Patching Archives

Winsage

January 16, 2026

Windows Remote Assistance Vulnerability Allow Attacker to Bypass Security Features

Critical security updates have been released to address CVE-2026-20824, a vulnerability in Windows Remote Assistance that allows attackers to bypass the Mark of the Web (MOTW) defense system. This affects various Windows platforms, including Windows 10 and Windows Server 2025, and is rated with an Important severity level. The flaw enables unauthorized local attackers to circumvent MOTW defenses, posing risks to confidentiality. The vulnerability requires local access and user interaction for exploitation, often using social engineering tactics. Microsoft has issued security updates for 29 Windows configurations, including specific KB articles for affected versions of Windows 10, Windows 11, and Windows Server. Users are advised to apply the necessary patches, which are classified as “Required” customer actions. The vulnerability remains unexploited in the wild and was not publicly disclosed before the patches were released. Microsoft’s assessment categorizes it as “Exploitation Less Likely.”

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 7, 2026

Use Patch My PC Home Updater to Update Windows Apps Automatically

Patch My PC Home Updater is a tool designed for Windows 11 PCs that manages third-party application updates automatically. It scans installed applications, identifies outdated ones, and facilitates updates from a single interface without requiring sign-up or advertisements. The tool supports over 500 common applications and uses color coding to indicate app status. It pulls updates from official sources and verifies them with VirusTotal for security. Features include silent mode for background updates, scheduling for automatic updates, and basic app management capabilities such as installing new applications and bulk uninstalling programs. The updater enhances security by swiftly patching vulnerabilities and integrates with Windows Defender for comprehensive protection. Users can easily set up the tool, automate updates, and customize settings as needed.

AppWizard

January 7, 2026

Don’t want to pay for YouTube Premium? Morphe picks up where Revanced left off.

Several developers and contributors have left the Revanced project, leading to the creation of the Morphe app, an open-source alternative for YouTube and YouTube Music. Morphe enhances user experience by unlocking features typically reserved for Premium subscribers. Key features include SponsorBlock integration to skip sponsored segments, YouTube Dislike support, Shorts content management, and thumbnail customization. Users can access these features through Settings > Morphe in the patched YouTube app. To use Morphe, users must download the original YouTube APK (version 20.37.48) and follow a straightforward setup process that includes installing microG. The patched version of YouTube coexists with the stock app and has its own icon. Users can rename the patched app for personalization. After signing in via microG, Morphe resembles the original YouTube app but omits the Shorts tab and plus icon, replacing them with a notifications tab and offering customization options in the settings menu. The future of Morphe is uncertain due to potential disfavor from Google regarding free access to Premium features. Further details and download options are available on the official Morphe website.

Winsage

January 5, 2026

Microsoft’s Windows AI Features Lack Official Disable Options, Forcing Users To Third-Party Tools

Microsoft's latest Windows 25H2 builds have introduced AI features, but users cannot easily disable them through the interface, leading many to use third-party tools like the RemoveWindowsAI PowerShell script to eliminate components such as Copilot, Recall, and Input Insights. Windows Recall captures screenshots for AI-driven searches, raising privacy concerns due to the creation of a local database of full screenshots. Microsoft has also disabled phone activation for Windows 11, requiring internet connectivity for activation. The RemoveWindowsAI tool removes appx packages associated with AI, ensuring they cannot be reinstalled. Microsoft has announced the discontinuation of support for Windows 11 SE by October 13, 2026, impacting schools that rely on this version. Virtualization, such as using Proxmox, is recommended for users wary of telemetry practices. The RemoveWindowsAI project is evolving to enhance its capabilities in response to Microsoft's AI feature additions. Enterprise deployments are advised to test removal strategies in controlled environments, though some antivirus programs may flag the tool as malicious. Privacy advocates are concerned about the implications of Microsoft's changes on user control and data collection.

