Patch Tuesday update

Winsage
June 11, 2025
Microsoft announced a revised security update for Windows 11 24H2 systems to address compatibility issues with the initial update released during this month's Patch Tuesday. The revised update is being gradually deployed and includes all June 2025 security enhancements. Microsoft confirmed that the June 2025 security update is available for all other supported versions of Windows. The specific hardware or software configurations affected by the compatibility issue have not been detailed. On the same day, Microsoft rolled out security updates (KB5060842 and KB5060999) addressing 66 vulnerabilities across Windows 11 24H2 and 23H2, including a zero-day vulnerability (CVE-2025-33053) and a Windows SMB privilege escalation flaw. The updates mitigated ten critical vulnerabilities, resolved a Windows Hello sign-in issue, and extended system restore points to 60 days on Windows 11 24H2 devices. Additionally, KB5060999 addressed graphics support issues affecting Remote Desktop connections. Microsoft also released the KB5060533 cumulative update for Windows 10 22H2, restoring seconds to the Calendar flyout and resolving Hyper-V virtual machine issues.
Winsage
June 11, 2025
Microsoft's June security update for Windows 11 24H2 introduced critical fixes but was quickly followed by a warning about a compatibility issue affecting a limited number of devices, leading to the throttling of the update. Microsoft plans to release a revised update that will include all security improvements from June 2025. The specifics of the compatibility issue remain unclear, with speculation about potential complications related to various CPU architectures and reports of installation errors from users. The rapid throttling of the patch raises questions about the quality control processes in place at Microsoft.
Winsage
June 10, 2025
Microsoft addressed 66 vulnerabilities in a recent Patch Tuesday update, including a critical zero-day exploit, CVE-2025-33053, which has been exploited by the espionage group Stealth Falcon against a defense contractor in Turkey. Stealth Falcon has targeted high-profile government and defense entities in the Middle East and Africa since 2012. CISA has added CVE-2025-33053 to its catalog of known exploited vulnerabilities. The group employs innovative infection methods, including WebDAV and multi-stage loaders. Many organizations may be at risk due to inadequate security measures for WebDAV, with estimates suggesting up to 80% of organizations could be vulnerable. The update also includes another critical vulnerability, CVE-2025-47966, allowing unauthorized access to sensitive information in Power Automate, as well as 17 vulnerabilities affecting Microsoft Office products, with three likely to be exploited.
Winsage
June 6, 2025
Windows users have encountered a new "inetpub" folder on their primary drive after the April 2025 Patch Tuesday update. This folder is empty and occupies no storage space, but many users have deleted it out of concern. Microsoft has stated that the folder is part of a security patch for vulnerability CVE-2025-21204 and should not be removed, as it is linked to Internet Information Services (IIS). Users can restore the folder using a PowerShell script if they have deleted it. The folder addresses a security flaw related to improper link resolution that could allow local attackers to manipulate files. Instructions for restoring the folder include running PowerShell as Administrator, allowing signed scripts, downloading a specific script, and applying the fix.
Winsage
June 3, 2025
Microsoft has released a fix for a recent patch that caused some Windows 11 PCs to enter recovery mode due to an error code linked to the May Patch Tuesday update. The issue primarily affected virtual boxes and some physical devices, displaying the message: "Your PC/Device needs to be repaired. The operating system couldn't be loaded because a required file is missing or contains errors. File: ACPI.sys. Error code: 0xc0000098." The fix, identified as KB5062170, does not address an ongoing issue with Noto fonts, where CJK characters appear blurry in Chromium browsers at 100 percent scaling. Users can temporarily adjust the scaling to 125 or 150 percent to mitigate this problem. Microsoft has faced similar challenges with out-of-band fixes in the past, affecting both Windows 10 and Windows Server.
Winsage
May 30, 2025
Microsoft has released the May optional update for Windows 11 version 24H2, introducing features such as the Win + C keyboard shortcut for quick access to Copilot, a drag tray feature, and cross-device resume notifications for OneDrive files. The Copilot+ feature is now available in the European Economic Area (EEA) and supports intelligent text actions in Spanish and French. Users can utilize the 'Ask Copilot' option to highlight text or images and open Copilot with the selected content. New text actions for summarizing, creating bulleted lists, or rewriting highlighted text are available for AMD and Intel-powered Copilot+ PCs. Pen users can configure a shortcut button for Click to Do, and Windows Search improvements allow direct typing of settings. The Narrator feature provides detailed descriptions of images for blind and low-vision users. Energy saver controls for IT admins have been introduced, along with HDR and Dolby Vision controls. A new FAQs section in Settings assists users with common inquiries, and mouse settings have been simplified. Users can now edit images shared through the Windows Share window, and a new drag tray area appears when dragging local files. Taskbar policies have been improved to allow unpinning specific apps. The features will roll out with the upcoming Patch Tuesday update, alongside the optional KB5058481 update for Windows 10, which reinstates the clock view displaying seconds on the calendar flyout.
Winsage
May 30, 2025
Microsoft's recent Patch Tuesday update for Windows 11 has faced significant issues, particularly affecting users on versions 22H2 and 23H2. The installation of the May 13 update is failing on some machines, especially in virtual environments, leading to recovery mode entries and boot errors. Users are advised to avoid the update temporarily. The error message indicates a problem with the ACPI.sys file, which is crucial for managing hardware resources. Windows 11 Home and Pro users are likely unaffected, as virtual machines are typically used in enterprise settings. Microsoft has not provided the number of impacted users or a workaround beyond uninstalling the patches, but engineers are working on a resolution. This incident follows previous patching challenges faced by Microsoft this year, including an emergency update for Windows 10 and issues with Remote Desktop sessions in earlier updates.
Winsage
May 15, 2025
Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.
Winsage
May 8, 2025
Several ransomware groups, including RansomEXX and Play, are exploiting a zero-day vulnerability in the Windows Common Log File System to elevate system privileges and deploy malware. This flaw was identified and patched during Microsoft's Patch Tuesday update in April 2024.
Search