Patching

Winsage
June 30, 2026
Chaotic Eclipse, also known as Nightmare-Eclipse, bypassed Windows 11's BitLocker security using a USB stick and claimed Microsoft left a backdoor in the system. Following this, Microsoft patched three zero-day exploits named YellowKey, GreenPlasma, and MiniPlasma. Nightmare-Eclipse then revealed another zero-day vulnerability called RoguePlanet, which affects Microsoft Defender on Windows 10 and 11, potentially allowing attackers full control over compromised systems. Microsoft is tracking this vulnerability as CVE-2026-50656 and is working on a security update. Nightmare-Eclipse provided a proof-of-concept exploit and described it as a race condition with variable success rates. Microsoft has promoted Windows Defender as adequate for most users but acknowledged that third-party tools can offer additional protection. The company initially threatened legal action against Nightmare-Eclipse but later decided not to pursue lawsuits against researchers sharing their findings.
Winsage
June 30, 2026
Security researcher Chaotic Eclipse, known as Nightmare-Eclipse, bypassed Windows 11's BitLocker security using a USB stick and claimed Microsoft intentionally included a backdoor in the feature. Microsoft responded by patching three zero-day exploits disclosed by Nightmare-Eclipse: YellowKey, GreenPlasma, and MiniPlasma, and is monitoring another exploit called RoguePlanet, cataloged as CVE-2026-50656. The RoguePlanet exploit is a race condition with varying success rates on different machines, achieving a 100% success rate on some devices. Microsoft acknowledged that while Windows 11's Defender is generally sufficient for most users, third-party tools can offer additional security features. Tensions between Nightmare-Eclipse and Microsoft have risen, with the company previously considering legal action but now indicating it will not pursue lawsuits against researchers sharing their findings.
AppWizard
June 24, 2026
Morphe has released its v1.32.0 patch bundle, which includes interface enhancements and bug fixes. Key features include a settings toggle to revert to the previous video action bar layout, restoring the dislike counter on YouTube (as estimates), and the option to hide the “Connect” button. Users can filter comments using a keyword-based comment blocker and open videos in fullscreen mode. The update also enhances the top toolbar with options to hide the Cast and live Chat buttons. Compatibility updates include experimental support for Reddit (version 2026.25.0), YouTube Music (version 9.24.51), and YouTube (version 21.25.523). Bug fixes address issues with link redirects, app crashes in tablet mode, player popup panels, and playback issues in YouTube Music. The update is available through the Morphe Manager application.
Winsage
June 17, 2026
The Windows variant of SprySOCKS malware, developed by the Chinese threat group Earth Lusca, targets government entities globally and features advanced capabilities such as rootkit-level stealth and extensive command-and-control (C2) functionalities. It operates on Windows systems, utilizing two main variants: WINDRV, which includes kernel drivers for stealth operations, and WINPLUS, a streamlined backdoor. The malware can communicate over TCP, UDP, and WebSocket, offering over 30 C2 commands for various operations, including system information gathering and keystroke logging. WINDRV loads a driver named ‘RawWNPF’ into memory using another signed kernel driver, allowing it to conceal processes and achieve persistence. The malware's design incorporates open-source elements and exploits vulnerabilities in the software supply chain, notably using a leaked certificate for driver signing. To combat SprySOCKS, organizations are advised to implement advanced endpoint detection and response (EDR) solutions, maintain regular patching, and manage supply chain risks vigilantly. The malware's adaptability and reliance on legitimate certificates complicate detection efforts, necessitating continuous refinement of security practices.
Winsage
June 10, 2026
Microsoft's latest Patch Tuesday addressed 198 security vulnerabilities, the most extensive update in recent memory. Among these, 32 flaws are classified as critical, and three are zero-day vulnerabilities. The updates are detailed in KB articles: KB5094126 for Windows 11 versions 24H2 and 25H2, KB5093998 for version 23H2, and KB5094127 for Windows 10. The updates will automatically download and install, but users must verify their installation status and reboot their computers for changes to take effect. The vulnerabilities addressed this month are attributed to advancements in artificial intelligence, with companies like Microsoft leveraging AI models to expedite the identification and resolution of security flaws. The three zero-day vulnerabilities include one that allows an attacker to gain Windows System privileges through a flaw in file link resolution, another that could facilitate a denial-of-service attack via an HTTP vulnerability, and a third related to a flaw in Windows BitLocker that could enable data capture from an unpatched PC. Additionally, the update introduces new features to Windows 11, including new Secure Boot certificates, a Low Latency Profile for enhanced performance, support for shared audio devices for multiple Bluetooth connections, webcam functionality across multiple applications, and the ability to assign a custom name to the user folder during setup.
Winsage
June 10, 2026
On June 9, 2026, Microsoft released a major security update addressing around 200 vulnerabilities, including three critical zero-day exploits. This update coincides with the expiration of Secure Boot certificates that have been in place since 2011. Users are advised to review their Windows 11 settings to ensure security and optimization during this transition. Key actions include installing the June update, enabling faster delivery of updates, turning on Core Isolation memory integrity, activating Controlled folder access against ransomware, confirming drive encryption, disabling the advertising ID, minimizing diagnostic data, auditing camera and microphone permissions, disabling unnecessary startup applications, enabling Storage Sense, adjusting power mode settings, and tuning visual effects for better performance.
Winsage
June 10, 2026
On June 9, 2026, Microsoft announced a vulnerability in Windows BitLocker, identified as CVE-2026-50507, which allows unauthorized attackers with physical access to bypass BitLocker Device Encryption. The flaw is categorized under CWE‑306, indicating a missing authentication check for a critical function, and has a CVSS v3.1 base score of 6.8. It affects various versions of Windows 10, Windows 11, and Windows Server from 2012 R2 to 2025. Microsoft released security updates to address the vulnerability, and it was classified as “Exploitation More Likely.” Although there is no evidence of active exploitation, proof-of-concept code exists. Organizations are advised to implement multi-factor configurations and reassess device handling and security protocols.
Winsage
June 9, 2026
Microsoft's June 2026 Patch Tuesday updates for Windows 11 include enhancements for versions 25H2, 24H2, and the new 26H1, which is designed for new PCs with Qualcomm ARM chips. Key features of the update include: - Shared audio allowing two users to listen to the same audio stream via Bluetooth LE audio accessories. - NPU usage displayed in Task Manager for devices with NPUs, including optional columns for NPU and NPU Engine. - Multi-App Camera support enabling multiple applications to access the camera stream simultaneously. - Improvements to the Magnifier feature for clearer announcements and support for magnifying protected content. - Customizable user folder names during setup. - Optimized Windows Search functionality for locating local files with just two characters. - Performance enhancements through a “Low Latency Profile” for faster app launches and core shell experiences. The update also addresses a BitLocker security bypass vulnerability (CVE‑2026‑45585) that could allow attackers to circumvent BitLocker Device Encryption. The KB5095051 patch for version 26H1 includes support for shared audio over Bluetooth LE and features from the previous month's update, such as Xbox mode and expanded archiving support in File Explorer.
Search