NewApp Digest
search bot

privilege

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation
Winsage
March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.
PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs
Winsage
February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.
silver Android smartphone
Winsage
February 24, 2026

Surface Pro update fixes key cellular bugs — just as Microsoft leans into 5G

Microsoft has released a firmware update for the Surface Pro (11th Gen) in February, focusing on enhancing connectivity and device reliability. Key improvements include enhanced security to address vulnerabilities, uninterrupted VPN usage by fixing cellular connectivity issues, consistent cellular settings, improved video conferencing during Microsoft Teams calls, resolved compatibility issues with Surface Dock 2, and a fix for Dolby Vision video playback errors. Additionally, Microsoft is collaborating with Ericsson to enhance 5G connectivity for Surface Pro users, which will include features like automatic eSIM switching and remote policy management. Future 5G bundles will include Microsoft 365, Intune, and Ericsson Enterprise 5G Connect, available with Surface Copilot+ PCs.
You Can Now Install—and Update—Microsoft Store Apps Using the Command Line
Winsage
February 22, 2026

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

Microsoft has introduced a new command line interface for the Microsoft Store, accessible through PowerShell by typing "store." Users must have all current Windows 11 updates installed for functionality. The interface features ASCII art and a list of sub-commands, allowing users to search, install, and update software with minimal keystrokes. Users can install applications without needing to remember exact names, and commands like "store install firefox" yield accurate results. Limitations include the inability to install applications not available in the Microsoft Store. Users can also search for apps, gain insights into specific applications, and browse categories. The command "store updates" allows users to manage application updates efficiently.
silver Android smartphone
Winsage
February 21, 2026

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

Microsoft has introduced a new command line interface for the Microsoft Store that allows users to bypass the traditional interface for app installation and management. Users can access this feature by launching PowerShell and typing “store.” If the command doesn't work, ensuring Windows 11 updates are current may resolve the issue. The interface includes an ASCII art display and a list of sub-commands for searching, installing, and updating software with minimal keystrokes. Users can install applications by typing commands like “store install firefox,” which searches for the app and provides relevant information. The tool can only install apps available in the Microsoft Store, excluding some popular options. Users can also use commands like “store search” and “store browse-apps” to explore available applications. Additionally, the command “store updates” allows users to install all pending Store updates collectively or update individual apps. This new command line approach aims to enhance the speed and efficiency of software management on Windows.
Copilot Arrives In Windows 11 File Explorer And Taskbar
Winsage
February 20, 2026

Copilot Arrives In Windows 11 File Explorer And Taskbar

Microsoft is integrating its AI assistant, Copilot, into the Windows 11 ecosystem, allowing users to access AI capabilities directly through familiar interfaces. Users can invoke Copilot agents by pressing the @ key in the taskbar search, enabling tasks like document summarization and research initiation without switching contexts. A "Researcher" agent can handle inquiries and provide comprehensive reports, enhancing productivity for knowledge workers. In File Explorer, a new Copilot icon allows users to summarize documents and extract insights without opening applications, improving efficiency with common file formats like Word and PDF. These features are available to Windows 11 users with Microsoft 365 Work or School accounts who have been granted access by their organizations. Copilot+ PC owners will benefit from additional functionalities such as voice transcription and contextual screenshotting, enabled by the Neural Processing Unit (NPU) in newer AI PC designs. Microsoft aims to position Copilot where work naturally occurs, but adoption remains low, with only 3.3% of users subscribing to premium tiers. The integration raises governance and privacy considerations for IT leaders, as it must comply with existing frameworks like Microsoft Purview. Best practices suggest piloting Copilot features with select users and implementing data loss prevention rules. Overall, the integration of Copilot into Windows 11 is designed to save users time and enhance productivity while maintaining organizational security.
Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices
Winsage
February 17, 2026

Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices

Microsoft's Patch Tuesday update, KB5077181, released on February 10, 2026, has caused significant boot failures for users of Windows 11 versions 24H2 (OS build 26200.7840) and 25H2 (OS build 26100.7840), resulting in endless restart loops. Users are reporting over 15 reboot cycles, preventing access to their desktops. Issues include System Event Notification Service (SENS) errors and DHCP problems affecting internet connectivity. Installation errors with codes 0x800f0983 and 0x800f0991 indicate potential hardware, driver, or servicing stack incompatibilities. The update was intended to address 58 vulnerabilities, including six zero-days, but the boot loop issue has overshadowed these enhancements. CVE IDs and their CVSS scores related to the vulnerabilities addressed include: - CVE-2026-21510: 7.5 - CVE-2026-21519: 7.8 - CVE-2026-21533: 8.8 - CVE-2026-20841: 7.1 As of February 15, 2026, there is no "known issues" entry in Microsoft's release notes despite user reports. Users can uninstall the update through the Control Panel if their systems are accessible, or use the Windows Recovery Environment to execute commands for uninstallation if their systems are unbootable.
Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw
Winsage
February 15, 2026

Microsoft Blocks Credential Autofill to Fix Windows Hello Flaw

Microsoft has blocked credential autofill functionality in Windows 11 as part of the February 2026 Patch Tuesday updates to address the critical vulnerability CVE-2026-20804, which allows unauthorized access by tampering with Windows Hello authentication. This vulnerability was first identified in August 2025 and allows local administrators to inject biometric data. The restriction was documented in the January 2026 Patch Tuesday release notes. Enhanced Sign-in Security (ESS) operates at a hypervisor virtual trust level but is limited by hardware compatibility issues, particularly affecting AMD-based systems. Post-update, credential dialogs do not respond to virtual keyboard inputs from remote desktop or screen-sharing applications, preventing autofill during remote support sessions. Microsoft has provided a risky workaround that allows applications to operate with elevated administrator privileges, but this reintroduces the vulnerability. Organizations must now choose between disrupted remote support workflows or risking exposure to credential injection attacks, leading to operational challenges for IT teams and help desk staff.
Search