Patch Tuesday Archives

Winsage

March 6, 2026

Windows 11’s March 2026 update is packing 9 new upgrades you’ll actually notice

On March 10, 2026, Microsoft will release a Patch Tuesday update for Windows 11, introducing several new features and enhancements. Key updates include a network speed test feature accessible from the Taskbar, updated camera controls for pan and tilt settings, a new settings page for Widgets, support for WebP images as wallpapers, Quick Machine Recovery for Windows 11 Pro, refreshed dialogs in the Settings app, and changes in File Explorer allowing "Extract All" for non-ZIP archives. Additional updates include the introduction of Emoji version 16, a magnifier icon in Task Manager for the Windows Search process, and expanded RSAT support for ARM64 devices. Users are advised to be cautious during installation due to potential errors.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.

Winsage

February 26, 2026

‘Windows 11 is far from perfect’: Microsoft just released an update I actually want to install — and you should too

Microsoft has released update KB5077241 for Windows 11, which will automatically download on March 10 during 'Patch Tuesday.' This optional update includes a new network speed test feature accessible from the taskbar, allowing users to diagnose internet connectivity issues. It also introduces pan and tilt camera controls for compatible webcams through the Windows 11 Settings app. The update aims to improve user experience by addressing issues with peripherals waking from sleep mode, enhancing visual cohesion, optimizing projector and printer connectivity, and improving sign-in screen performance. However, concerns remain regarding the promotion of Microsoft services in the Start menu's new accounts section.

Winsage

February 17, 2026

Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices

Microsoft's Patch Tuesday update, KB5077181, released on February 10, 2026, has caused significant boot failures for users of Windows 11 versions 24H2 (OS build 26200.7840) and 25H2 (OS build 26100.7840), resulting in endless restart loops. Users are reporting over 15 reboot cycles, preventing access to their desktops. Issues include System Event Notification Service (SENS) errors and DHCP problems affecting internet connectivity. Installation errors with codes 0x800f0983 and 0x800f0991 indicate potential hardware, driver, or servicing stack incompatibilities. The update was intended to address 58 vulnerabilities, including six zero-days, but the boot loop issue has overshadowed these enhancements. CVE IDs and their CVSS scores related to the vulnerabilities addressed include: - CVE-2026-21510: 7.5 - CVE-2026-21519: 7.8 - CVE-2026-21533: 8.8 - CVE-2026-20841: 7.1 As of February 15, 2026, there is no "known issues" entry in Microsoft's release notes despite user reports. Users can uninstall the update through the Control Panel if their systems are accessible, or use the Windows Recovery Environment to execute commands for uninstallation if their systems are unbootable.

Winsage

February 16, 2026

Windows 11 KB5077181 fixes boot failures linked to failed updates

Microsoft resolved a critical bug affecting some commercial systems running Windows 11 that caused boot failures due to an "UNMOUNTABLEBOOTVOLUME" error. This issue was linked to problematic updates from December 2025 and primarily impacted devices on Windows 11 versions 25H2 and 24H2. The resolution was included in the February 2026 Patch Tuesday update, specifically the Windows 11 KB5077181 security update released on February 10, 2026. An initial fix was provided in the optional update KB5074105 on January 29, 2026. Affected devices experienced failures after installing the January 13, 2026, security update KB5074109. Microsoft recommends that enterprise customers with still unbootable systems contact Microsoft Support for Business for assistance.

Winsage

February 16, 2026

Multiple Flaws Found in Microsoft Windows & Office — Could Let Hackers In

Microsoft has identified at least six zero-day vulnerabilities in Windows and Microsoft Office that were actively being exploited by hackers before patches were released. These vulnerabilities allow attackers to compromise systems with minimal user interaction, such as clicking on malicious links or opening compromised Office documents. Notable examples include a Windows Shell Security Bypass (CVE-2026-21510) and an Office File Exploit that can execute malicious code. The vulnerabilities pose serious risks, including active exploitation, remote code execution, and the potential for malware installation and credential theft. Microsoft has released security patches to address these vulnerabilities, and users are urged to install them immediately. The affected systems include all supported versions of Windows and Microsoft Office applications. Users are advised to install updates, be cautious with emails and links, enable security tools, and keep software up to date.

