registry key

Winsage
June 19, 2026
Microsoft released Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Two issues have been acknowledged: malfunctioning Office applications and complications with the Recycle Bin. In July 2025, Microsoft changed the default settings of Windows 11 to JScript9Legacy in versions 24H2 and later, continuing with version 25H2 in October 2025. This change aimed to enhance security by addressing vulnerabilities related to legacy scripting, particularly cross-site scripting (XSS). A support article details a compatibility issue arising from the transition from jscript9.dll to jscript9legacy.dll, which affects how JScript manages execution context. Functions and definitions established by one script are no longer accessible to subsequent scripts, leading to failures in legacy applications. To address this, Microsoft released the KB5077241 update, which requires manual activation of persistent JScript execution context through a Registry setting. The steps to implement this solution involve creating a feature control registry key and configuring a DWORD value for specific processes or all processes.
Winsage
June 15, 2026
Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.
Winsage
June 11, 2026
Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.
Tech Optimizer
June 6, 2026
Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.
Winsage
June 4, 2026
Microsoft has announced updates to Secure Boot, enhancing system security by modifying support and registry keys to streamline the boot process. These updates aim to improve the security of Windows devices by ensuring that only trusted software is loaded during startup. Collaborations with Dell and STMicroelectronics are also underway to provide tailored support and integrate advanced security features into chipsets, respectively.
Winsage
May 30, 2026
Disabling Windows Defender is common among users setting up virtual machines or optimizing build processes, but it can be frustrating due to Windows 11's resistance to such actions. Many guides suggest using outdated registry keys, which are often reverted by updates, leading to repeated attempts to disable the protections. Users may disable Defender for several reasons, including performance issues with virtual machines, conflicts with Android emulators, hindrances in development environments, troubleshooting disk performance, and security testing in isolated labs. However, disabling antivirus software increases exposure to threats. Microsoft Defender includes components such as Antivirus, Real-Time Protection, Cloud-Delivered Protection, Tamper Protection, and Defender for Endpoint. Tamper Protection is a significant barrier to disabling Defender, as it prevents unauthorized changes to security settings. Key considerations before disabling Defender include the need for administrator rights, the effect of Tamper Protection, potential resets from Windows Updates, temporary toggles for Real-Time Protection, and the option to install third-party antivirus software, which places Defender in passive mode. Methods to disable Defender include using the Windows Security GUI, PowerShell commands, Command Prompt, or Group Policy (available only for certain editions). Disabling Tamper Protection requires accessing the GUI or being managed by an organization. To check if Defender is disabled, users can use PowerShell to review specific fields. Common reasons for Defender reactivating include enabled Tamper Protection, system reboots, Windows Updates, lack of third-party antivirus, and security policy refreshes. Installing a legitimate third-party antivirus is often the best way to maintain a consistent state. Instead of disabling Defender, users can add exclusions for specific folders related to virtual machines or development tools, allowing them to maintain protection while avoiding conflicts. Troubleshooting common problems includes ensuring elevated sessions for PowerShell, checking Tamper Protection status, and understanding the limitations of the Group Policy editor based on the Windows edition. Disabling Defender may be appropriate in specific scenarios, but for regular use, especially on machines handling sensitive tasks, the risks generally outweigh the benefits. Using exclusions is recommended for performance improvements without compromising security.
Winsage
May 23, 2026
Recent feedback from Windows 11 users has led Microsoft to simplify the process of uninstalling Copilot due to dissatisfaction with its integration. A Group Policy option titled “Remove Microsoft Copilot app” has been introduced in the April 2026 Update, allowing users to remove Copilot via User Configuration > Administrative Templates > Windows Components > Windows AI. Users can also uninstall Copilot directly from the installed apps list or by right-clicking the icon, although it may reappear after a fresh installation due to certain updates. To uninstall Copilot and Microsoft 365 Copilot using Group Policy, the following conditions must be met: both apps must be installed, the user did not install them independently, and the Copilot app has not been used for over 28 days. This policy is supported on Pro, Enterprise, Education, and IoT Enterprise or LTSC versions of Windows 11. Windows 11 Home users can manually remove Copilot by creating a registry key at HKEYCURRENTUSERSoftwarePoliciesMicrosoftWindowsWindowsAI and setting a DWORD value named RemoveMicrosoftCopilotApp to 1. Alternatively, users can execute a PowerShell script to remove Copilot. Microsoft has not provided an uninstall option for Copilot in the Start menu.
Search