PowerShell Archives

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 14, 2026

Windows 11 KB5094126 crashes some PCs (HP?) with BSODs, breaks OneDrive in File Explorer, enterprise apps

Windows 11 KB5094126, released on June 9, 2026, is a significant update that introduces new features, including the Low Latency Profile, and addresses up to 200 security vulnerabilities. However, it has caused boot failures for some HP devices, particularly the HP EliteBook 840 G10, leading to BSODs or BitLocker Recovery prompts. The update may conflict with specific BIOS configurations or EFI/System partition settings, especially on devices with older EFI partitions. Users experiencing boot failures may need to disable Secure Boot as a temporary workaround. Additionally, the update has disrupted OneDrive integration in File Explorer, preventing access from the left pane and tray icon, although users can still access cloud folders directly. Similar issues have been reported with Dropbox and iCloud Drive. The update has also affected Microsoft Word integration in various business applications, leading to failures in document handling. Furthermore, changes to desktop.ini files have impacted custom folder icons, requiring users to unblock these files to restore functionality.

Winsage

June 11, 2026

“It is intentional” Microsoft says Windows 11’s broken folder icons are by design. Here’s what’s going on.

In the June 2026 Security Update for Windows 11 and Windows 10, Microsoft implemented a change that prevents custom folder icons and localized folder names from appearing if derived from an untrusted "desktop.ini" file. Users may initially perceive this as a bug, as folders may revert to default settings without user intervention. To maintain customizations, organizations should add trusted sources to the "Trusted Sites" list via Control Panel. Businesses can enable the "Allow the use of remote paths in file shortcut icons" policy through the Group Policy Editor, although this may reduce security. Users can also remove the Mark-of-the-Web tag from trusted "desktop.ini" files using PowerShell commands. This update reflects a broader trend of prioritizing security over customization in the operating system.

AppWizard

June 10, 2026

France’s Government Messaging App Tchap Got Breached

On June 7, 2026, Tchap, the French government's encrypted messaging platform for civil servants, experienced a significant breach detected by ANSSI. The breach resulted from a compromised user account and involved the education shard of Tchap, specifically targeting matrix.agent.education.tchap.gouv.fr. Approximately 650,000 messages, data from over 73,000 accounts, and about 13.5GB of documents and media files were allegedly scraped. The attacker also claimed to have discovered hardcoded LDAP credentials leaked through a PowerShell script shared by a regional director of the French tax authority. DINUM, the French Digital Affairs Directorate, stated that private conversations on Tchap are end-to-end encrypted and that the compromised account has been blocked. They notified CNIL about the potential exposure of personal data and reminded users to avoid sharing sensitive information in public chat rooms. The breach follows a mandate from Prime Minister François Bayrou in August 2025 requiring all civil servants to use Tchap, increasing its attractiveness as a target for cyber threats. The investigation into the breach is ongoing.

Tech Optimizer

June 9, 2026

Fake ChatGPT download site infects Windows and Mac users with malware

A counterfeit website, openew[.]app, is impersonating OpenAI's official ChatGPT download page and distributing malware. Windows users who download from this site receive a credential-stealing malware loader, while macOS users are infected with Odyssey Stealer, a variant associated with cryptocurrency theft. The fake site mimics the legitimate ChatGPT interface and uses HTTPS to appear trustworthy. The Windows malware, Chat_GPT.exe, creates a back channel to an attacker-controlled server, while the macOS malware captures sensitive data and attempts to replace legitimate cryptocurrency wallet applications with compromised versions. Users who download from official sources remain safe, but those who click on ads or unfamiliar links risk compromising their online accounts and sensitive information. Malwarebytes offers protection against this malware. Indicators of compromise include specific file hashes and network indicators associated with the malicious site.

