remote code execution Archives

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Winsage

February 17, 2026

Microsoft Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices

Microsoft's Patch Tuesday update, KB5077181, released on February 10, 2026, has caused significant boot failures for users of Windows 11 versions 24H2 (OS build 26200.7840) and 25H2 (OS build 26100.7840), resulting in endless restart loops. Users are reporting over 15 reboot cycles, preventing access to their desktops. Issues include System Event Notification Service (SENS) errors and DHCP problems affecting internet connectivity. Installation errors with codes 0x800f0983 and 0x800f0991 indicate potential hardware, driver, or servicing stack incompatibilities. The update was intended to address 58 vulnerabilities, including six zero-days, but the boot loop issue has overshadowed these enhancements. CVE IDs and their CVSS scores related to the vulnerabilities addressed include: - CVE-2026-21510: 7.5 - CVE-2026-21519: 7.8 - CVE-2026-21533: 8.8 - CVE-2026-20841: 7.1 As of February 15, 2026, there is no "known issues" entry in Microsoft's release notes despite user reports. Users can uninstall the update through the Control Panel if their systems are accessible, or use the Windows Recovery Environment to execute commands for uninstallation if their systems are unbootable.

Tech Optimizer

February 16, 2026

Phishing Lures Spread XWorm Remote Access Trojan

A cyber-espionage campaign is utilizing the XWorm Remote Access Trojan (RAT) to infiltrate systems via phishing emails and a Microsoft Office vulnerability (CVE-2018-0802). XWorm, first detected in 2022, allows attackers remote control over infected computers for surveillance and data theft. The campaign uses business-oriented phishing emails with malicious Excel attachments that exploit the vulnerability to execute a fileless attack. The malware connects to a command-and-control server, encrypting communications and transmitting system details. XWorm features a plugin architecture with over 50 modules for various malicious activities, including credential theft and DDoS attacks. Security experts highlight the ongoing risk of legacy software vulnerabilities and recommend patching outdated components.

Winsage

February 16, 2026

Multiple Flaws Found in Microsoft Windows & Office — Could Let Hackers In

Microsoft has identified at least six zero-day vulnerabilities in Windows and Microsoft Office that were actively being exploited by hackers before patches were released. These vulnerabilities allow attackers to compromise systems with minimal user interaction, such as clicking on malicious links or opening compromised Office documents. Notable examples include a Windows Shell Security Bypass (CVE-2026-21510) and an Office File Exploit that can execute malicious code. The vulnerabilities pose serious risks, including active exploitation, remote code execution, and the potential for malware installation and credential theft. Microsoft has released security patches to address these vulnerabilities, and users are urged to install them immediately. The affected systems include all supported versions of Windows and Microsoft Office applications. Users are advised to install updates, be cautious with emails and links, enable security tools, and keep software up to date.

Winsage

February 16, 2026

Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

Microsoft's security update KB5077181, released on February 10, 2026, for Windows 11 versions 24H2 and 25H2, has caused critical boot failures, leading to infinite restart loops for users. The update addresses 58 vulnerabilities, including six zero-day exploits, and introduces new Secure Boot certificates. Users have reported errors such as “a specified procedure could not be found” and DHCP failures, with installation errors like 0x800f0983 and 0x800f0991 affecting specific hardware. To resolve issues, users are advised to uninstall the update and pause Windows Update. Accessing the Windows Recovery Environment may also be necessary for persistent boot loops. While some users experienced improvements, the overall instability highlights risks associated with updates. Microsoft has not acknowledged any known issues related to this update as of February 15.

Winsage

February 15, 2026

Windows 11 KB5077181 fixes gaming bugs, Nvidia black screen, and performance issue affecting explorer.exe, taskbar, and Start menu

Windows 11 KB5077181 is a mandatory update that resolves up to 58 critical vulnerabilities, including a serious flaw in Windows Notepad that could allow for remote code execution. It introduces new features like an Apple Handoff-like Resume function and addresses gaming issues, particularly graphical artifacts in games such as Forza Horizon 5. The update fixes the black screen problem affecting certain Nvidia GPUs and resolves issues related to explorer.exe freezing or crashing upon login. Microsoft has confirmed that the update addresses black screen problems in isolated multiuser environments and rectifies boot failures linked to specific GPU configurations. Users can check if the update is installed by navigating to Settings > System > About, with the latest version being Build 26200.7840 or newer.

Winsage

February 14, 2026

Microsoft Fixes Critical Windows 11 Notepad Flaw

Microsoft has released a patch for a significant vulnerability in Notepad on Windows 11 that could allow attackers to execute code by opening a Markdown file and clicking on a malicious link. This vulnerability was due to how Notepad processed links within Markdown files, which could trigger unverified protocols to load remote content. The patch now includes a security warning before such links can be activated. Users are advised to check for updates via Windows Update and the Microsoft Store to ensure Notepad and related components are up to date. Security tips include inspecting URLs before clicking and keeping Microsoft Defender features enabled.

Winsage

February 12, 2026

Check for Windows 11 updates. Microsoft patched a big vulnerability.

Microsoft has addressed a "remote code execution" vulnerability in Windows 11's Notepad application that could allow malicious actors to exploit Markdown files. The vulnerability occurs when a user clicks a harmful link in a Markdown file, potentially leading to the execution of unverified protocols and remote files with the same permissions as the user. Microsoft has implemented a warning system to alert users about unsafe links before they proceed. Users are advised to manually verify that their Windows 11 installations are current to ensure security.

Winsage

February 11, 2026

Patch Tuesday, February 2026 Edition

Microsoft has released updates addressing over 50 vulnerabilities in its Windows operating systems and applications, including six critical zero-day vulnerabilities. 1. CVE-2026-21510: A security feature bypass in Windows Shell that allows execution of malicious content via a single click on a link, affecting all supported Windows versions. 2. CVE-2026-21513: Targets MSHTML, the web browser engine in Windows. 3. CVE-2026-21514: A security feature bypass in Microsoft Word. 4. CVE-2026-21533: Allows local attackers to gain SYSTEM level access in Windows Remote Desktop Services. 5. CVE-2026-21519: An elevation of privilege flaw in the Desktop Window Manager (DWM). 6. CVE-2026-21525: A potential denial-of-service threat in the Windows Remote Access Connection Manager. Additionally, the updates include fixes for remote code execution vulnerabilities affecting GitHub Copilot and various IDEs, specifically CVE-2026-21516, CVE-2026-21523, and CVE-2026-21256, which arise from a command injection flaw. Security experts emphasize the importance of safeguarding developers due to their access to sensitive data and recommend applying least-privilege principles.

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.