practice Archives

Winsage

February 12, 2026

February 2026 Patch Tuesday includes six actively exploited zero-days

Microsoft released security updates on the second Tuesday of each month, addressing 59 vulnerabilities this month, including six critical zero-day exploits. 1. CVE-2026-21510: Windows Shell security feature bypass vulnerability (CVSS score 8.8) allows attackers to circumvent Windows SmartScreen by tricking users into opening malicious links or shortcuts. 2. CVE-2026-21513: MSHTML Framework security feature bypass vulnerability (CVSS score 8.8) enables attackers to weaken browser protections by persuading users to open malicious HTML files or shortcuts. 3. CVE-2026-21514: Microsoft Word security feature bypass vulnerability (CVSS score 5.5) allows attackers to exploit untrusted inputs in malicious Word documents to execute blocked content. 4. CVE-2026-21519: Desktop Window Manager elevation of privilege vulnerability (CVSS score 7.8) allows low-privileged attackers to gain higher privileges without user interaction. 5. CVE-2026-21525: Windows Remote Access Connection Manager denial-of-service vulnerability (CVSS score 6.2) can be exploited by unauthenticated local attackers to crash the service without compromising confidentiality or integrity. 6. CVE-2026-21533: Windows Remote Desktop Services elevation of privilege vulnerability (CVSS score 7.8) allows local authenticated attackers to escalate privileges to SYSTEM without user interaction. Additionally, Azure users should be aware of two critical vulnerabilities with CVSS ratings of 9.8.

Winsage

February 11, 2026

Refreshing the root of trust: industry collaboration on Secure Boot certificate updates

Secure Boot is a security feature in Windows and Windows Server that protects devices from untrusted software at startup. It has been in operation since 2011 and relies on certificates embedded in a PC’s firmware. The original Secure Boot certificates will begin to expire in late June 2026. New certificates are being rolled out through regular Windows updates for supported devices, with OEMs preparing new devices with updated certificates since 2024. If devices do not receive the new certificates before the expiration of the old ones, they will continue to function but will enter a degraded security state, limiting future protections. Users generally do not need to take action, as updates will be installed automatically, but some specialized systems may require separate firmware updates. Organizations can monitor the update status through the Windows Security App and should ensure devices are running the latest updates and firmware. Support is available for individuals and organizations facing issues during the update process.

Winsage

February 10, 2026

Microsoft is keeping Secure Boot alive with Windows updates

Microsoft is enhancing the security of Windows devices by replacing boot-level security certificates that are nearing expiration, with this initiative integrated into regular Windows platform updates. The original Secure Boot certificates from 2011 will expire between June and October 2026, prompting Microsoft to issue new certificates in 2023, which are included in many new Windows devices sold since 2024. Older hardware will require updates to remain compliant. Devices with expired certificates will continue to operate but will enter a "degraded security state," potentially hindering future updates and causing compatibility issues. The new Secure Boot certificates rollout began with the Windows 11 KB5074109 update. Most Windows 11 users will have the new certificates installed automatically, while specialized systems may have different update protocols. Windows 10 users must enroll in Microsoft’s Extended Security Updates to receive the new certificates.

Winsage

February 10, 2026

Your Windows PC has a secretly useful backup tool – here’s how to access it

Windows Backup is a built-in feature in Windows that allows users to back up specific folders and files, as well as create a complete system image. Backups can be directed to various media, including CDs, DVDs, external hard drives, or network locations, and users can schedule backups to run at regular intervals. However, Windows Backup has been deprecated by Microsoft and is no longer supported or updated, which may lead to occasional issues. A newer tool also named Windows Backup exists, designed for backing up and restoring specific files and settings for PC transitions. Users should prepare their storage media, typically external drives with 16GB to 32GB of space, before using the older Windows Backup. Restoration options include returning files to their original location or a different one, depending on the situation. Despite its deprecated status, Windows Backup remains functional and is considered a valuable tool for users seeking a built-in backup solution.

AppWizard

January 28, 2026

Valve faces lawsuit over developer commissions on Steam

Valve is facing a legal battle over allegations of imposing excessive commissions on publishers using its Steam platform, with potential damages reaching £656 million. The lawsuit, initiated in June 2024, represents the interests of up to 14 million UK consumers who purchased games via Steam since 2018. Vicki Shotbolt leads the case, claiming Valve restricts publishers from offering lower prices on competing platforms and locks customers into its ecosystem. Valve's commission is reportedly as high as 30 percent. The London Competition Appeal Tribunal has allowed the case to proceed, despite Valve's objections. This is not the first scrutiny Valve has faced; a previous antitrust lawsuit from Wolfire Games was dismissed in late 2021 but was refiled and merged with another claim in 2022, gaining class action status by November 2024.

