emergency patch Archives

Winsage

November 30, 2025

Windows update makes sign-in password icon invisible — Microsoft says you can still click on empty space to enter your password

Microsoft has acknowledged a minor issue in the non-security preview update KB5064081, which may complicate the login process for users by causing the password icon to be missing or invisible on the lock screen. Users can still log in by clicking on the empty space where the button typically resides. This issue primarily affects the Windows user interface and is expected to impact only users within the preview channel. Microsoft is actively working to resolve this issue. Additionally, Microsoft previously issued an emergency patch for a different update that rendered users unable to use their keyboard and mouse in the Windows Recovery Environment and released a driver update that improved performance in certain games by 50%. Windows Insider channels are in place to catch most bugs before they reach the general user base, but some glitches still occur in wider releases.

Winsage

November 21, 2025

Nvidia rushes out a GPU fix, blaming Windows 11’s October update for sluggish performance in games

Nvidia GPU users have experienced performance issues after the October update of Windows 11 (KB5066835), leading to slowdowns in various PC games. Nvidia has released an emergency hotfix to address these performance problems, but users are advised to be cautious as hotfixes undergo less testing than regular updates. Some users report improved frame rates in certain games like Assassin's Creed Shadows, while others still face issues such as monitor flickering. Users with AMD and Intel systems have also reported performance problems due to the October update, which has also disrupted the Windows Recovery Environment, prompting Microsoft to issue an emergency patch.

Winsage

October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.

Winsage

October 26, 2025

“Emergency Windows Update Declared a ‘Total Disaster’—Is Your PC at Risk?”

A new Windows 11 update, KB5066835, is causing significant issues by breaking localhost connections, preventing locally hosted apps from communicating with the network. Users are experiencing installation failures and problems with peripherals and accessories. Microsoft has acknowledged the issue and is rolling out an emergency patch, which may take over 48 hours to reach affected PCs. The update disrupts the kernel-mode HTTP server (HTTP.sys), leading to connection failures for apps trying to access localhost. Additionally, the update renders the Windows Recovery Environment (WinRE) unusable, as mice and keyboards do not function within it. Users attempting to reinstall the patch or upgrade to newer builds have reported inconsistent results, with fresh installs of Windows 11 24H2 not experiencing the same issues. Caution is advised against attempting unofficial fixes, as they may destabilize the system. Windows 10 users should ensure their systems are updated with the final security patches or consider purchasing Extended Security Updates for continued support.

Winsage

October 25, 2025

Microsoft Releases Emergency Patch for Exploited Critical Remote Code Execution Vulnerability (CVE-2025-59287)

On October 23, 2025, Microsoft released an out-of-band security update for a critical vulnerability identified as CVE-2025-59287, which affects Windows Server Update Services (WSUS) and allows remote, unauthenticated attackers to execute arbitrary code. The vulnerability was initially addressed in the October Patch Tuesday update, but the original patch was deemed insufficient. Following the release of the new patch, threat actors began exploiting the vulnerability, leading to its inclusion in CISA’s Known Exploited Vulnerabilities Catalog. Technical details and proof-of-concept exploits for CVE-2025-59287 have been made publicly available. Arctic Wolf has been monitoring a threat campaign targeting WSUS servers through ports 8530 and 8531, involving a malicious PowerShell script that executes commands to gather information from the domain. Arctic Wolf has established Managed Detection and Response coverage for these activities and recommends upgrading to the latest fixed versions of Windows Server and installing the Arctic Wolf Agent and Sysmon for visibility into related events. For users unable to apply the update immediately, Microsoft suggests disabling WSUS or blocking inbound traffic to ports 8530 and 8531 as temporary mitigations.

Winsage

October 24, 2025

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

Microsoft has released out-of-band security updates to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287, which has a CVSS score of 9.8 and is actively being exploited. The vulnerability allows unauthorized remote code execution due to unsafe deserialization of untrusted data. It affects various supported versions of Windows Server, including 2012, 2012 R2, 2016, 2019, 2022, and 2025 (23H2 Edition, Server Core installation). Microsoft recommends applying the patch and rebooting the system, or alternatively, disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531. The Dutch National Cyber Security Centre (NCSC) reported active exploitation on the same day the updates were released. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to address it by November 14, 2025.

Winsage

October 24, 2025

Microsoft issues emergency Windows server security patch – update now or risk attack

Microsoft has released an emergency patch for a critical vulnerability in its Windows Server Update Service (WSUS), identified as CVE-2025-59287, as part of the Patch Tuesday cumulative release on October 14, 2025. The vulnerability, categorized as a "deserialization of untrusted data" issue, has a severity score of 9.8 out of 10 and allows unauthenticated attackers to execute remote code without user interaction, potentially leading to broader network compromises. The flaw can be exploited with low-complexity attacks, and public exploit code has emerged, prompting the urgent update. Organizations are advised to apply the patch promptly to protect their systems.

Winsage

October 24, 2025

Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability

Microsoft released an emergency patch on October 23, 2025, to address a critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS). The vulnerability, rated critical with a CVSS score of 9.8, allows unauthorized attackers to execute arbitrary code over the network through unsafe deserialization of untrusted data. Although WSUS is not enabled by default, organizations using it are at risk if unpatched. The CVE's temporal score was updated to 8.8 after proof-of-concept exploit code was confirmed. The patch is available through various Microsoft update channels but requires a server reboot. Temporary workarounds include disabling the WSUS server role or blocking specific inbound traffic. Affected versions include Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2022 (23H2 Edition), and 2025, each with corresponding patch KB numbers.

Winsage

October 21, 2025

Microsoft’s emergency Windows 11 update fixes a nasty system recovery bug

Microsoft has released an out-of-band update for Windows 11, identified as KB5070773, on October 20, 2025. This update addresses an issue from the October 14 monthly update that disrupted the functionality of the Windows Recovery Environment (WinRE), preventing users from using USB mice or keyboards for recovery tasks. The update restores USB functionality in WinRE for Windows 11 versions 24H2 and 25H2.

Winsage

October 19, 2025

Microsoft Confirms Emergency Update For Millions Of Windows Users

Microsoft's latest mandatory security update for Windows 11, KB5066835, has caused significant disruptions, including inoperable localhost connections and multiple installation failures. Users are experiencing issues with locally hosted applications, and the update has also affected certain Logitech peripherals and mouse and keyboard functionality in the Windows Recovery Environment (WinRE). Microsoft has acknowledged these problems and plans to release an emergency fix within 48 hours. A regression in the kernel-mode HTTP server (HTTP.sys) is responsible for the localhost connectivity issues, particularly impacting Internet Information Services (IIS). Users are advised against seeking online troubleshooting solutions, as they have proven ineffective, and some have found risky temporary workarounds.