Microsoft's response Archives

Winsage

June 1, 2026

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.

Winsage

May 29, 2026

Microsoft 0-day feud escalates as researcher threatens another Windows exploit dump

The conflict between Microsoft and security researcher Nightmare Eclipse has intensified, with Nightmare threatening to release vulnerabilities on July 14. Nightmare has disclosed six zero-day vulnerabilities affecting Windows, including BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. Microsoft responded by stating that these vulnerabilities were not reported through official channels before their disclosure. Following the release of exploit code for three vulnerabilities, attackers began exploiting them, raising concerns about YellowKey (CVE-2026-45585), which remains unfixed. Nightmare accused Microsoft of silencing them by deleting their MSRC account, leading to frustration over their treatment. The cybersecurity community has noted the significant damage caused by Nightmare, with comparisons to advanced persistent threat groups. Experts criticized Microsoft's handling of the situation, emphasizing the need for better communication and collaboration with researchers. They pointed out that the responsibility for vulnerabilities lies with Microsoft as the code's creator and highlighted the challenges in vulnerability disclosure practices within the industry.

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

April 22, 2026

“For years, Microsoft’s practices have had real financial impact on both public and private organizations” – Microsoft faces new legal challenge over licensing practices

Microsoft is facing a £2 billion lawsuit in the UK, led by competition lawyer Maria Luisa Stasi, representing nearly 60,000 businesses that claim the company imposes excessive charges for using Windows Server on competing cloud platforms. The allegations focus on higher licensing fees for organizations using services like Amazon Web Services, Google Cloud Platform, and Alibaba Cloud compared to those using Microsoft’s Azure. The lawsuit has been allowed to proceed on an opt-out basis by the Tribunal. Microsoft plans to appeal the decision and asserts that its business model promotes competition. The case is part of broader scrutiny of Microsoft's licensing practices, with investigations also initiated by the UK Competition and Markets Authority and the European Commission, as well as inquiries in Brazil, Switzerland, the United States, and Japan.

Winsage

April 22, 2026

‘A performance tool that requires a graduate seminar before breakfast has already lost the room’: Why Windows Task Manager looks like it’s getting CPU usage wrong

Users have expressed frustration with Windows 11's Task Manager CPU usage reporting, believing it relies only on base clock speeds. Dave Plummer, the original architect of Task Manager, indicated that discrepancies may arise from average calculations and inherent compromises in the metrics. In response, Microsoft announced a fix in a recent Preview build, stating that Task Manager will now use standard metrics for CPU utilization across all pages to align with industry standards. Plummer also suggested a distinct Windows mode for power users to enhance flexibility.

Winsage

April 16, 2026

Windows 11’s Recall tool has been cracked open again, and Microsoft doesn’t see that as a problem

Alexander Hagenah has developed a tool called TotalRecall Reloaded that exploits a vulnerability in Microsoft's AI feature, Recall, which manages data. Recall was designed to store AI-generated insights but was found to potentially store sensitive information in plain text, prompting Microsoft to delay its rollout. The vulnerability lies in AIXHost.exe, which lacks essential security measures, allowing unauthorized processes to extract sensitive data, such as decrypted screenshots and metadata, after user authentication via Windows Hello. Microsoft has downplayed the risks, asserting that existing security controls mitigate unauthorized access. TotalRecall Reloaded is available on GitHub for further exploration.

Winsage

April 11, 2026

Microsoft terminated accounts tied to VeraCrypt, WireGuard, and Windscribe

Several prominent security and privacy developers, including those behind VeraCrypt, WireGuard, and Windscribe, had their Microsoft developer accounts terminated, preventing them from accessing essential publishing and verification tools. Microsoft acknowledged the terminations but did not provide a detailed explanation. The lead developer of VeraCrypt, Mounir Idrassi, expressed frustration over the inability to sign drivers and ship updates for WireGuard due to the account suspension. Windscribe reported similar issues and difficulties in reaching Microsoft support. The situation gained attention on social media, prompting Microsoft’s EVP for Windows and Devices, Pavan Davuluri, to assure that the company was working to resolve the issue and had reached out to VeraCrypt and WireGuard to reinstate their accounts. The terminations were attributed to a new mandatory account verification process that took effect on October 16, 2025, requiring partners to verify their identities with government-issued IDs. Microsoft acknowledged the need to improve communication regarding such changes.

Winsage

April 9, 2026

Microsoft Promises Long-Overdue Changes To Windows 11 That You’re Going To Love

Windows 11 has faced criticism from users due to controversial Copilot AI features and changes that have compromised functionality, including a redesigned Start menu, a fragmented settings application, and a slower file explorer. Microsoft is responding to user feedback, with Design Director Diego Baca acknowledging issues with the Start menu's performance and stating that "search performance + predictability" is a focus. Partner Director of Design March Rogers confirmed that they are working on migrating legacy Control Panel features to the modern Settings app while ensuring compatibility with various devices and drivers. Users have mixed reactions, particularly concerned about the potential removal of the Control Panel before the new settings are fully functional. Despite the discontent, Windows remains a reliable experience for many users compared to alternatives like Linux.

Winsage

February 12, 2026

EXCLUSIVE: Microsoft to bring back movable Taskbar on Windows 11 as part of big plan to fix OS

Microsoft is developing features for Windows 11 based on user feedback, including the long-requested ability to reposition the Taskbar, which was removed during its redesign at launch in 2021. After five years of requests, Microsoft plans to reinstate this functionality to improve user experience and show responsiveness to community needs. Users are encouraged to share their thoughts on platforms like Reddit.

Microsoft’s response