critical vulnerability Archives

Winsage

February 15, 2026

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

Microsoft has blocked credential autofill functionality in Windows 11 as part of the February 2026 Patch Tuesday updates to address the critical vulnerability CVE-2026-20804, which allows unauthorized access by tampering with Windows Hello authentication. This vulnerability was first identified in August 2025 and allows local administrators to inject biometric data. The restriction was documented in the January 2026 Patch Tuesday release notes. Enhanced Sign-in Security (ESS) operates at a hypervisor virtual trust level but is limited by hardware compatibility issues, particularly affecting AMD-based systems. Post-update, credential dialogs do not respond to virtual keyboard inputs from remote desktop or screen-sharing applications, preventing autofill during remote support sessions. Microsoft has provided a risky workaround that allows applications to operate with elevated administrator privileges, but this reintroduces the vulnerability. Organizations must now choose between disrupted remote support workflows or risking exposure to credential injection attacks, leading to operational challenges for IT teams and help desk staff.

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Winsage

January 28, 2026

Google Warns of Active WinRAR Exploits Targeting Unpatched Windows Systems

Google has raised concerns about ongoing cyberattacks exploiting a critical vulnerability in WinRAR, identified as CVE-2025-8088. This vulnerability allows malicious actors to deploy malware and espionage tools on unpatched systems. Users are advised to update WinRAR to the latest version, regularly check for software updates, employ comprehensive security solutions, and stay informed about cybersecurity threats.

Winsage

December 20, 2025

Windows RemoteApp problems, ferry malware arrest, Senator’s open-source warning

Microsoft's December 2025 security update disrupts Message Queuing (MSMQ) on older Windows 10 and Server systems. A subsequent November 2025 update causes RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly in Azure Virtual Desktop environments, although Windows Home or Pro editions remain unaffected. French authorities arrested two crew members of an Italian ferry for allegedly installing malware that could allow remote control of the vessel; one suspect has been released while the other is in custody. Tom Cotton, Chairman of the Senate Intelligence Committee, has urged action on vulnerabilities in open-source software, citing concerns about foreign adversaries inserting malicious code. A zero-day exploit, CVE-2025-20393, affecting Cisco email security products has been exploited by Chinese hackers since late November. DXS International reported a cybersecurity incident involving unauthorized access to its internal servers, with an investigation ongoing. A report from Resecurity indicates a rise in the criminal use of DIG AI for generating tips for illegal activities. CISA warned of a critical vulnerability in ASUS Live Update software, which has been actively exploited. An automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.

Winsage

December 19, 2025

Microsoft patches bug causing multiple Message Queuing errors

Microsoft released an out-of-band update (KB5074976) on December 19 to address Message Queuing (MSMQ) errors caused by December 2025 security updates. These updates have led to operational disruptions in business applications and IIS websites, particularly on systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016, which received updates KB5071546, KB5071544, and KB5071543. Users reported issues such as inactive MSMQ queues, IIS sites generating "insufficient resources" error messages, and applications unable to write messages to queues. The problems stem from modifications in the MSMQ security model, which altered permissions for the system folder C:WindowsSystem32msmqstorage, requiring MSMQ users to have write access typically reserved for administrators. Systems with full administrative rights do not experience these issues. Microsoft is investigating the matter but has not provided a timeline for a resolution.

Winsage

December 17, 2025

Microsoft: December security updates cause Message Queuing failures

Microsoft has acknowledged a significant issue with the December 2025 security updates that disrupts Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. The problem is prevalent among systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016 with security updates KB5071546, KB5071544, and KB5071543. Users are experiencing inactive MSMQ queues, IIS sites failing with "insufficient resources" errors, applications unable to write to queues, and misleading error messages about "insufficient disk space or memory." The root cause is changes to the MSMQ security model that altered permissions on the C:WindowsSystem32MSMQstorage folder, requiring MSMQ users to have write access to a directory typically reserved for administrators. Devices with users logged in as administrators are not affected. Microsoft is investigating the issue but has not provided a timeline for resolution. Rolling back the updates is a potential solution for administrators, though it carries security risks. This follows a warning from Microsoft in April 2023 about a critical vulnerability in the MSMQ service.

Winsage

December 15, 2025

Windows patch causes multiple Message Queuing errors

Microsoft has acknowledged issues related to the December 2025 security updates affecting Message Queuing (MSMQ) functionality on Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems. The updates KB5071546, KB5071544, and KB5071543 have caused problems such as inactive MSMQ queues, IIS sites showing “insufficient resources” errors, and applications unable to write messages to queues. These issues stem from modifications in the MSMQ security model, which now requires users to have write access to the C:WindowsSystem32msmqstorage folder, a privilege typically reserved for administrators. Systems with full administrative rights do not experience these problems, but this workaround is impractical for many enterprises. Microsoft is investigating the situation without a specified timeline for a resolution. Administrators may consider rolling back the updates, which poses its own security risks. In April 2023, Microsoft had warned about a critical vulnerability in MSMQ (CVE-2023-21554) that risked remote code execution attacks.

Winsage

December 5, 2025

Microsoft Silently Fixes 8-Year Windows Security Flaw

Microsoft addressed a critical vulnerability in Windows, identified as CVE-2025-9491, which had existed for nearly eight years and allowed cybercriminals to conceal malicious commands within .LNK (shortcut) files. This flaw was exploited by state-sponsored hacking groups from countries including China, Iran, North Korea, and Russia, with evidence of nearly 1,000 malicious shortcut files used in various campaigns. The vulnerability was initially downplayed by Microsoft, which stated it did not require immediate servicing. However, as exploitation increased, Microsoft eventually included a fix in its November 2025 Patch Tuesday updates, which was not publicly announced. The fix allows the entire Target command to be displayed in the Properties dialog, addressing the security risk. Research indicated that around 70% of campaigns exploiting this flaw were focused on espionage and information theft across multiple sectors.

Winsage

December 5, 2025

Microsoft Silently Activates Critical Windows Security Update

Microsoft has enhanced its Windows security measures by addressing the CVE-2025-9491 vulnerability, which has existed for nearly eight years and was exploited by state-sponsored groups for cyber espionage and data theft. The vulnerability was previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro. The November Patch Tuesday updates have fixed this issue, which was described as having been demoted from a vulnerability to a functional bug. The update modifies the Properties dialog of a .lnk file to display the entire Target command in a single line. Microsoft has not officially acknowledged the update but stated that it is continuously rolling out enhancements for security and user experience.

Winsage

November 21, 2025

CVE-2025-50165: Critical Flaw in Windows Graphics Component

In May 2025, Zscaler ThreatLabz identified a critical remote code execution vulnerability, CVE-2025-50165, with a CVSS score of 9.8, affecting the Windows Graphics Component within the windowscodecs.dll library. Applications relying on this library, including Microsoft Office documents, are vulnerable to exploitation via a malicious JPEG image. When a user opens such a file, their system can be compromised, allowing remote code execution. Microsoft released a patch for this vulnerability on August 12, 2025, affecting several versions of Windows, including Windows Server 2025 and Windows 11 Version 24H2 for both x64 and ARM64-based systems. ThreatLabz recommends that all Windows users update their applications to the patched versions. The attack chain involves crafting a JPEG image to exploit the vulnerability, which can be triggered directly or indirectly through other files. The vulnerability's analysis revealed issues with uninitialized memory and the need for a Control Flow Guard bypass for exploitation. Attackers can manipulate the instruction pointer through heap spraying and Return-Oriented Programming. ThreatLabz developed a Proof-of-Concept application to demonstrate the exploitation process and has implemented protective measures against the vulnerability.