922 error code, leading to installation failures during the reboot phase. This issue affects Windows 11 versions 25H2 and 24H2. Microsoft has proposed two solutions: a registry edit or a Known Issue Rollback (KIR), which has already propagated to consumer and non-managed business devices. The update addresses several critical Microsoft CVEs, although there have been no reports of active exploitation.