Patch Tuesday update Archives

Winsage

April 17, 2026

Windows 11’s mandatory update is pushing users to Microsoft Edge

Microsoft has programmed its Edge browser to automatically launch after a Windows 11 update, displaying a page that informs users their update is complete and prompts them to explore new features. This page lacks a close button, directing users to click a blue "Next" button to proceed. The features highlighted include the reinstatement of the taskbar clock, the ability to pin Emojis to the taskbar, Copilot's document summarization, the Snipping Tool's Quick markup, and AI actions in File Explorer's context menu. Users can provide feedback via like and dislike buttons, but these do not close the page. Windows 11 also includes pre-installed Get Started and Get Help apps that could showcase features instead of redirecting users to Edge. Edge, built on the Chromium engine, supports all extensions from that platform and includes features like AI tab organizer, Vertical Tabs, and Immersive Reader.

Winsage

April 17, 2026

Windows 11’s New Xbox Mode is Now Available for More Insiders

Microsoft is expanding the Xbox Mode, previously known as the Xbox Full Screen Experience, to more Insiders, including those on the Canary and Release Preview Channels. The new Xbox Mode can be activated through the Xbox app, Game Bar settings, or by pressing Win + F11, providing a full-screen interface for PC games. The Canary build 29570.1000 also introduces a new Touchpad setting for adjusting the right-click zone size and expands lock screen widget personalization options. For Canary testers on the 28000 series builds, the build 28020.1863 addresses a sign-in issue without introducing new features. The Dev and Beta Channels are receiving updates focused on reliability, including improvements to File Explorer and Windows Hello. The Release Preview Channel is previewing an upcoming optional April update that includes the new Xbox Mode, File Explorer enhancements, haptic feedback for certain pens, a rebranded Drop Tray, taskbar monitoring for AI agents, and revamped voice typing features. Additional reliability enhancements are included for various Windows components.

Winsage

April 16, 2026

Windows 11’s April update is locking some users out of their PCs

Users have reported issues with Windows 11 update KB5083769, which has triggered BitLocker recovery key prompts, locking some users out of their PCs. Microsoft acknowledged that the problem mainly affects corporate devices with specific BitLocker Group Policy settings. The issue is limited to systems where BitLocker is enabled, certain Group Policy configurations are set, and the Secure Boot State PCR7 Binding is “Not Possible.” Affected users need to enter their BitLocker recovery key or contact IT support for assistance. Microsoft has also provided guidance for IT departments to perform a Known Issue Rollback to remove the problematic updates, though this may expose systems to vulnerabilities.

Winsage

April 16, 2026

Microsoft’s latest Windows update now confirms if your PC is Secure Boot-protected

Microsoft has introduced a new feature in Windows 11 and Windows 10 that informs users about the status of Secure Boot as part of the April Patch Tuesday update. This feature includes a visual indicator that shows whether devices have the latest Secure Boot certificates, which protect against bootkit malware. The Secure Boot icon can display in green, yellow, or red, indicating different security statuses: green means secure with no actions needed, yellow indicates a pending safety recommendation, and red signals that immediate attention is required. Users can check their Secure Boot status through Settings in both operating systems. It is important to install the latest Windows updates to ensure devices have the most recent Secure Boot certificates, as older certificates will expire in June. The April updates also address 164 vulnerabilities, including eight classified as critical and two identified as zero-day flaws. Users are advised to prioritize these updates to maintain system security.

Winsage

April 14, 2026

Windows 11 cumulative updates KB5083769 & KB5082052 released

Microsoft has released cumulative updates KB5083769 and KB5082052 for Windows 11 versions 25H2, 24H2, and 23H2, incorporating the April 2026 Patch Tuesday security patches. Users can install these updates automatically or manually via the Microsoft Update Catalog. The build numbers will be updated to 26200.8246 for 25H2, 26100.8246 for 24H2, and 22631.6936 for 23H2. Key features include the ability to modify Smart App Control without reinstalling Windows 11, improved Narrator functionality, enhancements in Account Settings for Microsoft 365 Family subscribers, refined Pen settings, a redesigned About page in Settings, and various reliability improvements across File Explorer, Display, Printing, Safe mode, Voice Access, Start menu, Remote Desktop, and Audio. No new issues have been reported from this update, and Microsoft is planning a significant quality update for Windows 11 in 2026.

