file system Archives

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Tech Optimizer

May 13, 2026

AI-Powered Endpoint Detection and Response: Why Modern Cybersecurity Depends on EDR

Every device connected to a corporate network, including laptops, desktops, servers, and mobile phones, can be a potential gateway for cyberattacks. AI-powered Endpoint Detection and Response (EDR) solutions are essential in modern cybersecurity strategies, utilizing behavioral analysis, real-time monitoring, and machine learning to detect, investigate, and respond to advanced threats. Traditional antivirus software, which relies on known malicious signatures, is becoming ineffective against modern attackers who use fileless attacks and custom-built malware. EDR continuously monitors endpoint activity, capturing behavioral data to identify anomalies consistent with attacks. It provides forensic capabilities to help security teams understand how breaches occur. EDR is a critical component of a multi-layered security architecture, complementing other security measures like firewalls and patch management. When choosing an EDR solution, organizations should consider real-time detection, automated response capabilities, integration with existing security tools, and ease of investigation.

Winsage

May 5, 2026

Microsoft’s new Windows 11 Run dialog is faster than the Windows 95-era version it’s replacing

Microsoft is developing a modernized version of the Run dialog for Windows 11, featuring a streamlined design created using C# and WinUI 3. The new Run dialog has a median "time-to-show" of 94 milliseconds, which is an improvement over the old dialog's 103 milliseconds. This new version is designed to be more functional and user-friendly, allowing users to quickly access their home directory and supporting dark mode. The modern Run dialog is currently being rolled out as an opt-in feature for Insiders in the Experimental Channel.

Tech Optimizer

May 3, 2026

TigerFS Mounts PostgreSQL As Transactional Filesystem

TigerFS is an open-source project introduced on April 4, 2026, by Michael Freedman, the CTO of TigerData. It allows users to mount a PostgreSQL database as a POSIX-like filesystem, storing database rows as individual files while ensuring ACID guarantees. Key features include an MIT license, support for both file-first and data-first workflows, mounting options using FUSE on Linux and NFS on macOS, and integration with standard Unix tools.

Winsage

April 21, 2026

Microsoft continues to improve Windows 11 with storage menu fixes and changes to FAT32

Microsoft is updating Windows 11, including reducing Copilot integration in native applications and streamlining Control Panel settings. The latest Insider Preview build introduces significant changes to storage management, notably removing the FAT32 volume size limit, expanding it from 32GB to 2TB, while individual file sizes remain capped at 4GB. The update also eliminates the User Account Control (UAC) prompt in the Storage menu, improving responsiveness and loading times. Microsoft is also committed to enhancing Windows Search and transitioning from web apps to native applications.

Winsage

April 20, 2026

New Windows 11 Build Fixes Storage Lag and Lifts Old 32GB FAT32 Limit

Microsoft's latest Insider Preview build for Windows 11 introduces significant improvements in storage volume management. The update removes the 32GB volume size limit for FAT32 file systems, allowing volumes to expand up to 2TB, although the maximum file size limit remains at 4GB. The Storage menu has been revamped for better responsiveness, eliminating the User Account Control (UAC) alert when opening it, with prompts appearing only when accessing temporary files. The "Disk & Volumes" menu performance has also been enhanced, resulting in a faster loading time for the Storage settings menu.

Winsage

April 18, 2026

Microsoft’s Patch Tuesday release for April is a whopper

A series of updates have been released, focusing on system integrity and performance. Users should perform verification tasks, including installing, uninstalling, and repairing MSI packages, connecting and disconnecting cloud sync providers, and enrolling devices in Intune or MDM solutions. The Common Log File System driver (clfs.sys) is receiving a follow-up patch, along with updates to Storage Spaces (spaceport.sys) and app isolation file system drivers (bfs.sys, wcifs.sys). Users should also run Windows Update installation and rollback cycles, install and uninstall applications, and verify data integrity through backup solutions. For Storage Spaces, creating a pool with mirrored and thin virtual disks and ensuring clean deletion is necessary. April's updates for Office target MSI editions, including Excel 2016 (KB5002860), PowerPoint 2016 (KB5002808), Office 2016 shared libraries (KB5002859), and SharePoint Server editions from 2016 to 2019. These updates do not apply to Click-to-Run deployments like Microsoft 365 Apps. Users should validate complex Excel workbooks, PowerPoint presentations, SharePoint document libraries, and the functionality of Office add-ins. Testing for two High Risk components is essential: changes to Kerberos may disrupt services using RC4 keytabs, and the Remote Desktop client update requires validation of clipboard functionality, printer redirection, and session reconnection. Validating Secure Boot and BitLocker is critical as CVE-2023-24932 key rolling progresses. Additionally, cloud sync testing is important due to five patches to the Projected File System driver, and regression testing is needed for dual afd.sys updates and VPN/IPsec patches across remote-access infrastructure. Office updates are limited to MSI editions.

Winsage

April 16, 2026

FAT32 breaks free from its outdated limitation in latest Windows update

The FAT32 file system, historically limited to a 32GB partition size due to a design choice by Microsoft engineer Dave Plummer, can inherently support volumes up to 2TB with a 512-byte sector size and theoretically up to 16TB with 4KB sectors. While Windows maintained this 32GB limit, motherboard manufacturers had already developed firmware to utilize larger FAT32 drives. Tools like Rufus and GUIFormat were used to format high-capacity media, as Windows did not allow direct FAT32 formatting for drives larger than 32GB. However, with the introduction of Windows 11 Insider Preview Builds 26220.8165 and 26300.8170, users can now format large flash drives and external volumes as FAT32 directly from the Command Prompt without third-party software.

Winsage

April 15, 2026

Mega Upgrade for Windows 11! Storage Suddenly Much Larger

Microsoft has lifted the FAT32 file system's volume limit in a recent preview version of Windows 11, allowing users to format storage devices with capacities of up to 2 terabytes, an increase from the previous maximum of 32 gigabytes. This change addresses a long-standing limitation that has existed since 1996. Additionally, Microsoft is enhancing the partition tool in Windows 11, improving its speed and responsiveness for managing multiple partitions. These updates are currently being tested in the Windows Insider Program, with no confirmed timeline for broader availability.