Patch Tuesday update Archives

Winsage

March 18, 2026

Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges

A Windows vulnerability named "RegPwn" (CVE-2026-24291) allows low-privileged users to elevate their access to full SYSTEM privileges. Discovered by the MDSec red team, it has been in use since January 2025 and was addressed in a recent Microsoft Patch Tuesday update. The vulnerability exploits the management of Windows accessibility features, which generate a registry key that grants full control to low-privileged users. When a user activates an accessibility tool, the configurations are copied into the local machine registry hive, which remains writable by the logged-in user. This creates an opportunity for manipulation, especially when user-controlled settings interact with the Windows Secure Desktop environment. An attacker can exploit this by modifying their user-level accessibility registry key and using an oplock on a system file, allowing them to replace the local machine registry key with a symbolic link to an arbitrary system registry key. This process operates under SYSTEM privileges, enabling the attacker to write arbitrary values to restricted areas of the Windows registry. MDSec demonstrated this technique to gain access to a SYSTEM-level command prompt. Microsoft has released security updates to address this vulnerability, and MDSec has made the exploit code available on GitHub for research purposes.

Winsage

March 16, 2026

Windows 11 KB5079473 is not causing BSODs or an inaccessible C: drive and app failures, says Microsoft

The March 2026 Patch Tuesday update, KB5079473, is not causing significant issues like BSODs or reboot loops, according to Microsoft. Reports of an inaccessible C: drive and application malfunctions on Samsung PCs are linked to a recent update of the Galaxy Connect app, not the Windows update. Microsoft confirmed no known connections between the March update and major system failures. The update includes over a dozen security fixes and introduces new features, such as improvements to the File Explorer search bar and a Bing-based Internet speed test tool. Specific Samsung models are experiencing C drive accessibility issues due to the Galaxy Connect app, which has disrupted permissions.

Winsage

March 15, 2026

Microsoft Releases Emergency Windows 11 Hotpatch to Fix Remote Code Execution Flaw

Microsoft has released an out-of-band hotpatch update, KB5084597, to address three critical remote code execution vulnerabilities (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111) in the Windows Routing and Remote Access Service (RRAS) management tool. This update is specifically for Windows 11 Enterprise devices in the hotpatch program that did not receive fixes during the March 2026 Patch Tuesday. The vulnerabilities can be exploited by an authenticated attacker within the domain, potentially leading to remote code execution. Hotpatch updates apply fixes through in-memory patching without requiring a device reboot, making them suitable for mission-critical devices. The update is applicable to Windows 11 versions 24H2, 25H2, and Windows 11 Enterprise LTSC 2024, and will be automatically installed on enrolled devices without a restart. Non-enrolled devices received the fix via the standard March 10 Patch Tuesday update.

Winsage

March 12, 2026

Windows 11’s March Optional Update is Now Available for Release Preview Insiders

The March optional update for Windows 11 versions 25H2 and 24H2, identified as KB5079387, has been released for Insiders on the Release Preview Channel. Key enhancements include: - Narrator improvements: Enhanced reliability for setting up Natural Voices, access to rich image descriptions via shortcuts, and instant on-device descriptions for Copilot+ PC users. - Settings improvements: Increased reliability for downloading updates in the Settings menu. - Smart App Control improvements: Users can toggle this security feature on or off without a clean installation. - Modern pen setting experience: Digital pen users can configure the pen tail button to launch the same application as the Copilot key. - Display improvements: Enhanced reliability of auto-rotation after sleep and external monitors connected via USB4 can operate at a low power level during sleep. - File Explorer improvements: Ability to rename files using Voice Typing and sort permissions entries in Advanced Security Settings by ‘Principal’. - Windows Recovery Environment improvements: x64 applications are expected to perform better on ARM64 devices. The update will be available to non-Insiders as an optional update in the last week of March, with a broader public rollout expected in April.

Winsage

March 12, 2026

Windows 11 KB5079473 & KB5078883 cumulative updates released

Microsoft has released cumulative updates KB5079473 and KB5078883 for Windows 11 versions 25H2, 24H2, and 23H2 as part of the March 2026 Patch Tuesday. These updates address security vulnerabilities, fix bugs, and introduce new features. Users can install the updates via Start > Settings > Windows Update or manually from the Microsoft Update Catalog. The build numbers will change to 26200.8037 for 25H2, 26100.8037 for 24H2, and 22631.6783 for 23H2. Key enhancements include improved device targeting data for Secure Boot certificates, better reliability in File Explorer searches, and various new features such as a curated selection of emojis, a new backup and restore experience, automatic activation of Quick Machine Recovery, a built-in network speed test on the taskbar, and the ability to set WebP images as desktop backgrounds. Additionally, improvements have been made to the Windows Update settings page and the reliability of waking from sleep. No new issues have been reported with this month's updates.

