root Archives

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Winsage

February 26, 2026

Windows 11 25H2: When Release Preview suddenly plays beta

Users of Windows 11 25H2 in the Release Preview channel experienced an unexpected transition to the Beta channel after installing Build 26200.7921, as the Release Preview option disappeared from the selection menu due to a server configuration issue. This change forced Windows Update to download version 26220.7872 without user consent. The distinction between the channels is significant, with Release Preview operating within the 26200 band and Beta in the 26220 band. On February 25, 2026, Microsoft restored the Release Preview channel, allowing users to revert to it through a manual update. The Insider Program has evolved into a complex system involving build bands, server-side feature gates, telemetry evaluation, and dynamic channel assignment, which can lead to misconfigurations. Best practices for participants include regularly checking for updates, managing automatic installations, and maintaining recovery snapshots.

Winsage

February 26, 2026

Windows Could Be the Reason Your Printer Refuses to Cooperate

Microsoft has phased out support for older V3 and V4 printer drivers in Windows 11, marking them as deprecated since September 2023. While printers using these drivers will still function, they will no longer receive automatic updates through Windows Update, potentially leading to security vulnerabilities and compatibility issues. User feedback is mixed, with some appreciating the move towards modern driver architecture and others concerned about manufacturers' ability to adapt.

Winsage

February 25, 2026

Microsoft Releases February Optional Updates for Windows 11

Microsoft has released optional February updates for Windows 11 versions 25H2 and 24H2, which include several enhancements: - A network speed test tool accessible from the taskbar for measuring Ethernet, Wi-Fi, and cellular connections. - Enhanced camera settings with new pan and tilt options for supported cameras. - A built-in version of the System Monitor (Sysmon) tool, available as an optional feature. - Improvements to Remote Server Administration Tools (RSAT) for Windows 11 Arm64 devices. - A new automatic recovery tool for Windows 11 Professional devices not domain-joined. - Support for .webp images as desktop backgrounds. - Introduction of new emojis in the Emoji 16.0 release. - BitLocker improvements to prevent devices from becoming unresponsive after entering a recovery key. Additionally, Microsoft has shared release notes for an upcoming optional update for Windows 11 version 26H1, which is currently only available to Insiders on the Canary Channel and is expected to debut on new devices with advanced silicon.

AppWizard

February 24, 2026

Android mental health apps with 14.7M installs filled with security flaws

Recent analysis by Oversecured identified 1,575 security vulnerabilities across ten mental health mobile applications, which include 54 high-severity, 538 medium-severity, and 983 low-severity issues. These apps, with over 14.7 million downloads, assist users with conditions like clinical depression and anxiety. Vulnerabilities include improper handling of user-supplied URIs, weak local data storage practices, and cryptographically weak session token generation. Six of the ten apps had no high-severity vulnerabilities, but medium-severity issues still pose risks to user privacy. The scans were conducted between January 22 and 23, 2026, and only four apps had received recent updates.

AppWizard

February 18, 2026

YouTube fixes major outage that knocked the platform offline for hours

YouTube experienced a significant outage affecting its services, including YouTube Music, YouTube Kids, and YouTube TV, primarily due to issues with its recommendations system. Downdetector recorded 300,000 to 350,000 user reports in the U.S. and numerous complaints globally. By late evening, YouTube confirmed that full service was restored across all platforms, and no videos or accounts were deleted during the disruption. YouTube's engineers are expected to investigate the cause of the failure to prevent future occurrences.

Winsage

February 16, 2026

How to uninstall Windows updates for Windows 11: Step-by-step guide and process

Trust in Windows 11 has declined significantly after the January 2026 update, which disrupted key applications like Notepad and Xbox, and caused users to be unable to shut down their PCs. The update also negatively impacted gaming performance on NVIDIA GPUs, leading to widespread user dissatisfaction. Microsoft has recommended that users uninstall the January 2026 update. To uninstall Windows updates on Windows 11, users can follow these steps: 1. Open the Settings app and select "Windows Update." 2. Click on "Update history" and note the KBxxxxx number of the update to uninstall. 3. Click on "Uninstall updates," find the KBxxx number, and click the Uninstall button. 4. Confirm the uninstallation and restart if prompted. If uninstallation fails, users may need to enter Safe Mode by holding the Shift key while restarting, selecting Troubleshoot, then Advanced Options, and Startup Settings to access Safe Mode. Once in Safe Mode, users can repeat the uninstallation steps.

Winsage

February 16, 2026

Contain your Windows apps inside Linux Windows

WinApps and WinBoat are two solutions for running Windows applications on Linux. WinApps, developed since 2020 by Ben Curtis, allows users to run a genuine copy of Windows in a virtual machine (VM) and export individual applications to the Linux desktop using Microsoft's Remote Desktop Protocol (RDP). It supports various methods, including Docker, Podman, and KVM virtualization, with KVM offering extensive customization but requiring a more complex setup. WinBoat, a newer application at version 0.9.0, simplifies the user experience by automating much of the setup process and requires only Docker and FreeRDP to be installed. WinBoat is designed for ease of use, making it accessible for users less comfortable with technical configurations. Both tools allow users to run Windows software that may not work well under WINE, but running a full Windows OS in a VM involves licensing, maintenance, and resource considerations.

Winsage

February 16, 2026

Windows 11 KB5077181 fixes boot failures linked to failed updates

Microsoft resolved a critical bug affecting some commercial systems running Windows 11 that caused boot failures due to an "UNMOUNTABLEBOOTVOLUME" error. This issue was linked to problematic updates from December 2025 and primarily impacted devices on Windows 11 versions 25H2 and 24H2. The resolution was included in the February 2026 Patch Tuesday update, specifically the Windows 11 KB5077181 security update released on February 10, 2026. An initial fix was provided in the optional update KB5074105 on January 29, 2026. Affected devices experienced failures after installing the January 13, 2026, security update KB5074109. Microsoft recommends that enterprise customers with still unbootable systems contact Microsoft Support for Business for assistance.