Extended Security Archives

Winsage

March 6, 2026

Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October

Microsoft addressed an issue in the Windows Recovery Environment (WinRE) that arose after the final update for Windows 10 on October 14, 2025, which disrupted WinRE functionality on some devices. The same update also caused accessibility issues for USB devices in Windows 11's recovery environment. Microsoft released an out-of-band patch, but some Windows 10 users continued to experience WinRE problems. The fix, KB5068164, targets Windows 10 versions 21H2 and 22H2 and aims to resolve the issue preventing WinRE from starting after the October 14 update. Concerns about Microsoft's quality control have been raised due to the timing of the failure and the delay in providing a solution. Users of Windows 10 can rely on Microsoft's Extended Security Updates program, although the situation has caused doubts about the reliability of Microsoft's updates.

Winsage

March 6, 2026

Windows 10 has been open to a severe recovery bug without this update

On October 14, 2025, Microsoft ended support for Windows 10 and encouraged users to switch to Windows 11, using full-screen pop-up ads. The company introduced the Extended Security Updates (ESU) program to facilitate this transition. However, issues arose with the Windows Recovery Environment (WinRE), which faced significant problems around the same time Windows 10 was phased out, affecting Windows 11 users as well. Microsoft acknowledged these issues in February and released an emergency patch to fix them. On March 3, 2026, a recovery update for Windows 10 versions 21H2 and 22H2 was rolled out to address the WinRE malfunction. Following the end of support for Windows 10, Windows 11's market share increased to 72.78%. Microsoft plans to improve Windows 11 in 2026 based on user feedback, but Windows 12 is not expected to be released this year.

Winsage

March 4, 2026

Did Windows 10 automatically update itself on this user’s PC with curiously perfect timing — or was this mid-shower surprise just an honest mistake?

Microsoft has been encouraging users to upgrade to Windows 11 since its launch in October 2021, employing tactics such as full-screen pop-up ads. Some users prefer Windows 10 due to its hardware requirements and design issues. A user named 'djseifer' reported that their Windows 10 PC automatically upgraded to Windows 11 while they were away, despite declining previous upgrade prompts. Upon returning, they expressed dissatisfaction with the new interface, particularly the Start menu and centralized taskbar. It is generally understood that Microsoft should not forcibly upgrade a user's operating system without consent, although the user may have inadvertently consented through prior agreements. Users can disable automatic updates to maintain their Windows 10 experience, but this may expose them to security vulnerabilities. Microsoft requires TPM 2.0 for Windows 11, complicating upgrades for unsupported hardware. Windows 10 will still be usable after Microsoft ends support on October 14, 2025, but users will face increased risks from cyber threats. Extended Security Updates (ESU) will provide limited security updates for a time.

Winsage

March 2, 2026

Windows 11 tops market share as 10 faces extended farewell

Recent data from Statcounter indicates that Windows 11 has a market share of 72.57 percent, while Windows 10 holds 26.45 percent. Microsoft claims that Windows 11 has surpassed one billion users. Statcounter's data is collected from over 1.5 million websites and may be subject to revision. Microsoft will discontinue support for many versions of Windows 10 in October 2025, leading some organizations to consider Extended Security Updates (ESU), which can incur additional costs. Windows Server 2016 has a 20.3 percent share among monitored servers, and Windows 10 2016 LTSB accounts for 0.5 percent of Windows devices, making up 19.8 percent within the LTSC/LTSB category. The higher usage of LTSC/LTSB is attributed to special-purpose devices in consumer and retail sectors, which face stricter upgrade protocols.

Winsage

February 25, 2026

Microsoft gives Windows laggards the ‘gift of time’ wrapped in licensing fees

Microsoft is offering up to three years of Extended Security Updates (ESU) for older Windows installations, with the expectation of compensation. Most major versions of Windows 10 will reach end of support by 2025, while Windows 10 Enterprise 2016 LTSB and Windows IoT Enterprise LTSB 2016 will end support on October 13, 2026, and Windows Server 2016 will conclude support on January 12, 2027. Microsoft recommends upgrading to Windows Server 2025 for Windows Server 2016 users. The pricing for ESU for Windows 10 2016 LTSB starts at a specified amount per device for the first year, with expected increases in subsequent years. Customers using Intune or Windows Autopatch may receive a reduced rate. There is no official pricing for Windows Server 2016 ESU, creating uncertainty for administrators. Historically, Microsoft has charged a premium for extended support, with previous ESU costs for Windows Server 2012 being 100 percent of the full license price for the first year. The final cost of ESU will depend on each organization’s licensing agreement.