AppWizard

January 27, 2026

UK legal action against Valve over Steam prices gets go ahead

Valve Corporation is facing a £656 million lawsuit in the UK over allegations of unfair pricing practices related to its online store, Steam. The lawsuit, initiated by Vicki Shotbolt in 2024, claims Valve uses its market dominance to impose restrictive terms on game publishers, preventing them from offering lower prices on competing platforms. The legal documents allege Valve charges an excessive commission of up to 30%, resulting in inflated costs for UK consumers. This case is a collective action that could affect up to 14 million Steam users in the UK. Additionally, Valve is facing a separate consumer action case in the United States filed in August 2024. Steam, launched in 2003, has become the largest distribution platform for PC gaming, with over 19,000 games released in 2025, generating £8.6 billion in revenue. Valve has also introduced hardware like the Steam Deck and announced plans for the Steam Machine console.

AppWizard

January 27, 2026

BETT 2026: Microsoft reveals major Copilot, AI, and Minecraft Education updates | ETIH EdTech News

Microsoft showcased a comprehensive update to its education platform at BETT 2026, integrating AI tools like Copilot into Microsoft 365, Teams for Education, Learning Accelerators, and Minecraft Education. The new Teach module allows educators to create lesson plans aligned with standards from over 35 countries, generate rubrics, and modify reading levels. Minecraft Education lesson plan creation using Copilot is set to enter preview in February 2026. Microsoft introduced a Study and Learn agent for students, designed to support independent learning through tailored interactive activities, with a preview scheduled for January 2026. The program emphasizes AI literacy through Minecraft Education, helping students recognize AI in tools, understand algorithms, and develop critical evaluation skills. Learning Accelerators will expand with a new Microsoft 365 LTI for LMS integration, allowing full integration of Microsoft 365 apps and Copilot into learning management systems by Spring 2026. Microsoft also addressed AI misuse concerns, introducing assignment-level controls for educators to define acceptable AI usage, with previews scheduled for February 2026.

Tech Optimizer

January 27, 2026

PostgreSQL for WMS: a DBMS selection strategy in the era of import substitution

Choosing a Database Management System (DBMS) for Warehouse Management Systems (WMS) is a strategic decision that impacts security, budget, and adaptability. PostgreSQL is identified as a safe, cost-effective, and future-proof solution for Russian warehouse systems, especially following the withdrawal of foreign vendors like Oracle and Microsoft SQL Server. Starting September 1, 2025, foreign software usage in government bodies and companies with over 50% state ownership will face legal restrictions, posing regulatory risks for those using Oracle. Financial risks include high licensing fees and the potential for legal prohibitions on current technologies. Business continuity risks arise from the possibility of vendors ceasing support and updates. PostgreSQL, both in its vanilla form and commercial derivatives like Postgres Pro, is presented as a robust alternative capable of handling high loads and providing necessary features for modern WMS. It supports real-time analytics and advanced capabilities such as intelligent search and automatic classification using neural networks. Key considerations when choosing a DBMS include estimating data volumes, checking legal requirements, and calculating total cost of ownership (TCO).

Tech Optimizer

January 26, 2026

AlloyDB managed connection pooling

AlloyDB for PostgreSQL is a fully managed database service designed for enterprise workloads, combining PostgreSQL's strengths with Google Cloud technology for enhanced performance, scalability, and availability. A new feature, managed connection pooling, addresses the challenges of inefficient database connection management, which can lead to performance degradation, resource exhaustion, and reliability issues. Managed connection pooling maintains a cache of active database connections, allowing applications to reuse connections instead of creating new ones for each request, thus reducing latency and resource consumption. This feature is tightly integrated into AlloyDB, simplifying operations and optimizing performance and security. It offers two configurable pooling modes: transaction mode, which maximizes reuse for short transactions, and session mode, which maintains a connection for the entire session. Enabling managed connection pooling can increase transactions per minute by up to five times, support over three times more concurrent connections, decrease connection latency, and improve reliability during traffic spikes. UKG, a provider of HR solutions, has adopted this feature to enhance the performance and scalability of their applications. To enable managed connection pooling, users can activate it in the Google Cloud console and connect applications using standard PostgreSQL drivers to the designated port.

Winsage

January 26, 2026

Your BitLocker-secured Windows PC isn’t so secure after all – unless you do this

Microsoft's BitLocker encrypts personal files on Windows hard drives to protect against unauthorized access in case of loss or theft. The BitLocker recovery key is essential for decrypting data, but Microsoft has confirmed it will comply with valid legal requests for access to these keys if they are stored in the cloud. This was highlighted during an FBI investigation in Guam, where Microsoft provided recovery keys related to a COVID unemployment fraud case. Microsoft receives about 20 requests for BitLocker keys annually, but many cannot be fulfilled if users do not store their keys in the cloud. The Guam case is the first known instance of Microsoft providing encryption keys to law enforcement, contrasting with a previous request from the FBI in 2013 that was declined. Users can choose to store their keys locally or in Microsoft's cloud, but storing them in the cloud carries risks of unauthorized access. For optimal security, it is recommended to save the recovery key on a USB stick or external drive, encrypting the file if necessary, and avoiding cloud storage. Users should check their BitLocker settings in Windows 11 or 10 to manage their recovery keys and consider removing any keys stored in the cloud.