patching process Archives

Winsage

May 1, 2026

Windows shell spoofing vulnerability puts sensitive data at risk

Erik Avakian, a technical counselor at Info-Tech Research Group, discussed the patching deadlines set by the Cybersecurity and Infrastructure Security Agency (CISA) under Binding Operational Directive (BOD) 22-01, which requires U.S. federal agencies to address vulnerabilities within 14 to 21 days. CISA can expedite patching to as little as three days for high-risk exploits. The vulnerability CVE-2026-32202, rated 4.3 on the Common Vulnerability Scoring System (CVSS), was actively exploited but did not qualify for an urgent patch cycle, resulting in a 14-day deadline. Avakian noted the debate over whether this timeframe is sufficient, suggesting that Microsoft’s rating and other factors influenced the decision not to escalate to an emergency directive requiring a 48 to 72-hour response.

Winsage

April 30, 2026

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click vulnerability in Windows Shell, allowing authentication of victims' systems without user interaction. This vulnerability stems from an incomplete patch for CVE-2026-21510 and has been used by the APT28 group with weaponized LNK files to bypass Windows security. Although Microsoft addressed these vulnerabilities in February 2026, the risk remains as opening a folder with a malicious LNK file can still connect victims' machines to the attacker's server, initiating an NTLM authentication handshake that exposes the victim’s Net-NTLMv2 hash. This affects various versions of Windows 10, 11, and Windows Server. Microsoft released a patch for CVE-2026-32202 on April 14, 2026, but did not label it as actively exploited until more than two weeks later, leaving security teams unaware of its urgency. Organizations are advised to apply the patch and consider blocking outbound SMB traffic to mitigate risks.

AppWizard

March 23, 2026

Mega Crit responds to the panic over Slay the Spire 2’s 1st balance pass, saying these changes are ‘the first of many’: ‘No change is necessarily permanent’

Slay the Spire 2 has experienced financial success and positive player feedback, but recent balance changes led to negative reviews on Steam. The controversy centered around the card Prepared, which was changed to Prepare in a beta patch, altering its cost and functionality. Mega Crit acknowledged community concerns and emphasized the importance of player feedback in their patching process. They stated that the beta branch is for testing experimental changes and that adjustments are based on player input, metrics, and design philosophies. The studio remains optimistic about future changes, indicating that nothing is permanent at this stage of development.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

October 22, 2025

Patching required for exploited Windows vulnerability

Microsoft is facing a significant security vulnerability in the Windows Server Message Block (SMB) client, which has been added to the US Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. Despite a patch being released, the flaw, designated as CVE-2025-33073 and rated with a CVSS score of 8.8, remains a target for exploitation. The vulnerability allows attackers to connect a Windows system to a malicious SMB server, enabling remote execution of plans with elevated access privileges. CISA has mandated that all federal agencies must install the update by November 10, 2025, and encourages private organizations to assess their patch status and consider temporary measures if immediate updates are not possible.