Patch Tuesday update Archives

Winsage

January 16, 2026

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shutdown after Microsoft patch

Microsoft's January Patch Tuesday update has caused shutdown and hibernation issues for some Windows 11 23H2 users, with devices refusing to power down despite user commands. The problem is linked to the Secure Launch feature, which prevents shutdown, restart, and hibernation attempts from functioning correctly. Microsoft has suggested a workaround using the command "shutdown /s /t 0" to force shutdown. They have not disclosed how many devices are affected or provided a timeline for a fix. Additionally, there is a separate issue affecting classic Outlook POP account profiles that may freeze or hang after the update.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

Winsage

January 11, 2026

Microsoft Tests Uninstall Option for Copilot AI on Windows Devices

Microsoft is testing a new policy that allows IT administrators to completely uninstall its Copilot AI assistant from managed Windows devices. This policy, named “RemoveMicrosoftCopilotApp,” is being deployed through management tools like Intune and System Center Configuration Manager (SCCM) and addresses concerns about data privacy, resource consumption, and unwanted software in commercial settings. The feature is currently available in Windows 11 Insider Preview Build 26220.7535 (KB5072046) and reflects feedback from IT professionals who prefer controlled environments. While this option is exclusive to enterprise-tier Microsoft 365 subscribers, smaller businesses and individual users have limited options for removal. The policy aims to balance innovation with risk management, especially in regulated sectors like healthcare and finance, where data privacy is critical.

Winsage

December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.

Winsage

December 4, 2025

Microsoft Patches Widely Exploited Windows LNK Zero-Day

Cybercriminals are exploiting a vulnerability in Windows LNK (.lnk shortcut) files, identified as CVE-2025-9491, to deliver malware in targeted attacks. This flaw allows attackers to hide malicious commands within shortcut files, which execute when a user opens the crafted shortcut, leading to malware installation. The vulnerability has been actively exploited by at least 11 threat actor groups, including Evil Corp and Mustang Panda, with malware such as Ursnif and Trickbot being delivered through this exploit. Microsoft released a patch for this vulnerability in November 2025 after initially delaying it, citing the need for user interaction to trigger the exploit. Security recommendations include avoiding suspicious .LNK files, implementing strict email filtering, and applying the latest security updates.

Winsage

November 18, 2025

Windows Insider Program Releases Copilot Actions, New Release Preview Builds

The Windows Insider Program has introduced Copilot Actions, an AI feature in the Copilot app for Windows 11, allowing users to specify tasks for an AI agent to perform. This feature is currently experimental and requires the latest version of the Copilot app (1.25112.74 or higher) to access. Additionally, new Release Preview builds for Windows 11 versions 24H2 and 25H2 have been released, transitioning users to build 26200.7296 (25H2) or 26100.7296 (24H2) with cumulative update KB5070311. Key features in these builds include Windows Studio Effects for USB webcams, enhancements to Click to Do, improvements in the Agent in Settings, updates to File Explorer, Desktop Spotlight enhancements, Drag Tray improvements, Settings updates, Windows Hello Enhanced Sign-in Security for external fingerprint sensors, Share enhancements for OneDrive files, mobile device management improvements, Quick Machine Recovery updates, and Widgets enhancements. A new Canary build for Windows 11 version 26H1 (build 28000.1199) is also available, but it does not introduce new features or significant changes.

Winsage

November 17, 2025

Windows 11 KB5068861 won’t install, File Explorer SMB search not working on network shares, and other issues

