Group Policy

Winsage
June 19, 2026
Microsoft has identified a Windows-based cryptocurrency clipper campaign that has been active since February 2026. This campaign uses clipboard-intercepting malware with self-spreading capabilities and operates through the Tor network. The clipper malware employs Windows Script Host and ActiveX to launch a Tor proxy and connect to a hidden command-and-control server. It focuses on stealing clipboard data, particularly cryptocurrency wallet addresses, and can exfiltrate screenshots. The malware is distributed via malicious Windows Shortcut (LNK) files on USB drives, which activate a worm that checks for existing infections and fetches the payload from a remote server. The clipper monitors the clipboard every 500 milliseconds for sensitive information and can replace copied wallet addresses with those controlled by attackers. Microsoft recommends behavioral detections, disabling AutoRun for removable media, blocking LNK execution from drives, and monitoring clipboard-related activities as mitigations against this threat.
Winsage
June 12, 2026
Microsoft resolved an issue affecting the installation of Windows updates released since May 2025, which primarily impacted users using the Windows Update Standalone Installer (WUSA) from a network share, especially in enterprise environments. The problem was significant for devices running Windows 11 24H2/25H2 and Windows Server 2025, but did not occur when handling a single .msu file or when files were stored locally. In August 2025, Microsoft acknowledged that updates installed using WUSA might fail with error ERRORBADPATHNAME when multiple .msu files were involved. A Known Issue Rollback Group Policy was implemented in September 2025 to mitigate the impact on home and non-managed business devices. The issue was ultimately resolved with cumulative updates released in June 2026 for Windows 11 (KB5079391) and Windows Server 2025 (KB5094125). Microsoft provided a workaround for users experiencing difficulties with prior updates by suggesting they save .msu files locally for installation. Users were also advised to wait at least 15 minutes after installing an .msu file via WUSA before checking the Update History page. Additionally, Microsoft had previously addressed another issue in April 2025 that affected enterprise customers installing security updates via WSUS, which recurred in the August 2025 updates. Microsoft warned customers about potential issues with installing the latest monthly updates on devices upgraded to Windows 11 24H2 or 25H2.
Winsage
June 12, 2026
Microsoft released a cumulative update for Windows 10, designated as KB5094127, during the latest Patch Tuesday. Some users are experiencing issues where they are prompted to enter their BitLocker recovery key after installing the update. This problem is linked to systems with an "unrecommended" BitLocker Group Policy configuration and has occurred in previous updates. Specific conditions that can lead to this issue include having BitLocker enabled on the operating system drive, a certain Group Policy setting configured, the System Information tool reporting a specific Secure Boot State, the presence of a particular certificate in the Secure Boot Signature Database, and not using the 2023-signed Windows Boot Manager. Affected users may face difficulties accessing their BitLocker recovery key, potentially leading to lockouts. Microsoft suggests that personal devices are less likely to be affected, with the issue primarily impacting enterprise setups. The company is working on a resolution and advises IT administrators to consider removing the Group Policy configuration before installing the update. Update KB5094127 is available only to Windows 10 users in the Extended Security Updates program for versions 21H2 and 22H2, addressing various bugs and security vulnerabilities.
Winsage
June 11, 2026
In the June 2026 Security Update for Windows 11 and Windows 10, Microsoft implemented a change that prevents custom folder icons and localized folder names from appearing if derived from an untrusted "desktop.ini" file. Users may initially perceive this as a bug, as folders may revert to default settings without user intervention. To maintain customizations, organizations should add trusted sources to the "Trusted Sites" list via Control Panel. Businesses can enable the "Allow the use of remote paths in file shortcut icons" policy through the Group Policy Editor, although this may reduce security. Users can also remove the Mark-of-the-Web tag from trusted "desktop.ini" files using PowerShell commands. This update reflects a broader trend of prioritizing security over customization in the operating system.
Winsage
June 11, 2026
Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.
Winsage
June 11, 2026
Microsoft is introducing Windows Ready Print (WRP), a new printing model that aims to modernize the printing experience on Windows by integrating contemporary communication standards like the Internet Printing Protocol (IPP) and Universal Print. WRP will manage newly installed printing devices by default starting in July 2026, while older printers and OEM drivers will still function on newer Windows releases. The initiative focuses on simplifying printing processes and enhancing reliability, with new options for customization available in Windows printer preferences. Users and administrators can choose to enforce or disable WRP-based print management. Additionally, new policies in Group Policy Editor will allow for the selection or blocking of drivers through WRP. The initiative is supported by the Mopria Alliance to improve security and compatibility in printer management across devices.
Winsage
June 10, 2026
Microsoft has released Windows 11 Experimental build 26300.8553, which includes customizable Start menus, enhanced search functionalities, and a refined Taskbar. A significant upgrade is the rebranding of the Modern Print Platform to Windows Ready Print, aimed at modernizing and securing the printing process. Microsoft is phasing out support for third-party printer drivers via Windows Update, transitioning to the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. Starting July 2026, new printer installations on eligible devices will default to Windows Ready Print, though users can choose between Windows Ready Print and the traditional OEM process. This setting can be adjusted through the printer preferences in Settings and modified via Group Policy. Users can also enable Windows protected print mode to default to Windows Ready Print.
Winsage
June 10, 2026
Microsoft is introducing new controls for Windows 11 that will allow users to disable web search and remove Microsoft Store suggestions from their search results. The update, demonstrated on June 2, 2026, will include two toggles in the Windows 11 Settings app under Privacy and Security → Search Permissions. The first toggle will turn off Bing-powered web results in the taskbar search and Start menu, while the second will control the appearance of Microsoft Store app suggestions. This change replaces the previous method of disabling web search, which required complex registry edits. The new settings aim to enhance user experience by prioritizing local search results and addressing privacy concerns, as user queries will no longer be transmitted to Microsoft’s servers. The toggles are expected to roll out through the Windows Insider program before becoming available to all users.
Search