Winsage

March 11, 2026

I tested Windows 11 March 2026 Updates: Everything new, improved, and fixed

Microsoft has rolled out the March 2026 Patch Tuesday update for Windows 11 (KB5079473, Build 26200.8037) and Windows 10, focusing on enhancements and functional upgrades. The update applies to Windows 11 versions 25H2 and 24H2, introducing new features, security enhancements, system fixes, and reliability improvements. Key features include: - Support for Emoji 16.0, allowing users to insert new emojis through the Emoji panel. - Windows Backup restore adapted for organizational use, enabling restoration of user settings and applications during sign-in. - Quick Machine Recovery (QMR) enabled by default on more Windows 11 Pro PCs. - A Bing-powered Internet speed test tool accessible from the taskbar. - Sysmon included as a native component for system activity monitoring. - Support for WebP images as desktop wallpapers. - Remote Server Administration Tools (RSAT) supported on Windows 11 Arm64 devices. - Minor enhancements in Accounts and Camera settings. The update also includes reliability and stability improvements, such as enhanced responsiveness of the Windows Update settings page, improved sign-in screen reliability, and better performance for the Windows printing service. It lays groundwork for Secure Boot certificate updates and addresses BitLocker reliability issues. Additionally, internal AI components have been updated, and a servicing stack update (SSU) has been released to enhance Windows Update infrastructure reliability. Microsoft is also expanding the updated Start menu and battery icons to more devices and warns users about the importance of updating Secure Boot certificates before their expiration in June 2026.

Winsage

March 11, 2026

Microsoft Releases March 2026 Patch Tuesday Updates

Microsoft has released the March 2026 Patch Tuesday update, KB5079473, for all supported versions of Windows 11 (25H2 and 24H2). Key changes include: - A Network Speed Test Tool in the Taskbar for measuring Ethernet, Wi-Fi, and cellular performance. - New pan and tilt options for supported cameras in the Settings menu. - Built-in System Monitor (Sysmon) available as an optional feature; users should uninstall previous versions before enabling it. - Remote Server Administration Tools (RSAT) support for Windows 11 Arm64 devices. - Quick Machine Recovery tool enabled for Windows Professional devices not domain-joined or enrolled in enterprise management. - Ability to use .webp image files for desktop backgrounds. - Introduction of new emojis from Emoji 16.0, including a face with bags under the eyes and a fingerprint. - BitLocker improvements for device responsiveness after entering a recovery key. - Enhanced reliability of search functions in File Explorer. Additionally, Microsoft is publishing patch notes for the upcoming version 26H1, which is currently available to Windows Insiders on the Canary Channel but not yet public. The KB5079466 patch for version 26H1 includes features already seen in earlier Windows 11 versions.

Winsage

March 6, 2026

Windows 11’s March 2026 update is packing 9 new upgrades you’ll actually notice

On March 10, 2026, Microsoft will release a Patch Tuesday update for Windows 11, introducing several new features and enhancements. Key updates include a network speed test feature accessible from the Taskbar, updated camera controls for pan and tilt settings, a new settings page for Widgets, support for WebP images as wallpapers, Quick Machine Recovery for Windows 11 Pro, refreshed dialogs in the Settings app, and changes in File Explorer allowing "Extract All" for non-ZIP archives. Additional updates include the introduction of Emoji version 16, a magnifier icon in Task Manager for the Windows Search process, and expanded RSAT support for ARM64 devices. Users are advised to be cautious during installation due to potential errors.

Winsage

February 17, 2026

Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices

Microsoft's Patch Tuesday update, KB5077181, released on February 10, 2026, has caused significant boot failures for users of Windows 11 versions 24H2 (OS build 26200.7840) and 25H2 (OS build 26100.7840), resulting in endless restart loops. Users are reporting over 15 reboot cycles, preventing access to their desktops. Issues include System Event Notification Service (SENS) errors and DHCP problems affecting internet connectivity. Installation errors with codes 0x800f0983 and 0x800f0991 indicate potential hardware, driver, or servicing stack incompatibilities. The update was intended to address 58 vulnerabilities, including six zero-days, but the boot loop issue has overshadowed these enhancements. CVE IDs and their CVSS scores related to the vulnerabilities addressed include: - CVE-2026-21510: 7.5 - CVE-2026-21519: 7.8 - CVE-2026-21533: 8.8 - CVE-2026-20841: 7.1 As of February 15, 2026, there is no "known issues" entry in Microsoft's release notes despite user reports. Users can uninstall the update through the Control Panel if their systems are accessible, or use the Windows Recovery Environment to execute commands for uninstallation if their systems are unbootable.

Winsage

February 16, 2026

Windows 11 KB5077181 fixes boot failures linked to failed updates

Microsoft resolved a critical bug affecting some commercial systems running Windows 11 that caused boot failures due to an "UNMOUNTABLEBOOTVOLUME" error. This issue was linked to problematic updates from December 2025 and primarily impacted devices on Windows 11 versions 25H2 and 24H2. The resolution was included in the February 2026 Patch Tuesday update, specifically the Windows 11 KB5077181 security update released on February 10, 2026. An initial fix was provided in the optional update KB5074105 on January 29, 2026. Affected devices experienced failures after installing the January 13, 2026, security update KB5074109. Microsoft recommends that enterprise customers with still unbootable systems contact Microsoft Support for Business for assistance.