Winsage

December 29, 2025

Microsoft Adds Sudo to Windows 11 24H2 for Seamless Elevated Commands

Microsoft has introduced the sudo command in Windows 11 version 24H2, allowing users to execute commands with elevated privileges directly from a standard command prompt or PowerShell window. Users can enable this feature via Settings under System > For Developers. Sudo can run commands in three modes: “in a new window,” “with input disabled,” and “inline.” The inline mode runs the elevated command in the same console session, preserving context and variables. Microsoft has open-sourced the project on GitHub, inviting community contributions. Sudo integrates with User Account Control (UAC) for security, ensuring every elevation request is vetted. It simplifies administrative tasks for software engineers and system administrators, particularly in corporate environments where full admin access is restricted. The feature works seamlessly in Windows Terminal and supports Azure integrations. While some users have reported compatibility issues, Microsoft emphasizes that sudo is a developer tool rather than a complete replacement for Linux's sudo. Future developments may include community-driven extensions and integration with Windows Subsystem for Linux (WSL).

Winsage

December 23, 2025

Has 2025 seen a successful refresh to Windows 11?

Windows 11 has a market share of 53.7%, while Windows 10 has 42.7%. Approximately 700 million devices are running Windows 11. Microsoft has urged users to upgrade from Windows 10, which officially ended support in October 2025, leaving users without updates or security patches. Users on Windows 10 may need to purchase an extended security package for protection until October 2026. Hardware compatibility issues, particularly with the Trusted Platform Module 2.0 requirement, may prevent some users from upgrading. The 25H2 update for Windows 11 introduced various enhancements but also created new issues. Windows 12's release is uncertain, with expectations for AI advancements, but details are speculative.

Winsage

December 14, 2025

Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

On December 9, 2025, two privilege escalation vulnerabilities in the Windows Remote Access Connection Manager were identified as CVE-2025-62472 and CVE-2025-62474. Both vulnerabilities allow authorized attackers with minimal privileges to escalate their access to SYSTEM-level permissions. CVE-2025-62472 is due to mishandling of uninitialized resources and has a CVSS score of 7.8, classified as Important. CVE-2025-62474 results from inadequate access control mechanisms, also rated Important with a CVSS score of 7.8. Exploiting either vulnerability grants complete SYSTEM privileges, the highest level of access on Windows systems. Microsoft reported no public disclosures or active exploitation of these vulnerabilities at the time of the announcement. CVE-2025-62472 is assessed as “Exploitation More Likely,” while CVE-2025-62474 is “Exploitation Less Likely.” The vulnerabilities affect various Windows versions, including Windows Server editions from 2008 to 2025, and Windows 10 and 11 releases. Microsoft has issued security updates for all supported platforms, urging organizations to prioritize patching these vulnerabilities.

Winsage

December 12, 2025

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a newly identified Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service, which operates with SYSTEM-level privileges and manages VPN and remote network connections. This denial-of-service flaw was discovered by ACROS Security while investigating a previously patched privilege escalation vulnerability (CVE-2025-59230) in RasMan. The new zero-day has not yet received a CVE ID and affects all Windows versions from Windows 7 to Windows 11, including Windows Server 2008 R2 through Server 2025. The vulnerability can be exploited by unprivileged users due to a coding error in how RasMan processes circular linked lists, leading to a crash when a null pointer is encountered. ACROS Security is providing free micropatches through its 0Patch service until Microsoft releases an official fix. Users must create an account and install the 0Patch agent to apply the micropatch automatically.

Winsage

December 12, 2025

Windows Defender Firewall Service Vulnerability

On December 9, 2025, Microsoft addressed a vulnerability identified as CVE-2025-62468, which allowed an authenticated local attacker to access sensitive memory within the Windows Defender Firewall Service due to an out-of-bounds read in the service's memory handling routines. This flaw could expose heap or process memory, potentially revealing sensitive information. The vulnerability requires local authenticated access, raising concerns for both home users and system administrators. Microsoft classified the vulnerability as important, emphasizing the need for prompt action. Users are advised to update their systems through Windows Update to mitigate the risk. There is no confirmed public exploit for this vulnerability, and it does not allow remote code execution, but it can lead to information disclosure.