Microsoft’s response

Winsage
July 6, 2026
Microsoft has acknowledged a storage issue related to the Capability Access Manager service in Windows 11, which can consume up to 500GB of SSD space due to a bug causing the log file, CapabilityAccessManager.db-wal, to inflate to gigabytes instead of a few megabytes. Users have reported file sizes reaching 200GB and even 513GB. The issue can be checked via Settings > Storage > System & reserved or by using a command in the Windows Command Prompt. Microsoft plans to address this in the June KB5095093 update, which will improve disk space usage for the log file, with updates expected to roll out starting July 14.
Winsage
July 2, 2026
A viral video on X showcased the MacBook Neo's superiority over a generic Windows laptop, specifically an HP Victus gaming model, which raised questions about the fairness of the comparison. Microsoft responded by highlighting the Dell XPS 13's features and competitive pricing, especially as Apple increased the MacBook Neo's price. However, Microsoft is facing challenges with its Surface lineup, including price hikes and rumors of discontinuing more affordable models like the Surface Go 4 and Surface Laptop Go 3. Reports indicate that these devices are becoming harder to find, and the Surface Laptop Go 3 has been replaced by a more expensive model. Additionally, public sentiment on platforms like Reddit reflects skepticism towards Windows laptops, with concerns about Windows updates and overall reliability persisting despite improvements in Windows 11.
Winsage
June 1, 2026
The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.
Winsage
May 22, 2026
A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."
Winsage
May 14, 2026
An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.
Winsage
April 22, 2026
Microsoft is facing a £2 billion lawsuit in the UK, led by competition lawyer Maria Luisa Stasi, representing nearly 60,000 businesses that claim the company imposes excessive charges for using Windows Server on competing cloud platforms. The allegations focus on higher licensing fees for organizations using services like Amazon Web Services, Google Cloud Platform, and Alibaba Cloud compared to those using Microsoft’s Azure. The lawsuit has been allowed to proceed on an opt-out basis by the Tribunal. Microsoft plans to appeal the decision and asserts that its business model promotes competition. The case is part of broader scrutiny of Microsoft's licensing practices, with investigations also initiated by the UK Competition and Markets Authority and the European Commission, as well as inquiries in Brazil, Switzerland, the United States, and Japan.
Winsage
April 22, 2026
Users have expressed frustration with Windows 11's Task Manager CPU usage reporting, believing it relies only on base clock speeds. Dave Plummer, the original architect of Task Manager, indicated that discrepancies may arise from average calculations and inherent compromises in the metrics. In response, Microsoft announced a fix in a recent Preview build, stating that Task Manager will now use standard metrics for CPU utilization across all pages to align with industry standards. Plummer also suggested a distinct Windows mode for power users to enhance flexibility.
Search