ESU Archives

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 12, 2026

June’s Windows 10 patch has a BitLocker user lockout problem… again

Microsoft released a cumulative update for Windows 10, designated as KB5094127, during the latest Patch Tuesday. Some users are experiencing issues where they are prompted to enter their BitLocker recovery key after installing the update. This problem is linked to systems with an "unrecommended" BitLocker Group Policy configuration and has occurred in previous updates. Specific conditions that can lead to this issue include having BitLocker enabled on the operating system drive, a certain Group Policy setting configured, the System Information tool reporting a specific Secure Boot State, the presence of a particular certificate in the Secure Boot Signature Database, and not using the 2023-signed Windows Boot Manager. Affected users may face difficulties accessing their BitLocker recovery key, potentially leading to lockouts. Microsoft suggests that personal devices are less likely to be affected, with the issue primarily impacting enterprise setups. The company is working on a resolution and advises IT administrators to consider removing the Group Policy configuration before installing the update. Update KB5094127 is available only to Windows 10 users in the Extended Security Updates program for versions 21H2 and 22H2, addressing various bugs and security vulnerabilities.

Winsage

June 10, 2026

Microsoft patches record 198 Windows bugs in June update – and 3 are zero days

Microsoft's latest Patch Tuesday addressed 198 security vulnerabilities, the most extensive update in recent memory. Among these, 32 flaws are classified as critical, and three are zero-day vulnerabilities. The updates are detailed in KB articles: KB5094126 for Windows 11 versions 24H2 and 25H2, KB5093998 for version 23H2, and KB5094127 for Windows 10. The updates will automatically download and install, but users must verify their installation status and reboot their computers for changes to take effect. The vulnerabilities addressed this month are attributed to advancements in artificial intelligence, with companies like Microsoft leveraging AI models to expedite the identification and resolution of security flaws. The three zero-day vulnerabilities include one that allows an attacker to gain Windows System privileges through a flaw in file link resolution, another that could facilitate a denial-of-service attack via an HTTP vulnerability, and a third related to a flaw in Windows BitLocker that could enable data capture from an unpatched PC. Additionally, the update introduces new features to Windows 11, including new Secure Boot certificates, a Low Latency Profile for enhanced performance, support for shared audio devices for multiple Bluetooth connections, webcam functionality across multiple applications, and the ability to assign a custom name to the user folder during setup.

Winsage

June 10, 2026

Microsoft releases Windows 10 KB5094127 extended security update

Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.

Winsage

June 6, 2026

Microsoft released new Defender update for Windows 11, 10, Server ISO installations

Microsoft is rolling out updates for Windows Defender to protect users from newly discovered malware threats. These updates occur frequently, with a significant refresh every three months for Windows installation images (WIM and VHD) and ISOs. The recent Windows 11 update includes the latest definitions and addresses vulnerabilities from outdated anti-malware definitions in installation images. The latest security definitions were delivered through security intelligence update version 1.445.323.0, applicable to various platforms, including Windows 11 and several Windows Server versions. The update enhances the anti-malware client, engine, and signature versions to platform version 4.18.26040.7, engine version 1.1.26040.8, and security intelligence version 1.447.236.0. The most recent intelligence update is version 1.451.297.0, which improves threat detection against various malware types.

Winsage

May 29, 2026

“We are not ready to move” as HP’s Windows 10 holdouts highlight Microsoft’s upgrade struggle

30% of HP's installed user base is still operating on Windows 10, which leaves approximately 400 million PCs vulnerable as they do not meet the hardware requirements for Windows 11. The proportion of Windows 10 users has declined slightly since September 2025. HP's revenue rose by 9% year-on-year, reaching .41 billion, with the transition to Windows 11 providing a financial advantage for the company. Microsoft introduced the Extended Security Updates (ESU) program for Windows 10 users, allowing enrollment for free or through Microsoft Reward points, with access later made free for users in the European Economic Area who do not meet cloud backup requirements. Critics argue that the end of support for Windows 10 forces functional PCs into premature retirement due to hardware requirements for Windows 11. The Public Interest Research Group has raised concerns about the impact of discontinuing Windows 10 support on older devices and is promoting Linux as an alternative. Microsoft has been encouraging upgrades to Windows 11 through ads highlighting performance advantages.

Winsage

May 29, 2026

HP’s Windows 10 holdouts show just how hard Microsoft’s Windows 11 upgrade push really is

HP reported that 30% of its installed user base is still using Windows 10, which will lose support on October 14, 2025, leaving around 400 million PCs vulnerable. Many of these PCs do not meet the hardware requirements for upgrading to Windows 11. The percentage of Windows 10 users has declined slightly since September 2025, when nearly half of HP and Dell's PCs were still running the older system. Microsoft introduced an Extended Security Updates (ESU) program, allowing users to enroll for free or through a payment option, but later made access free for users in the European Economic Area who do not meet the cloud backup requirement. Critics argue that the end of support for Windows 10 exemplifies programmed obsolescence, potentially forcing many functioning PCs into retirement. Initiatives like End of 10 are encouraging users to consider transitioning to Linux, highlighting its lack of advertisements and telemetry tracking. Microsoft has attempted to persuade users to upgrade to Windows 11 through ads and claims of improved performance. It is unclear if Windows 10 users have enrolled in the ESU program or are operating without security updates.

Winsage

May 28, 2026

Microsoft tests the 15-character limit of Windows Server admins’ patience

Windows Server 2016 has a bug introduced by the May 12 security update that affects servers with hostnames exactly 15 characters long, causing errors in domain controller discovery. Specifically, calling the DCLocator results in an ERRORINVALIDPARAMETER, hindering applications and tools from locating a domain controller. This issue impacts features like Distributed File System (DFS) Namespace management. Microsoft has not provided a workaround but suggests changing the hostname length. Windows Server 2016 is officially supported until January 12, 2027, with extended support options available. Despite representing only 2.2 percent of all Windows devices, it accounts for 20.3 percent of all servers. Additionally, the May 2026 security update has caused installation failures on some Windows 11 devices due to insufficient EFI System Partition size.

Winsage

May 26, 2026

‘Restart Multiple Times’—Microsoft Changes Windows Next Week

Microsoft will begin the expiration of Secure Boot certificates on most PCs in June, marking the end of a 15-year period of stability. This affects all PCs manufactured before 2023. Users will likely need to perform multiple restarts during the update process, which includes pushing data into firmware and loading a new bootloader. Ignoring the Secure Boot deadline in June 2026 may lead to significant security risks, as Microsoft will stop providing essential boot updates and malware blacklists. The Windows Security App has been updated to help users monitor these changes, and users should check for warnings indicating the status of Secure Boot. It is important for Windows 10 users to ensure they are enrolled in the Extended Security Updates (ESU) program to avoid vulnerabilities.

Winsage

May 14, 2026

‘Avoid Disruption’—Microsoft Updates Windows Before June Deadline

Microsoft has released a security update for Windows 10 users, identified as KB5087544, which includes dynamic status reporting for Secure Boot states. Secure Boot certificates, in place for 15 years, are set to expire next month, and Microsoft advises users to update their certificates to avoid security risks. All Windows 10 PCs will require new certificates, but only those in the Extended Security Updates (ESU) program will be eligible for the update. Most Windows 11 devices will also need new certificates, except those purchased in the last two years. Failure to install the new certificates may affect device boot security. The update also addresses a security warning related to Remote Desktop Connection and may prompt some users to enter a BitLocker recovery key after restarting. New certificates will only be issued to devices that show successful update signals, and users should upgrade their Windows Security App to address potential issues. Notifications will be sent once new Secure Boot certificates are installed.