micropatch Archives

Winsage

January 26, 2026

Microsoft said my Windows 10 PC no longer supported updates – but this software saved it

In early 2023, Microsoft announced the end of official support for Windows 10 by 2025, with regular updates and security patches ceasing on October 14, 2025. Users have options such as upgrading to Windows 11, switching to Linux, or subscribing to Microsoft's Extended Security Updates (ESU), which will end in October 2026. 0patch is a third-party service that provides micropatches for Windows 10, addressing specific vulnerabilities identified by security researchers. The service offers a free tier for zero-day patches and a paid Pro plan that includes legacy patches and post-End of Service updates. The free version should be used alongside Microsoft's ESU for comprehensive protection. 0patch plans to support Windows 10 until at least October 2030. The Pro plan is priced at approximately €35 annually, with a 30-day trial available. Users have reported some performance issues after installing patches, but the updates are lightweight and do not significantly affect system performance. Uninstallation is straightforward, and users can opt out at any time.

Winsage

January 20, 2026

I tried 0patch as a last resort for my Windows 10 PC – here’s how it compares to its promises

In early 2023, Microsoft announced that official support for Windows 10 will end on October 14, 2025, with Extended Security Updates (ESU) concluding in October 2026. 0patch offers a service providing micropatches for Windows 10, addressing specific vulnerabilities with an average of two to three micropatches released monthly. 0patch operates by quickly responding to newly discovered vulnerabilities, focusing on those that are publicly known, actively exploited, and not officially fixed by Microsoft. It has a free tier for critical vulnerabilities and a paid Pro plan that includes additional updates post-End of Service. Users have reported some performance issues, but the updates generally do not significantly impact system performance. 0patch plans to support Windows 10 until at least October 2030, with potential extensions based on demand. The Pro plan costs approximately per year, with a 30-day trial available, and an Enterprise plan for organizations is offered at around annually.

Winsage

January 16, 2026

Still on Windows 10? 0patch may be your best defense in the ‘End of Support era’

In early 2023, Microsoft announced that official support for Windows 10 would end in 2025, with regular updates and security patches ceasing on October 14, 2025. Users have a little over two years to transition to Windows 11 or other operating systems. Some users have enrolled in Microsoft's Extended Security Updates (ESU) program, which will also end in October 2026. A third-party service called 0patch offers ongoing protection for Windows 10 by providing micropatches for vulnerabilities. 0patch releases two to three micropatches each month, prioritizing vulnerabilities that are publicly known, actively exploited, and lack an official Microsoft fix. 0patch has a free version that provides critical zero-day patches and a paid Pro plan that includes legacy patches. The Pro plan costs €25 per year, while an Enterprise plan is available for €35 annually. 0patch plans to support Windows 10 until at least October 2030, depending on user demand. Users have reported some performance issues with 0patch, but the updates are lightweight and do not significantly affect system performance.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 3, 2025

Microsoft mitigates Windows LNK flaw exploited as zero-day

Microsoft has addressed a security vulnerability in Windows tracked as CVE-2025-9491, which allows malicious actors to embed harmful commands in Windows LNK files, requiring user interaction to exploit. Threat actors often distribute these files in ZIP formats to bypass email security. In March 2025, 11 hacking groups, including Evil Corp and Kimsuky, were actively exploiting this vulnerability using various malware payloads. Although Microsoft initially did not consider the issue urgent, it later modified the handling of LNK files in November updates to allow users to view the entire character string in the Target field. However, this change does not eliminate the malicious arguments embedded in the files. ACROS Security has released an unofficial patch that restricts shortcut target strings to 260 characters and alerts users about risks associated with long target strings, covering multiple Windows versions.

Winsage

December 3, 2025

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft has addressed a long-standing security vulnerability, identified as CVE-2025-9491, which has been exploited since 2017. This vulnerability involves a misinterpretation issue within Windows Shortcut (LNK) files, potentially allowing remote code execution. The flaw was highlighted in the November 2025 Patch Tuesday updates, with a CVSS score of 7.8/7.0. It allows crafted .LNK files to obscure harmful content, making it invisible to users, thus enabling attackers to execute code under the current user's context. The vulnerability was exploited by various state-sponsored groups, including those from China, Iran, North Korea, and Russia, for data theft and espionage. Microsoft initially deemed the flaw not warranting immediate attention, citing user interaction requirements and existing system warnings. Subsequent investigations revealed its exploitation by cyber espionage groups, including XDSpy and China-affiliated actors targeting European entities. The recent patch aims to ensure that the entire Target command is displayed in the Properties dialog, while 0patch provides warnings for LNK files exceeding 260 characters.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affecting various Windows operating systems, including Windows 7, Server 2008 R2, Windows 11 v24H2, and Server 2025, allows attackers to capture NTLM authentication credentials through interactions with malicious files in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been fully documented. Security researchers have developed micropatches available for free until Microsoft releases a permanent fix. These micropatches support a wide range of Windows versions, including legacy and currently supported systems. The micropatches have been automatically distributed to affected systems with the 0patch Agent installed.

Winsage

March 26, 2025

New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials

A critical vulnerability affects all Windows operating systems from Windows 7 to Windows 11 v24H2 and Server 2025, allowing attackers to capture NTLM authentication credentials through malicious files viewed in Windows Explorer. Exploitation can occur when users open shared folders, insert USB drives with malicious files, or view previously downloaded files. The vulnerability is similar to a previously patched flaw (CVE-2025-21377) but has not been publicly documented. Security researchers have developed micropatches through 0patch to temporarily mitigate the issue, which will be available at no cost until Microsoft releases a permanent solution. The micropatches support various Windows versions, including legacy and currently supported systems, and can be automatically deployed without requiring system reboots.

Winsage

March 25, 2025

New Windows zero-day leaks NTLM hashes, gets unofficial patch

A newly discovered zero-day vulnerability in Windows allows remote attackers to steal NTLM credentials by tricking users into opening malicious files in Windows Explorer. This flaw affects various Windows versions, including Windows 7 through Windows 11 and Server 2008 R2 to Server 2025. The vulnerability, identified by ACROS Security researchers, has not been assigned a CVE-ID and enables attackers to obtain NTLM credentials through methods like accessing shared folders or USB drives. While the exploit's criticality is moderate and depends on specific conditions, it has been linked to actual attacks. ACROS Security has released free micropatches for all affected Windows versions via its 0Patch service until Microsoft provides an official fix. Users can install the micropatch easily by creating an account and activating the 0patch agent, which applies the patch automatically.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.