patch management Archives

Tech Optimizer

February 19, 2026

The 5 Biggest Cybersecurity Threats to Watch in 2026: Is Your Business Safe From These Looming Dangers? – Travel And Tour World

In 2026, cybersecurity has evolved significantly, necessitating organizations to prioritize five critical threats identified by expert Danny Mitchell from Heimdal: 1. AI Vulnerabilities: Attackers can manipulate machine learning models by introducing corrupted data, leading to dangerous decisions by AI systems. 2. Cyber-Enabled Fraud and Phishing: Phishing attacks have become more sophisticated with AI, using deepfake technology to impersonate individuals and evade detection. 3. Supply Chain Attacks: Cybercriminals exploit vulnerabilities in software libraries and vendor relationships, compromising trusted software updates and access credentials. 4. Software Vulnerabilities: The rapid discovery of software vulnerabilities outpaces patching efforts, leaving systems exposed to attacks, especially legacy systems. 5. Ransomware Attacks: Modern ransomware employs double extortion tactics, encrypting and stealing data, pressuring businesses to comply with ransom demands. Mitchell recommends strategies such as auditing AI systems, implementing multi-channel verification, securing supply chains, prioritizing patch management, and developing ransomware response plans to combat these threats.

Winsage

February 12, 2026

Microsoft’s latest update patches six zero-days and two critical flaws – but is it another buggy mess?

Microsoft's February Patch Tuesday update addresses feature and security bugs, continuing the refresh of Secure Boot certificates to protect against bootkit malware. Secure Boot prevents malicious software from executing during startup by using trusted certificates, many of which are set to expire in June. The update is available for both Windows 11 and Windows 10 users, with the latter needing to be enrolled in the Extended Security Updates (ESU) program until October 2026. Windows 11 fixes include resolutions for full-screen gaming and WPA3-Personal Wi-Fi connectivity issues, while Windows 10 improvements address Chinese fonts, specific graphics processing units, and custom folder names in File Explorer. A bug causing unexpected restarts in Secure Launch-compatible PCs has also been fixed. The update includes 55 security patches, a decrease from January's 114, with two classified as critical and six identified as zero-day vulnerabilities. One vulnerability exploited in the wild could allow system privilege escalation, another could disrupt network connectivity, and a third could disable security controls and access sensitive data. Users can update their Windows 11 PCs through System > Windows Update, and Windows 10 users through System > Update & Security. Due to previous buggy updates, users may consider waiting a few days before installing the February update, with the option to uninstall if issues arise.

Tech Optimizer

December 12, 2025

The digital impersonators: How cybercriminals hijack your brand to launch malvertising attacks

Brand trust is highly valued by consumers, leading cybercriminals to exploit it through malvertising, which embeds malicious code in legitimate ads. Malvertising can redirect users to phishing sites or download malware. Cybercriminals create fake ads that mimic trusted brands, targeting high-traffic moments and using real-time bidding to distribute these ads on reputable sites. The process involves setting up fake accounts, creating convincing ads, purchasing ad space, and delivering malware through exploit kits. The consequences include identity theft and financial loss for consumers, and reputational damage for brands. To protect against these threats, organizations should implement regular software updates, continuous employee training, protective tools, and consider partnering with managed service providers for enhanced security measures.

Winsage

November 18, 2025

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft released an emergency out-of-band update, KB5072653, on November 17, 2025, to address installation issues related to the November extended security updates for Windows 10. This update specifically targets the error code 0x800f0922 that prevented users from successfully installing the ESU update. To install this update, devices must be running Windows 10 version 22H2 and have the October 2025 KB5066791 cumulative update installed. Users can check for updates via Windows Update, where KB5072653 will be included. Microsoft plans to release a new Scan Cab with updated metadata to improve compliance update checks for organizations using WSUS and SCCM.

Winsage

November 18, 2025

Microsoft fixes Windows 10 update flaw

Jack Bicer, the director of vulnerability research at Action1, advises IT leaders to ensure the latest servicing stack update (SSU) is installed before reapplying a patch after Microsoft’s patch release on November 17. He recommends troubleshooting steps for system file corruption, including: 1. Temporarily disabling non-Microsoft services and startup applications through a Clean Boot. 2. Manually installing the update by downloading the .msu package for KB5068781 from the Microsoft Update Catalog and using the command wusa.exe .msu /quiet /norestart. 3. Verifying the build number with the winver command, targeting build numbers 19045.6575 (22H2) or 19044.6575 (21H2).