Winsage

February 16, 2026

Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

Microsoft's security update KB5077181, released on February 10, 2026, for Windows 11 versions 24H2 and 25H2, has caused critical boot failures, leading to infinite restart loops for users. The update addresses 58 vulnerabilities, including six zero-day exploits, and introduces new Secure Boot certificates. Users have reported errors such as “a specified procedure could not be found” and DHCP failures, with installation errors like 0x800f0983 and 0x800f0991 affecting specific hardware. To resolve issues, users are advised to uninstall the update and pause Windows Update. Accessing the Windows Recovery Environment may also be necessary for persistent boot loops. While some users experienced improvements, the overall instability highlights risks associated with updates. Microsoft has not acknowledged any known issues related to this update as of February 15.

Winsage

February 15, 2026

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

Microsoft has blocked credential autofill functionality in Windows 11 as part of the February 2026 Patch Tuesday updates to address the critical vulnerability CVE-2026-20804, which allows unauthorized access by tampering with Windows Hello authentication. This vulnerability was first identified in August 2025 and allows local administrators to inject biometric data. The restriction was documented in the January 2026 Patch Tuesday release notes. Enhanced Sign-in Security (ESS) operates at a hypervisor virtual trust level but is limited by hardware compatibility issues, particularly affecting AMD-based systems. Post-update, credential dialogs do not respond to virtual keyboard inputs from remote desktop or screen-sharing applications, preventing autofill during remote support sessions. Microsoft has provided a risky workaround that allows applications to operate with elevated administrator privileges, but this reintroduces the vulnerability. Organizations must now choose between disrupted remote support workflows or risking exposure to credential injection attacks, leading to operational challenges for IT teams and help desk staff.

Winsage

February 12, 2026

Microsoft’s latest update patches six zero-days and two critical flaws – but is it another buggy mess?

Microsoft's February Patch Tuesday update addresses feature and security bugs, continuing the refresh of Secure Boot certificates to protect against bootkit malware. Secure Boot prevents malicious software from executing during startup by using trusted certificates, many of which are set to expire in June. The update is available for both Windows 11 and Windows 10 users, with the latter needing to be enrolled in the Extended Security Updates (ESU) program until October 2026. Windows 11 fixes include resolutions for full-screen gaming and WPA3-Personal Wi-Fi connectivity issues, while Windows 10 improvements address Chinese fonts, specific graphics processing units, and custom folder names in File Explorer. A bug causing unexpected restarts in Secure Launch-compatible PCs has also been fixed. The update includes 55 security patches, a decrease from January's 114, with two classified as critical and six identified as zero-day vulnerabilities. One vulnerability exploited in the wild could allow system privilege escalation, another could disrupt network connectivity, and a third could disable security controls and access sensitive data. Users can update their Windows 11 PCs through System > Windows Update, and Windows 10 users through System > Update & Security. Due to previous buggy updates, users may consider waiting a few days before installing the February update, with the option to uninstall if issues arise.

Winsage

February 12, 2026

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft released security updates on the second Tuesday of each month, addressing 59 vulnerabilities this month, including six critical zero-day exploits. 1. CVE-2026-21510: Windows Shell security feature bypass vulnerability (CVSS score 8.8) allows attackers to circumvent Windows SmartScreen by tricking users into opening malicious links or shortcuts. 2. CVE-2026-21513: MSHTML Framework security feature bypass vulnerability (CVSS score 8.8) enables attackers to weaken browser protections by persuading users to open malicious HTML files or shortcuts. 3. CVE-2026-21514: Microsoft Word security feature bypass vulnerability (CVSS score 5.5) allows attackers to exploit untrusted inputs in malicious Word documents to execute blocked content. 4. CVE-2026-21519: Desktop Window Manager elevation of privilege vulnerability (CVSS score 7.8) allows low-privileged attackers to gain higher privileges without user interaction. 5. CVE-2026-21525: Windows Remote Access Connection Manager denial-of-service vulnerability (CVSS score 6.2) can be exploited by unauthenticated local attackers to crash the service without compromising confidentiality or integrity. 6. CVE-2026-21533: Windows Remote Desktop Services elevation of privilege vulnerability (CVSS score 7.8) allows local authenticated attackers to escalate privileges to SYSTEM without user interaction. Additionally, Azure users should be aware of two critical vulnerabilities with CVSS ratings of 9.8.