Patch Tuesday update Archives

Winsage

December 4, 2025

Microsoft Patches Widely Exploited Windows LNK Zero-Day

Cybercriminals are exploiting a vulnerability in Windows LNK (.lnk shortcut) files, identified as CVE-2025-9491, to deliver malware in targeted attacks. This flaw allows attackers to hide malicious commands within shortcut files, which execute when a user opens the crafted shortcut, leading to malware installation. The vulnerability has been actively exploited by at least 11 threat actor groups, including Evil Corp and Mustang Panda, with malware such as Ursnif and Trickbot being delivered through this exploit. Microsoft released a patch for this vulnerability in November 2025 after initially delaying it, citing the need for user interaction to trigger the exploit. Security recommendations include avoiding suspicious .LNK files, implementing strict email filtering, and applying the latest security updates.

Winsage

November 18, 2025

Windows Insider Program Releases Copilot Actions, New Release Preview Builds

The Windows Insider Program has introduced Copilot Actions, an AI feature in the Copilot app for Windows 11, allowing users to specify tasks for an AI agent to perform. This feature is currently experimental and requires the latest version of the Copilot app (1.25112.74 or higher) to access. Additionally, new Release Preview builds for Windows 11 versions 24H2 and 25H2 have been released, transitioning users to build 26200.7296 (25H2) or 26100.7296 (24H2) with cumulative update KB5070311. Key features in these builds include Windows Studio Effects for USB webcams, enhancements to Click to Do, improvements in the Agent in Settings, updates to File Explorer, Desktop Spotlight enhancements, Drag Tray improvements, Settings updates, Windows Hello Enhanced Sign-in Security for external fingerprint sensors, Share enhancements for OneDrive files, mobile device management improvements, Quick Machine Recovery updates, and Widgets enhancements. A new Canary build for Windows 11 version 26H1 (build 28000.1199) is also available, but it does not introduce new features or significant changes.

Winsage

November 17, 2025

Windows 11 KB5068861 won’t install, File Explorer SMB search not working on network shares, and other issues

Windows 11 users are facing installation issues with the KB5068861 update from the November 2025 Patch Tuesday release, which addresses 63 critical security vulnerabilities. Errors reported include 0x80070306, 0x800f0983, and 0x800f081f. Affected users can wait for an optional release or use the Media Creation Tool, which downloads the same patch. Some users have reported a malfunctioning SMB search feature after the update. The installation errors have prompted reports of specific error codes, and attempts to resolve them through SFC scans or health checks have been largely ineffective. Downloading the .msu package from the Microsoft Update Catalog is recommended, followed by an installation attempt. If unsuccessful, the Media Creation Tool can be used while retaining user data. The November 2025 Update includes enhancements like a revamped Start menu, improved battery icons, and performance improvements, particularly for gamers. However, some users have encountered Bluetooth connectivity issues, especially on AMD PCs, with a temporary fix involving adjustments in Device Manager. The KB5068861 update has also caused a bug affecting search functionality over shared networks, leading to slower search results or empty listings for businesses. This issue arises from a breakdown in communication between the Windows client and the server’s search index. Users can restore functionality by restarting the Windows Search service or rebuilding the index. Additionally, the remote search functionality over SMB is compromised, preventing the Windows client from utilizing the server’s index. Users may need to uninstall the update to restore functionality, which requires disabling the Sandbox feature first. Specific DISM commands can be used to identify and remove the update, or it can be uninstalled through the Settings menu.

Winsage

November 12, 2025

Windows 11 KB5068861 & KB5068865 cumulative updates released

Microsoft has released cumulative updates KB5068861 and KB5068865 for Windows 11 versions 25H2, 24H2, and 23H2, addressing critical security vulnerabilities, bugs, and introducing new features. The updates are mandatory and include the November 2025 Patch Tuesday security patches. Users can install the updates via Start > Settings > Windows Update or download them from the Microsoft Update Catalog. The build number for Windows 11 25H2 will change to Build 26200.7019, and 23H2 will update to 226x1.6050. New features include: - A revamped Start menu UI allowing removal of the Recommended feed. - Updated lock screen battery icons with color indicators and battery percentage. - A dedicated Microsoft 365 Copilot page for commercial devices. - Rebranding of the “Email & accounts” section to “Your accounts.” - Refreshed taskbar battery icons with clearer visual cues. - New Administrator Protection Preview feature for safeguarding admin rights. - API support for NIST post-quantum cryptography algorithms. Fixed issues include: - Taskbar app icon hover behavior. - Display issues in apps and browsers. - Context menu behavior in File Explorer. - Pen and handwriting input responsiveness. - Narrator launch issues during Windows setup. - Performance improvements in taskbar loading after sleep. This update is the final release for Windows 11 23H2, as support for this version ends today, and no optional updates will be released in December.