Winsage

November 16, 2025

Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors

Microsoft has acknowledged an issue with the installation of the Windows 10 KB5068781 extended security update, which is causing 0x800f0922 errors on devices using corporate licensing. This update, released on November 11, is the first extended security update for Windows 10. Reports indicate that the update fails to apply after installation on some devices, despite users having the necessary ESU licenses. Microsoft is investigating the issue, which appears to affect devices activated through Windows subscription activation via the Microsoft 365 Admin Center. There is currently no estimated time for a resolution or any workarounds provided. Additionally, some Windows 10 devices are not recognized as needing the KB5068781 update, even when properly licensed.

Tech Optimizer

November 13, 2025

Hackers Using RMM Tools LogMeIn and PDQ Connect to Deploy Malware as Legitimate Software

Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have discovered an attack campaign that uses legitimate Remote Monitoring and Management (RMM) tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on users' systems. Attackers lure victims to fake download sites that mimic legitimate software pages for utilities like Notepad++, 7-Zip, and VLC Media Player, delivering modified versions of LogMeIn Resolve. The malicious installers are disguised with filenames such as "notepad++.exe" and "chatgpt.exe." Once executed, these files install the RMM tool and additional malware capable of stealing sensitive information. ASEC has identified three CompanyId values associated with the attacks: 8347338797131280000, 1995653637248070000, and 4586548334491120000. The malware, known as PatoRAT, is a Delphi-developed backdoor that gathers system information and has extensive malicious capabilities, including keylogging and remote desktop access. Users are advised to download software only from official websites and verify digital signatures, while organizations should monitor for unauthorized RMM installations and the identified indicators of compromise.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

Microsoft releases KB5068781 — The first Windows 10 extended security update

Microsoft has released the KB5068781 update, which is the first extended security update for Windows 10 since the operating system reached its end of support last month. This update follows the final cumulative update on October 14, which ended bug fixes and free security updates for Windows 10. Extended security updates (ESU) are available for consumers and business customers for up to three years, depending on the account type. Consumers can enroll in the ESU program through payment, Microsoft reward points, or Windows Backup synchronization. In the European Economic Area, additional options include free access with a Microsoft account or payment for a local account. Business customers can utilize the ESU program for three years at a total cost of 0 per device. A bug has affected some devices' enrollment in the ESU program, prompting Microsoft to issue an emergency fix. Users can install the update via Settings and Windows Update. The update is mandatory and will automatically install, requiring a device restart. After installation, Windows 10 ESU will be upgraded to build 19045.6575, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6575. The update primarily addresses a bug that incorrectly indicated Windows 10 LTSC devices had reached their end of support. It also includes security updates that fix 63 vulnerabilities, including one actively exploited elevation-of-privilege vulnerability, with no known issues reported.

Winsage

November 8, 2025

Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday

Users operating Windows 10 are encouraged to enroll in the Extended Security Updates (ESU) program following the end of support for the operating system on October 14, 2025. The ESU program allows continued access to security updates for users unable to transition to Windows 11. To obtain extended security updates for an additional year, users can pay a fee, back up their Windows settings to their Microsoft account, or redeem 1,000 Microsoft reward points. In the European Economic Area, users can receive ESU for free by logging into Windows 10 with a Microsoft account or can opt to pay to continue using a local account. Enterprise customers can utilize the ESU program for a total of three years at a cumulative cost of per device. Users must be operating Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition, and ensure all available updates are installed to qualify for ESU. Enrollment can be completed through the Windows Update settings. Microsoft frequently addresses security vulnerabilities, including a recent one tracked as CVE-2025-24990, which was exploited to gain administrative privileges on devices. Successful enrollment in the ESU program will provide updates until October 13, 2026. Organizations must acquire licenses through Microsoft Volume Licensing or Cloud Solution Provider partners, and each device must be activated with a unique ESU key. Windows 10 devices accessing Windows 365 Enterprise Cloud PCs can also benefit from free enrollment in the ESU program.