Winsage

February 24, 2026

Microsoft extends security patching for three Windows products at a price

Support for Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will end on October 13, 2026, while Windows Server 2016 will reach its end of support on January 12, 2027. Organizations using these products will receive one final monthly security update on the specified dates, after which they will not receive security patches, updates, or technical support. The Extended Security Updates (ESU) program allows organizations to purchase coverage for up to three years beyond the end of support, with pricing starting at a specified amount per device for the first year and doubling for each subsequent year. Windows Server 2016's ESU pricing has not been announced, and Microsoft recommends upgrading to newer Long-Term Servicing Channel releases. In the European Economic Area, Windows 10 users can access ESU until October 14, 2026, without payment or cloud account requirements due to advocacy from Euroconsumers.

Winsage

February 24, 2026

Support for Windows Server 2016 is coming to an end

Microsoft has announced the end of support for several Windows products launched in 2016, including Windows Server 2016, Windows 10 Enterprise 2016 LTSB, and Windows IoT Enterprise LTSB 2016. Windows Server 2016 has been in the extended support phase since January 2022, with security updates available until January 12, 2027. Windows 10 Enterprise 2016 LTSB and Windows IoT Enterprise LTSB 2016 will reach the end of their extended support on October 13, 2026. Microsoft offers the Extended Security Updates (ESU) program for these products, allowing critical security updates for a fee, with costs for Windows 10 Enterprise 2016 LTSB set to increase annually per device. ESU will also be available for Windows Server 2016, but pricing details are not yet released. Windows IoT Enterprise LTSB 2016 will receive extended support through hardware manufacturers, with terms and costs varying by supplier. Microsoft emphasizes that using unsupported software increases risks and that migrating to a newer version of Windows is the only long-term solution.

Winsage

February 13, 2026

Microsoft Refreshes Secure Boot Root of Trust Certificates

Microsoft is refreshing Secure Boot certificates across its Windows ecosystem ahead of their expiration in June 2026 to enhance firmware-level security. Most systems will automatically receive the new certificates via Windows Update, while older or specialized devices may require firmware updates from the original equipment manufacturer (OEM). Devices that do not receive the update will still boot but will gradually lose access to critical boot-level mitigations and future compatibility improvements. The deployment of the new certificates has started with regular monthly Windows updates and applies to home users, businesses, and educational institutions. Organizations can manage updates independently using tools like Group Policy. Many devices produced since 2024 and nearly all systems shipped in 2025 already have the updated certificates. If systems are not updated, they will continue to function but will enter a degraded security state, unable to adopt new Secure Boot mitigations. This could increase exposure to threats and lead to compatibility issues with newer operating systems and software. IT administrators should ensure that Windows Update is deploying the latest updates and that device firmware is current, especially for older hardware or specialized systems.

Winsage

February 13, 2026

Microsoft Introduces New Secure Boot Certificates Before June Deadline

The foundational security certificates supporting Windows Secure Boot, introduced in 2011, will expire in mid-2026, specifically in June and October. Microsoft and PC manufacturers are updating the Windows ecosystem to address this. Devices that do not receive updated certificates may face security limitations and compatibility issues with newer operating systems and hardware. The transition is described as a "generational refresh" of the trust infrastructure for Windows. Systems failing to update will still function but may enter a "degraded security state," unable to install new security mitigations or newer operating systems. Most users will receive updates automatically through Windows Update, while older systems may require manual intervention. Systems at risk include those running unsupported Windows versions, with Secure Boot disabled, or not enrolled in Extended Security Updates. Users should check their Secure Boot status using PowerShell commands to ensure they are using the new certificates. The update affects not only Windows PCs but also other devices utilizing UEFI Secure Boot.

Winsage

February 12, 2026

Microsoft’s latest update patches six zero-days and two critical flaws – but is it another buggy mess?

Microsoft's February Patch Tuesday update addresses feature and security bugs, continuing the refresh of Secure Boot certificates to protect against bootkit malware. Secure Boot prevents malicious software from executing during startup by using trusted certificates, many of which are set to expire in June. The update is available for both Windows 11 and Windows 10 users, with the latter needing to be enrolled in the Extended Security Updates (ESU) program until October 2026. Windows 11 fixes include resolutions for full-screen gaming and WPA3-Personal Wi-Fi connectivity issues, while Windows 10 improvements address Chinese fonts, specific graphics processing units, and custom folder names in File Explorer. A bug causing unexpected restarts in Secure Launch-compatible PCs has also been fixed. The update includes 55 security patches, a decrease from January's 114, with two classified as critical and six identified as zero-day vulnerabilities. One vulnerability exploited in the wild could allow system privilege escalation, another could disrupt network connectivity, and a third could disable security controls and access sensitive data. Users can update their Windows 11 PCs through System > Windows Update, and Windows 10 users through System > Update & Security. Due to previous buggy updates, users may consider waiting a few days before installing the February update, with the option to uninstall if issues arise.