Winsage

June 8, 2026

Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

Microsoft has rolled out new Defender patches for Windows 11 ISOs, aligning with its commitment to security updates. Updates for Microsoft Defender for Endpoint's endpoint detection and response (EDR) will no longer be included with monthly Windows security updates or Patch Tuesdays; they will now be delivered via Microsoft Update. This change aims to allow faster deployment of EDR enhancements independently of the operating system's update cycle. The rollout for Windows 10 began in late May 2026, with plans to extend support to Windows 11 and other versions by fall 2026. EDR updates will be delivered using KB5005292, contingent on prerequisite updates. Systems must run Sense version 10.8798.25857.1000 or later and have specific Windows updates installed to qualify for the new delivery method. Organizations should align their update policies with this new approach before the broader rollout. In case of significant issues, the EDR update can be reverted using a specific command. Further details are available in the Microsoft 365 Admin Center under message ID MC1381119.

Winsage

June 8, 2026

Microsoft answers what you must do as Windows 11 Secure Boot deadline hits in days

The expiration date of the original Microsoft Secure Boot KEK certificate is June 24, 2026. Microsoft held a live "Ask Microsoft Anything" session on June 4 to address concerns regarding this deadline. The expiration affects the KEK key, while the DB key remains valid until October. After June 24, Microsoft will not be able to sign new DBX payloads, which are necessary for revoking compromised bootloaders. Devices without the new KEK may miss future revocations, leading to decreased security but will not stop booting immediately. The June Patch Tuesday update is expected to classify most systems as high confidence. IT administrators are advised to use the Intune monitoring report for device status and updates. Devices in a "temporarily paused" status require OEM firmware updates. Administrators should not delay manual rollouts for devices outside the high confidence classification. Secure Boot must be enabled to update certificates, and re-enabling it later can pose risks. Older models may receive high confidence classification faster than newer ones due to statistical requirements. In PXE boot environments, caution is needed when updating bootloaders. The Secure Boot update mechanism is consistent across Windows 10 and 11, and event logs are important diagnostic tools. Key event log entries include 1801, 1802, and 1803, which indicate various device statuses and issues. Microsoft provides resources at aka.ms/GetSecureBoot for further guidance.

Winsage

June 7, 2026

4 Windows 11 tools from Build 2026 that signal what’s coming next for the OS

Microsoft announced several key updates at the Build 2026 developer conference, particularly for Windows 11: 1. Coreutils: This suite brings familiar Linux command-line utilities to Windows 11, allowing developers to use commands like ls, cp, and mkdir natively without third-party solutions. It can be installed via GitHub or the Windows Package Manager. 2. WSL Containers: This feature introduces a built-in container runtime for running Linux containers on Windows 11, eliminating the need for external platforms like Docker. It utilizes a command-line tool called "wslc.exe" and allows for OCI-compatible Linux containers. 3. Intelligent Terminal: This feature integrates AI agents into the terminal, providing context-aware assistance for developers. It can be installed via the Microsoft Store or Command Prompt. 4. Windows Developer Configurations: This configuration file for the Windows Package Manager automates the installation of essential developer tools and settings, streamlining the setup process for new development or testing machines.

Tech Optimizer

June 6, 2026

Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises

Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.

Winsage

June 6, 2026

I break down 4 new Windows 11 tools from Build 2026 that genuinely stood out and show where the OS is heading

During the Build 2026 developer conference, Microsoft announced several updates for developers using Windows 11. Key announcements included: 1. Coreutils: A utility that enhances the experience of toggling between operating systems, allowing developers to install it via GitHub or the Windows Package Manager with the command "winget install Microsoft.Coreutils." 2. WSL Containers: A built-in container runtime that eliminates the need for third-party platforms like Docker, facilitated by a new command-line tool "wslc.exe" and an accompanying API. 3. Intelligent Terminal: A feature that integrates AI agents into the terminal, providing context-aware assistance directly within the command line. It can be installed via the Microsoft Store or with the command "winget install Microsoft.IntelligentTerminal." 4. Windows Developer Configurations: A configuration file (dev-config.winget) that automates the installation of essential developer tools and settings with a single command, simplifying the setup process for new development or testing machines.