Windows 11 users are facing installation issues with the KB5068861 update from the November 2025 Patch Tuesday release, which addresses 63 critical security vulnerabilities. Errors reported include 0x80070306, 0x800f0983, and 0x800f081f. Affected users can wait for an optional release or use the Media Creation Tool, which downloads the same patch. Some users have reported a malfunctioning SMB search feature after the update. The installation errors have prompted reports of specific error codes, and attempts to resolve them through SFC scans or health checks have been largely ineffective. Downloading the .msu package from the Microsoft Update Catalog is recommended, followed by an installation attempt. If unsuccessful, the Media Creation Tool can be used while retaining user data. The November 2025 Update includes enhancements like a revamped Start menu, improved battery icons, and performance improvements, particularly for gamers. However, some users have encountered Bluetooth connectivity issues, especially on AMD PCs, with a temporary fix involving adjustments in Device Manager. The KB5068861 update has also caused a bug affecting search functionality over shared networks, leading to slower search results or empty listings for businesses. This issue arises from a breakdown in communication between the Windows client and the server’s search index. Users can restore functionality by restarting the Windows Search service or rebuilding the index. Additionally, the remote search functionality over SMB is compromised, preventing the Windows client from utilizing the server’s index. Users may need to uninstall the update to restore functionality, which requires disabling the Sandbox feature first. Specific DISM commands can be used to identify and remove the update, or it can be uninstalled through the Settings menu.

Winsage

November 12, 2025

Windows 11 KB5068861 & KB5068865 cumulative updates released

Microsoft has released cumulative updates KB5068861 and KB5068865 for Windows 11 versions 25H2, 24H2, and 23H2, addressing critical security vulnerabilities, bugs, and introducing new features. The updates are mandatory and include the November 2025 Patch Tuesday security patches. Users can install the updates via Start > Settings > Windows Update or download them from the Microsoft Update Catalog. The build number for Windows 11 25H2 will change to Build 26200.7019, and 23H2 will update to 226x1.6050. New features include: - A revamped Start menu UI allowing removal of the Recommended feed. - Updated lock screen battery icons with color indicators and battery percentage. - A dedicated Microsoft 365 Copilot page for commercial devices. - Rebranding of the “Email & accounts” section to “Your accounts.” - Refreshed taskbar battery icons with clearer visual cues. - New Administrator Protection Preview feature for safeguarding admin rights. - API support for NIST post-quantum cryptography algorithms. Fixed issues include: - Taskbar app icon hover behavior. - Display issues in apps and browsers. - Context menu behavior in File Explorer. - Pen and handwriting input responsiveness. - Narrator launch issues during Windows setup. - Performance improvements in taskbar loading after sleep. This update is the final release for Windows 11 23H2, as support for this version ends today, and no optional updates will be released in December.

Winsage

November 11, 2025

Windows 11’s November Patch Tuesday update brings new Start, battery icon improvements, and important Task Manager fix

Microsoft has rolled out the November Patch Tuesday update for Windows 11, designated as KB5068861 and build 26200.7121, which is now available through Windows Update. Key features include: - A revamped Start menu interface allowing users to pin more app icons, hide the recommended feed, modify the all apps list display, toggle the visibility of the Phone Link companion, and enjoy a larger Start menu that adjusts to screen size. - An updated Taskbar battery icon that is larger, changes color based on battery and power state, and includes a battery percentage indicator. The update also addresses several critical fixes: - Voice Access issue resolved where it would fail during initial setup without a connected microphone. - Fixed a problem where selecting the desktop could open Task View inadvertently. - Corrected an issue in the HTTP.sys request parser for compliance with RFC 9112 standard. Users can download KB5068861 via Windows Update or manually from the Microsoft Update catalog.

Winsage

November 10, 2025

How to use the new Windows 11 Start menu, now rolling out

The Windows Start menu will undergo its first significant redesign since 2021, with the rollout scheduled for November 11, coinciding with the Patch Tuesday update. The update introduces a scrollable Start menu and places the "All apps" list on the main screen. The redesigned menu offers two user interface options: a categories view, which organizes applications by type and prioritizes frequently used apps, and a grid view that maintains a classic A to Z order. The menu is adaptive, adjusting to fit screen sizes, with larger displays showing more columns of pinned apps and recommendations. Users can disable the Recommended feed through Settings. While the new Start menu improves usability, it may occupy excessive screen space on lower resolution PCs, and there is a desire for the ability to create custom categories. The rollout will begin with the November 2025 Patch Tuesday and is part of Build 26200.7019 and 26100.7019 or newer, but it will not be activated by default.