Microsoft updates Archives

Winsage

January 16, 2026

For January, Patch Tuesday starts off with a bang

Users accessing Azure Virtual Desktop or Windows 365 Cloud PCs through the Windows App may experience authentication errors and credential prompt failures after installing updates KB5074109, KB5073455, or KB5073724. Microsoft is preparing an out-of-band fix and advises affected users to connect via the Remote Desktop client for Windows or the Windows App Web Client. A minor subset of users may also find the password icon missing on the Windows login screen, an issue since the August 2025 update, for which Microsoft has introduced a Known Issue Rollback for Pro and Home users, while enterprise deployments should implement an updated Group Policy. Microsoft has removed legacy Agere and Motorola soft modem drivers to address CVE-2023-31096, a security vulnerability, which will render hardware reliant on these drivers non-functional after the January updates. Additionally, certificates from 2011 used by many Windows devices will begin to expire in June and October, potentially causing boot issues or loss of access to Secure Boot security fixes for devices not updated with 2023 certificates. A new section for resolved issues has been introduced in the monthly updates, addressing challenges impacting enterprise environments.

Winsage

January 15, 2026

Microsoft updates Windows DLL that triggered security alerts

Microsoft has resolved an issue where third-party security applications mistakenly flagged the WinSqlite3.dll component of the Windows operating system as vulnerable. This issue affected various systems, including Windows 10, Windows 11, and Windows Server 2012 through 2025. The flagged vulnerability was linked to a memory corruption issue (CVE-2025-6965). Microsoft released an update to the WinSqlite3.dll component in updates from June 2025 and later, advising users to install the latest updates for their devices. WinSqlite3.dll is a core component of Windows, distinct from sqlite3.dll, which is not part of the operating system. Microsoft had previously addressed other false positive issues affecting its Defender for Endpoint platform.

Winsage

January 5, 2026

A popular debloating tool now has fresh powers to strip out Windows 11’s AI features – but I’d proceed with caution

A new version of the FlyOOBE tool for Windows 11, version 2.4, has been released, featuring enhancements for customizing the operating system, including refined capabilities for detecting and removing unnecessary AI features. The update allows users to perform a "deep cleanup" using external tools like RemoveWindowsAI. The tool promotes user choice regarding AI technology rather than rejecting it outright. 'OOBE' stands for 'out of box experience,' and the new AI debloating controls are called 'Slopilot.' The AI removal features are powered by RemoveWindowsAI, which has received positive feedback for disabling AI functionalities. FlyOOBE has over 2.5 million downloads, but users are advised to be cautious with third-party software, as disabling certain components may lead to complications with future Microsoft updates.

Winsage

December 12, 2025

Windows Defender Firewall Service Vulnerability

On December 9, 2025, Microsoft addressed a vulnerability identified as CVE-2025-62468, which allowed an authenticated local attacker to access sensitive memory within the Windows Defender Firewall Service due to an out-of-bounds read in the service's memory handling routines. This flaw could expose heap or process memory, potentially revealing sensitive information. The vulnerability requires local authenticated access, raising concerns for both home users and system administrators. Microsoft classified the vulnerability as important, emphasizing the need for prompt action. Users are advised to update their systems through Windows Update to mitigate the risk. There is no confirmed public exploit for this vulnerability, and it does not allow remote code execution, but it can lead to information disclosure.

Winsage

December 8, 2025

Script to Nuke AI Features from Windows 11 Goes Viral Amid Privacy Backlash

A script named "RemoveWindowsAI," hosted on GitHub by developer zoicware, allows users to disable or remove AI features in Windows 11, such as Copilot and Recall. It modifies registry keys, removes AppX packages, and installs a custom update package to prevent reinstallation. The tool supports Windows 11 versions starting from 25H2 and includes options for user interaction and backups. Interest in the script increased significantly after a post on X, leading to over 12,000 likes and 300,000 views. The repository has received 938 stars and 25 forks. Microsoft has integrated AI features into Windows 11 but faces user concerns regarding privacy and performance, with some users expressing dissatisfaction over resource consumption and data harvesting.