Winsage

April 2, 2026

Don’t blame Windows 11 updates for every problem, Microsoft veteran says

Corporate clients often report to Microsoft that Windows updates disrupt their systems, particularly after Patch Tuesday. A 2026 report from Omnissa indicates that Windows environments experience more application crashes and forced shutdowns than macOS. However, Raymond Chen, a Windows expert, suggests that many systems are already compromised before updates are installed. Engineers at Microsoft frequently find that issues persist even after rolling back updates, and similar failures can occur on machines that haven't received the update yet. The actual triggers for system failures often stem from changes made by IT departments prior to updates, such as new drivers or configuration modifications. These changes may not show immediate issues until a reboot occurs during Patch Tuesday, revealing existing instability. Best practices for IT admins include controlled change management, validating drivers and policies before deployment, using staged rollouts, rebooting after major changes, and maintaining logging and monitoring systems. Microsoft conducts extensive testing of updates to ensure system security and stability, and delaying updates can increase risks.

Winsage

March 30, 2026

Microsoft confirms Windows 11 dark mode upgrade, with plans for third-party apps and Registry Editor

Windows 11 has introduced a dark theme that has received positive feedback, but certain legacy pop-ups, like the Properties tab, still use a light background. Microsoft is working on a dark-themed Properties tab and aims to enhance the dark mode experience across the operating system, as confirmed by senior executive Marcus Ash. He mentioned that there are no specific timelines for updates to legacy tools like the Registry Editor, but improvements are being made for consistency in dark mode across system-level dialogs. Third-party applications that do not adopt dark mode will continue to display in light mode, as Microsoft cannot enforce changes on them. Users currently experience inconsistencies with dark mode, particularly with legacy features that still show a light background. In December 2025, Microsoft rolled out dark mode for most operational dialogs, including those for file deletion and error notifications. Dark mode is now visible in various pop-ups, such as notifications for insufficient disk space and Recycle Bin confirmations. Microsoft is also testing dark mode in Windows Run (legacy).

Winsage

March 18, 2026

Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges

A Windows vulnerability named "RegPwn" (CVE-2026-24291) allows low-privileged users to elevate their access to full SYSTEM privileges. Discovered by the MDSec red team, it has been in use since January 2025 and was addressed in a recent Microsoft Patch Tuesday update. The vulnerability exploits the management of Windows accessibility features, which generate a registry key that grants full control to low-privileged users. When a user activates an accessibility tool, the configurations are copied into the local machine registry hive, which remains writable by the logged-in user. This creates an opportunity for manipulation, especially when user-controlled settings interact with the Windows Secure Desktop environment. An attacker can exploit this by modifying their user-level accessibility registry key and using an oplock on a system file, allowing them to replace the local machine registry key with a symbolic link to an arbitrary system registry key. This process operates under SYSTEM privileges, enabling the attacker to write arbitrary values to restricted areas of the Windows registry. MDSec demonstrated this technique to gain access to a SYSTEM-level command prompt. Microsoft has released security updates to address this vulnerability, and MDSec has made the exploit code available on GitHub for research purposes.

Winsage

March 16, 2026

Windows 11 KB5079473 is not causing BSODs or an inaccessible C: drive and app failures, says Microsoft

The March 2026 Patch Tuesday update, KB5079473, is not causing significant issues like BSODs or reboot loops, according to Microsoft. Reports of an inaccessible C: drive and application malfunctions on Samsung PCs are linked to a recent update of the Galaxy Connect app, not the Windows update. Microsoft confirmed no known connections between the March update and major system failures. The update includes over a dozen security fixes and introduces new features, such as improvements to the File Explorer search bar and a Bing-based Internet speed test tool. Specific Samsung models are experiencing C drive accessibility issues due to the Galaxy Connect app, which has disrupted permissions.

Winsage

March 15, 2026

Microsoft Releases Emergency Windows 11 Hotpatch to Fix Remote Code Execution Flaw

Microsoft has released an out-of-band hotpatch update, KB5084597, to address three critical remote code execution vulnerabilities (CVE-2026-25172, CVE-2026-25173, CVE-2026-26111) in the Windows Routing and Remote Access Service (RRAS) management tool. This update is specifically for Windows 11 Enterprise devices in the hotpatch program that did not receive fixes during the March 2026 Patch Tuesday. The vulnerabilities can be exploited by an authenticated attacker within the domain, potentially leading to remote code execution. Hotpatch updates apply fixes through in-memory patching without requiring a device reboot, making them suitable for mission-critical devices. The update is applicable to Windows 11 versions 24H2, 25H2, and Windows 11 Enterprise LTSC 2024, and will be automatically installed on enrolled devices without a restart. Non-enrolled devices received the fix via the standard March 10 Patch Tuesday update.