Winsage

November 11, 2025

Windows 11’s November Patch Tuesday update brings new Start, battery icon improvements, and important Task Manager fix

Microsoft has rolled out the November Patch Tuesday update for Windows 11, designated as KB5068861 and build 26200.7121, which is now available through Windows Update. Key features include: - A revamped Start menu interface allowing users to pin more app icons, hide the recommended feed, modify the all apps list display, toggle the visibility of the Phone Link companion, and enjoy a larger Start menu that adjusts to screen size. - An updated Taskbar battery icon that is larger, changes color based on battery and power state, and includes a battery percentage indicator. The update also addresses several critical fixes: - Voice Access issue resolved where it would fail during initial setup without a connected microphone. - Fixed a problem where selecting the desktop could open Task View inadvertently. - Corrected an issue in the HTTP.sys request parser for compliance with RFC 9112 standard. Users can download KB5068861 via Windows Update or manually from the Microsoft Update catalog.

Winsage

November 10, 2025

How to use the new Windows 11 Start menu, now rolling out

The Windows Start menu will undergo its first significant redesign since 2021, with the rollout scheduled for November 11, coinciding with the Patch Tuesday update. The update introduces a scrollable Start menu and places the "All apps" list on the main screen. The redesigned menu offers two user interface options: a categories view, which organizes applications by type and prioritizes frequently used apps, and a grid view that maintains a classic A to Z order. The menu is adaptive, adjusting to fit screen sizes, with larger displays showing more columns of pinned apps and recommendations. Users can disable the Recommended feed through Settings. While the new Start menu improves usability, it may occupy excessive screen space on lower resolution PCs, and there is a desire for the ability to create custom categories. The rollout will begin with the November 2025 Patch Tuesday and is part of Build 26200.7019 and 26100.7019 or newer, but it will not be activated by default.

Winsage

November 7, 2025

How to improve Windows 11 security using Administrator Protection — shielding your PC with a switch buried in its settings

Windows 11 will introduce a security feature called Administrator Protection with the November 2025 Patch Tuesday Update. This feature requires an authorization dialog via Windows Hello for unsigned or untrusted applications seeking elevated permissions. To configure Administrator Protection using Group Policy, users must navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, select "Admin Approval Mode with Administrator protection," and reboot the device. Alternatively, to enable it via the Registry, users should change the TypeOfAdminApprovalMode key value to 2 in HKEYLOCALMACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem and reboot. To disable the feature, users can revert the settings to their defaults.

Winsage

November 4, 2025

Windows ‘update and shut down’ reboot glitch finally fixed, saving tiny gaming laptop batteries everywhere

Many Windows users experience frustration when their computers reboot instead of shutting down after selecting 'update and shutdown.' This issue is set to be resolved in the upcoming Windows 11 25H2 Build 26200.7019 and Windows 11 24H2 Build 26100.7019, with a fix included in the Patch Tuesday update on November 11, identified as KB5067036. The update addresses the underlying issue causing this glitch, which has led to inconveniences such as laptop batteries draining overnight. The problem arises because the system requires at least one reboot to install updates, and the shutdown command does not persist through this reboot phase. The updates aim to ensure that computers will shut down as intended after updates are applied.

Winsage

October 30, 2025

Windows 11 KB5067036 issue: Task Manager won’t close and duplicates, may hurt performance

Windows 11 KB5067036 has a bug causing the Task Manager to duplicate itself every time it is closed, affecting about 30% of 100 tested virtual machines. The update, released on October 28, includes features like a refreshed Start menu and new battery icons, but also has issues with the Task Manager's close button, leading to multiple instances running in the background. Users can check for this bug by reopening Task Manager after closing it and observing the number of entries in the Processes tab. If affected, users are advised to use the End task option or the command taskkill /im taskmgr.exe /f to close all instances. Additionally, October 2025 has been problematic for Windows 11, with issues related to LocalHost connections and the Windows Recovery Environment, raising concerns about the stability of updates.

Winsage

October 25, 2025

Microsoft Releases Emergency Patch for Exploited Critical Remote Code Execution Vulnerability (CVE-2025-59287)

On October 23, 2025, Microsoft released an out-of-band security update for a critical vulnerability identified as CVE-2025-59287, which affects Windows Server Update Services (WSUS) and allows remote, unauthenticated attackers to execute arbitrary code. The vulnerability was initially addressed in the October Patch Tuesday update, but the original patch was deemed insufficient. Following the release of the new patch, threat actors began exploiting the vulnerability, leading to its inclusion in CISA’s Known Exploited Vulnerabilities Catalog. Technical details and proof-of-concept exploits for CVE-2025-59287 have been made publicly available. Arctic Wolf has been monitoring a threat campaign targeting WSUS servers through ports 8530 and 8531, involving a malicious PowerShell script that executes commands to gather information from the domain. Arctic Wolf has established Managed Detection and Response coverage for these activities and recommends upgrading to the latest fixed versions of Windows Server and installing the Arctic Wolf Agent and Sysmon for visibility into related events. For users unable to apply the update immediately, Microsoft suggests disabling WSUS or blocking inbound traffic to ports 8530 and 8531 as temporary mitigations.