critical security updates Archives

Winsage

January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.

Winsage

January 16, 2026

Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features

Critical security updates have been released to address CVE-2026-20824, a vulnerability in Windows Remote Assistance that allows attackers to bypass the Mark of the Web (MOTW) defense system. This affects various Windows platforms, including Windows 10 and Windows Server 2025, and is rated with an Important severity level. The flaw enables unauthorized local attackers to circumvent MOTW defenses, posing risks to confidentiality. The vulnerability requires local access and user interaction for exploitation, often using social engineering tactics. Microsoft has issued security updates for 29 Windows configurations, including specific KB articles for affected versions of Windows 10, Windows 11, and Windows Server. Users are advised to apply the necessary patches, which are classified as “Required” customer actions. The vulnerability remains unexploited in the wild and was not publicly disclosed before the patches were released. Microsoft’s assessment categorizes it as “Exploitation Less Likely.”

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Winsage

January 1, 2026

Still relying on Windows 10? How YOU can secure free PC updates from Microsoft to stay safe this year

Microsoft has concluded support for Windows 10, with over 44% of PC users still operating on the OS. This poses potential risks for users, particularly as the end-of-support deadline approaches on October 14, 2025, when Microsoft will stop issuing free updates, increasing vulnerability to cyber threats. Microsoft has introduced the Extended Security Updates (ESU) program, offering security patches until October 13, 2026, at a cost of £22 for individual users and starting at £45 for businesses, with prices doubling in subsequent years. Users can also access ESU benefits through Microsoft Rewards Points or by performing a Windows Backup via OneDrive, which has a 5GB free limit. Research suggests that around 5 million individuals in the UK could be at risk due to continued reliance on Windows 10. The ESU program is available for users with Windows 10 devices running version 22H2.

Tech Optimizer

December 12, 2025

The digital impersonators: How cybercriminals hijack your brand to launch malvertising attacks

Brand trust is highly valued by consumers, leading cybercriminals to exploit it through malvertising, which embeds malicious code in legitimate ads. Malvertising can redirect users to phishing sites or download malware. Cybercriminals create fake ads that mimic trusted brands, targeting high-traffic moments and using real-time bidding to distribute these ads on reputable sites. The process involves setting up fake accounts, creating convincing ads, purchasing ad space, and delivering malware through exploit kits. The consequences include identity theft and financial loss for consumers, and reputational damage for brands. To protect against these threats, organizations should implement regular software updates, continuous employee training, protective tools, and consider partnering with managed service providers for enhanced security measures.

Winsage

November 26, 2025

How to make your ATMs Windows 11 ready

ATM operators are facing challenges in transitioning from Windows 10 to Windows 11 as support for Windows 10 ends. Many ATMs currently operate on various versions of Windows 10 IoT LTSC, including 2015, 2016, 2019, and 2021, each with different support lifecycles and upgrade paths. The most urgent concern is the Windows 10 IoT Enterprise LTSC/LTSB 2015, which will lose support on October 14, 2025. The readiness of ATM manufacturers for Windows 11 varies; Diebold Nixdorf and Hyosung have announced their support, while NCR Atleos has not provided public information on its plans. Effective migration to Windows 11 requires thorough planning and testing, as manual testing processes may be inefficient. Utilizing virtualization and automation can enhance testing capabilities, allowing for concurrent testing of multiple OS versions, automated regression testing, and remote access to testing environments. Advanced tools like VirtualATM can help organizations manage the upgrade process more effectively.

Winsage

November 26, 2025

Do Not Click—This Porn Site Installs Malware On Your Device

Attackers are using malicious emails with links to adult websites to exploit human curiosity and urgency, leading to the installation of harmful malware through deceptive update processes. Acronis has identified these "JackFix" attacks, which use screen hijacking techniques combined with ClickFix methods, presenting victims with fake Windows Update screens that claim to deliver critical security updates. This campaign leverages counterfeit adult websites as phishing mechanisms, increasing psychological pressure on victims to comply with prompts to install updates. The attack takes over the victim's screen and displays a convincing update interface, occurring entirely within the browser. Acronis advises users to avoid accessing adult sites through links in emails or messages and to navigate directly to these sites for safer browsing.

Winsage

November 24, 2025

Cybersecurity specialist says make Microsoft Windows change – or ‘be exposed’

Microsoft Windows users are urged to update their systems due to the discontinuation of support for Windows 10, which has reached its end-of-life stage. Users are encouraged to upgrade to Windows 11 if their devices are compatible. Microsoft will cease providing security updates for Windows 10, increasing the risk of attacks. For those unable to upgrade, Microsoft offers an Extended Security Updates (ESU) program, currently free for home users with a Microsoft account, providing security updates until October 13, 2026. Users of earlier Windows versions, such as 7, 8, and Vista, have been without support for a longer time, making them more vulnerable. After support ends on October 14, 2025, Microsoft recommends upgrading to a supported version of Windows. Transitioning to a new device that runs Windows 11 can improve user experience and security, with trade-in and recycling schemes available for old devices.

Winsage

November 17, 2025

You can still get free Windows 10 security patches – here’s how until October 2026

This month's Windows updates will roll out automatically on Patch Tuesday, November 11. Official support for Windows 10 has concluded, meaning PCs running this operating system with default settings will no longer receive essential monthly security updates from Microsoft. Microsoft has introduced options for users to continue receiving critical security updates until October 2026. The Extended Security Updates (ESU) for Windows 10 consumer PCs are available for free enrollment, particularly for those who do not qualify for a free Windows 11 upgrade. ESU coverage begins immediately and extends through October 13, 2026, for personal devices. Users must sign in with a Microsoft account to activate the subscription, which can be applied to up to ten PCs. The ESU subscription is available for personal Windows 10 PCs running version 22H2, excluding Enterprise and Education editions. Users in Europe qualify for free ESU subscriptions without needing a Microsoft account. Enrollment can be initiated through the Settings menu under Windows Update. Enterprise customers are not eligible for free ESU options and must pay a fee starting at per device per year. If the ESU offer does not appear, users should ensure all requirements are met, including the installation of the latest updates for Windows 10, version 22H2. Users should be cautious of the default 5GB storage limit on OneDrive when syncing settings to the cloud.

Winsage

November 15, 2025

I’m finally switching to Windows 11, but not for the reason you think

Approximately 40% of Windows 10 users have upgraded to Windows 11, driven by the end of support for Windows 10 on October 14 and various practical considerations. The author upgraded to Windows 11 after acquiring an OLED monitor, as Windows 11 handles HDR significantly better than Windows 10. The introduction of Auto HDR in Windows 11 enhances the visual appeal of older games, while the HDR calibration app is incompatible with Windows 10. The author also faced persistent issues with their Windows 10 installation, such as file corruption and poor microphone quality, which prompted the switch. The end of critical security updates for Windows 10 further influenced the decision to upgrade, making Windows 11 the necessary choice to ensure better performance and security.