Tech Optimizer

December 1, 2025

How To Use the Windows Malicious Software Removal Tool

The Windows Malicious Software Removal Tool (MSRT) identifies and eliminates specific high-risk malware families on Windows devices. It is updated monthly by Microsoft and is integrated into all supported versions of Windows 10 and Windows 11. MSRT functions as a cleanup utility, scanning for known active malware infections. Users can run the tool manually by pressing Windows + R, typing mrt, and selecting a scan type. MSRT is recommended for use after installing software from unfamiliar sources, when a PC shows unusual behavior, for quick secondary scans, or in response to Windows Defender alerts. Manual downloads of MSRT are available for offline systems. The tool maintains a detailed log of scans in the Debug folder. MSRT targets malware such as MyDoom, Blaster, and Sasser, and while it removes infections, it does not provide real-time monitoring. Microsoft updates the tool monthly, and it runs automatically after updates but can also be launched manually.

Tech Optimizer

November 19, 2025

Microsoft updates database portfolio and adds open-source offerings

Microsoft has announced updates to its database offerings, including the general availability of Azure DocumentDB and SQL Server 2025, and a private preview of Azure HorizonDB. Azure DocumentDB is a managed service based on the open-source DocumentDB project, compatible with MongoDB, featuring vector and hybrid search, autoscaling, and enhanced security. SQL Server 2025 introduces AI capabilities, native JSON support, and improved query optimization. Azure HorizonDB, currently in private preview, is a cloud database service based on PostgreSQL, designed for enterprise applications, supporting transactions and vector search, and integrating with Microsoft’s development platforms. Additionally, Microsoft Fabric databases, which combine SQL and Azure Cosmos DB functionalities, are now available.

Winsage

October 29, 2025

Warnings Mount Over Windows Server Update Services Hacks

Concerns have increased regarding a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287, which allows unauthenticated attackers to execute arbitrary code. This vulnerability arises from a legacy serialization mechanism within WSUS, which is no longer actively developed. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, indicating its urgency. Cybersecurity firms have reported active exploitation attempts, with thousands of WSUS instances exposed to the internet. Attacks are primarily reconnaissance activities that could lead to broader network compromises. If an attacker compromises a single server, they could control the entire patch distribution system, enabling internal supply chain attacks and distributing malware disguised as legitimate Microsoft updates. Alerts have been issued by the Canadian Center for Cybersecurity and the Australian Cyber Security Centre regarding this global threat. Microsoft's initial patch on October 15 failed to fully resolve the issue, allowing attackers to exploit the vulnerability quickly. Attack vectors include exploiting the deserialization of AuthorizationCookie objects and unsafe deserialization via the ReportingWebService. The vulnerability is particularly concerning because WSUS is often neglected and should not be exposed to the internet.

Winsage

October 28, 2025

Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild

On October 14, 2025, a critical remote code execution (RCE) vulnerability, CVE-2025-59287, was discovered in Microsoft's Windows Server Update Services (WSUS). The vulnerability allows remote, unauthenticated attackers to execute arbitrary code with system privileges on affected servers. It was initially addressed on October 14, but the patch was insufficient, leading to an urgent out-of-band update on October 23. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 24, indicating its immediate threat. The vulnerability affects Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025, specifically on servers with the WSUS role enabled. Attackers are exploiting the vulnerability by targeting publicly exposed WSUS instances on TCP ports 8530 (HTTP) and 8531 (HTTPS). Approximately 5,500 WSUS instances have been identified as exposed to the internet. Microsoft recommends disabling the WSUS Server Role or blocking inbound traffic to the high-risk ports as temporary workarounds for organizations unable to apply the emergency patches immediately.

Winsage

October 24, 2025

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

Microsoft has released an out-of-band security update to address the critical CVE-2025-59287 vulnerability, which affects Windows Server Update Services (WSUS) and is currently being exploited. This vulnerability allows unauthorized attackers to execute code on vulnerable machines without user interaction by sending specially crafted events to the WSUS server. It specifically impacts Windows Server machines with the WSUS Server role enabled. The initial fix provided in October 2025 was insufficient, leading to the release of this additional update. The German Federal Office for Information Security has raised concerns about potential exploitation if network configurations are not properly managed. Compromised WSUS servers could distribute malicious updates to client devices. The update is available for all supported Windows Server versions and requires a reboot. Administrators can temporarily disable the WSUS server role or block inbound traffic to specific ports if immediate implementation is not possible. This cumulative update supersedes all prior updates for affected versions.