Patch Tuesday Archives

Winsage

January 16, 2026

For January, Patch Tuesday starts off with a bang

Users accessing Azure Virtual Desktop or Windows 365 Cloud PCs through the Windows App may experience authentication errors and credential prompt failures after installing updates KB5074109, KB5073455, or KB5073724. Microsoft is preparing an out-of-band fix and advises affected users to connect via the Remote Desktop client for Windows or the Windows App Web Client. A minor subset of users may also find the password icon missing on the Windows login screen, an issue since the August 2025 update, for which Microsoft has introduced a Known Issue Rollback for Pro and Home users, while enterprise deployments should implement an updated Group Policy. Microsoft has removed legacy Agere and Motorola soft modem drivers to address CVE-2023-31096, a security vulnerability, which will render hardware reliant on these drivers non-functional after the January updates. Additionally, certificates from 2011 used by many Windows devices will begin to expire in June and October, potentially causing boot issues or loss of access to Secure Boot security fixes for devices not updated with 2023 certificates. A new section for resolved issues has been introduced in the monthly updates, addressing challenges impacting enterprise environments.

Winsage

January 16, 2026

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shutdown after Microsoft patch

Microsoft's January Patch Tuesday update has caused shutdown and hibernation issues for some Windows 11 23H2 users, with devices refusing to power down despite user commands. The problem is linked to the Secure Launch feature, which prevents shutdown, restart, and hibernation attempts from functioning correctly. Microsoft has suggested a workaround using the command "shutdown /s /t 0" to force shutdown. They have not disclosed how many devices are affected or provided a timeline for a fix. Additionally, there is a separate issue affecting classic Outlook POP account profiles that may freeze or hang after the update.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

Winsage

January 11, 2026

Microsoft Tests Uninstall Option for Copilot AI on Windows Devices

Microsoft is testing a new policy that allows IT administrators to completely uninstall its Copilot AI assistant from managed Windows devices. This policy, named “RemoveMicrosoftCopilotApp,” is being deployed through management tools like Intune and System Center Configuration Manager (SCCM) and addresses concerns about data privacy, resource consumption, and unwanted software in commercial settings. The feature is currently available in Windows 11 Insider Preview Build 26220.7535 (KB5072046) and reflects feedback from IT professionals who prefer controlled environments. While this option is exclusive to enterprise-tier Microsoft 365 subscribers, smaller businesses and individual users have limited options for removal. The policy aims to balance innovation with risk management, especially in regulated sectors like healthcare and finance, where data privacy is critical.

Winsage

January 6, 2026

Windows 11 AI components are getting their own changelogs (release history), as Microsoft plans model updates

Microsoft has released a support document titled “Release information for AI components” that details the AI components integrated into Windows 11, which can be installed through Windows Update or accessed via the Microsoft Update Catalog. These components are essential for enabling various AI models to operate locally on devices, and installations typically occur automatically on compatible PCs with 40+ TOPs of NPU. The size of Windows 11 Patch Tuesday updates has increased significantly, now ranging from 4-5GB, compared to previous updates that were under 800MB. Users can manage AI components through Settings > System > AI Components, although this page is empty for older PCs. The changelog includes individual components like the Settings Model, Image Search, Semantic Analysis, and Content Extraction, as well as lower-level elements such as Execution Provider. Updates for these AI models occur every few weeks, often without visible changes.

Winsage

December 30, 2025

Microsoft’s change to Appxsvc may slow some Windows 11 PCs

Microsoft is modifying core system settings for Windows 11 versions 24H2 and 25H2 by enabling the AppX Deployment Service (Appxsvc) to launch automatically upon boot-up, transitioning from a manual trigger system. This change was confirmed in the December 2025 "Patch Tuesday" update (KB5072033) for both Windows 11 and Windows Server 2025. The Appxsvc will now remain active in the background from the moment the computer powers on, regardless of Microsoft Store access, to enhance system stability and minimize app installation failures or update glitches. Microsoft warns against manually reverting this setting, as it could lead to malfunctions in Store apps and essential services. Analysts suggest this move aligns with a strategy for updating Microsoft Store apps directly through Windows Update.

Winsage

December 19, 2025

Microsoft patches bug causing multiple Message Queuing errors

Microsoft released an out-of-band update (KB5074976) on December 19 to address Message Queuing (MSMQ) errors caused by December 2025 security updates. These updates have led to operational disruptions in business applications and IIS websites, particularly on systems running Windows 10 22H2, Windows Server 2019, and Windows Server 2016, which received updates KB5071546, KB5071544, and KB5071543. Users reported issues such as inactive MSMQ queues, IIS sites generating "insufficient resources" error messages, and applications unable to write messages to queues. The problems stem from modifications in the MSMQ security model, which altered permissions for the system folder C:WindowsSystem32msmqstorage, requiring MSMQ users to have write access typically reserved for administrators. Systems with full administrative rights do not experience these issues. Microsoft is investigating the matter but has not provided a timeline for a resolution.