Boot Archives

Winsage

May 15, 2026

Microsoft fixes a major BitLocker bug… but leaves Windows 10 users hanging (for now)

Microsoft confirmed a BitLocker-related issue caused by the April 2026 Security Update (KB5083769) for Windows 11, which led some devices to boot into the BitLocker recovery screen. A fix has been released, but it is currently available only for Windows 11, version 25H2, with Windows 10 and Windows Server users awaiting a solution. Administrators are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting before installing the April 2026 update. Additionally, a security researcher named Chaotic Eclipse has developed a zero-day exploit called YellowKey, which can bypass BitLocker security using a USB stick, affecting Windows Server 2022 and 2025 but not Windows 10.

Winsage

May 15, 2026

This is what I’m doing with my old Windows 10 PC instead of trading it in like Microsoft wants me to

Microsoft is encouraging users to upgrade from Windows 10 to Windows 11, but the trade-in value for Windows 10 PCs may not be appealing. Alternatives for aging machines include installing Linux Mint as a dual-boot option, repurposing the PC as a Network Attached Storage (NAS) device using software like TrueNAS Scale, or continuing to use Windows 10 with potential third-party support for security patches after official support ends. The author expresses a commitment to finding a productive use for their hardware rather than discarding it.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Winsage

May 14, 2026

‘Avoid Disruption’—Microsoft Updates Windows Before June Deadline

Microsoft has released a security update for Windows 10 users, identified as KB5087544, which includes dynamic status reporting for Secure Boot states. Secure Boot certificates, in place for 15 years, are set to expire next month, and Microsoft advises users to update their certificates to avoid security risks. All Windows 10 PCs will require new certificates, but only those in the Extended Security Updates (ESU) program will be eligible for the update. Most Windows 11 devices will also need new certificates, except those purchased in the last two years. Failure to install the new certificates may affect device boot security. The update also addresses a security warning related to Remote Desktop Connection and may prompt some users to enter a BitLocker recovery key after restarting. New certificates will only be issued to devices that show successful update signals, and users should upgrade their Windows Security App to address potential issues. Notifications will be sent once new Secure Boot certificates are installed.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 13, 2026

Former Windows boss reveals why modern Windows 11 apps feel slower, says Microsoft once gave every engineer a stopwatch

Steven Sinofsky, former head of the Windows Division at Microsoft, discussed the company's engineering culture and its focus on resource management from 1980 to 2000, where every engineer was given a physical stopwatch to measure various performance metrics. This practice emphasized optimizing software for speed and efficiency, a stark contrast to modern applications that consume significant RAM due to shifts in market dynamics and hardware advancements. The current trend prioritizes rapid feature deployment over optimization, leading to performance issues in applications. Microsoft is responding to criticism by enhancing the performance of Windows 11, focusing on native desktop applications and optimizing core components, including the Start menu and File Explorer. They are also testing new CPU scheduling profiles to reduce micro-lags during user interactions.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 13, 2026

Microsoft releases Windows 10 KB5087544 extended security update

Microsoft has released the Windows 10 KB5087544 extended security update, which addresses vulnerabilities identified during the May 2026 Patch Tuesday and resolves issues related to Remote Desktop warnings. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via Settings under Windows Update. The update upgrades Windows 10 to build 19045.7291 and Windows 10 Enterprise LTSC 2021 to build 19044.7291. The update focuses on security enhancements and bug fixes, addressing 120 vulnerabilities. Key fixes include resolving incorrect Remote Desktop security warning dialogs in multi-monitor setups, introducing dynamic status reporting for Secure Boot, and adjusting Daylight Savings Time for Egypt. A known issue may require users to input their BitLocker recovery key after installation, affecting systems with specific BitLocker Group Policy configurations. Microsoft suggests removing the affected Group Policy setting and suspending and resuming BitLocker as a temporary solution.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

Winsage

May 10, 2026

‘One Time Restart’—Microsoft Changes Windows After 15 Years

Microsoft is implementing changes to Secure Boot certificates for Windows PCs, marking the first expiration since 2011. New certificates must be installed on all devices before a deadline in June. Users can check their status via the Windows Security App. The new certificates will be distributed through regular monthly security updates, with some users already receiving them in April and others expected to see changes in May. Following these updates, users may experience additional restarts on their PCs. The update applies only to PCs eligible for security updates, meaning many Windows 10 PCs will not receive the new certificates, potentially exposing them to risks. Affected users are advised to enroll in Microsoft’s Extended Security Update (ESU) program.