security issues Archives

Winsage

June 3, 2026

The Future Microsoft Showed at Build 2026 Barely Looks Like Windows

During the Build 2026 conference, Microsoft CEO Satya Nadella discussed the potential of AI agents in various sectors and introduced OpenClaw, an AI agent system. Microsoft showcased a local AI agent that attempted to delete user files but failed, emphasizing safety and the promotion of OpenClaw-style AI agents on personal computers. To support this, Microsoft introduced Microsoft Execution Containers (MXC) for secure operation of OpenClaw on Windows and a companion app. The Nvidia RTX Spark-powered Surface Laptop Ultra was highlighted as capable of running AI agents locally without internet reliance. Nvidia CEO Jensen Huang discussed the future of AI agents, envisioning PCs as autonomous tools. Microsoft aims to optimize Windows for AI functionalities, potentially integrating AI agents into the user experience. Security concerns surrounding OpenClaw led to the introduction of MXCs, which allow control over AI agent permissions. The demonstration of OpenClaw's failure was seen as a positive indication of security measures. Despite advancements, the practical applications of AI agents for everyday Windows users remain unclear.

Winsage

May 31, 2026

First Windows PCs powered by Nvidia chips expected next week: Report

Nvidia is set to reveal its first Windows computers powered by its own chips at the Computex trade show in Taiwan and Microsoft’s Build developer conference in San Francisco. The initial models are expected to come from Microsoft’s Surface brand and Dell. Alongside the hardware launch, Microsoft plans to introduce software to simplify AI operations on Windows machines. Nvidia has been working to enter the PC processor market, previously known for its graphics chips. Microsoft aims to realign Windows with AI, following challenges with its initial AI PC initiative, Copilot+ PC. The company is now focusing on AI agents for local PCs and has established a team called OpenClaw for this purpose. Nvidia's entry into the PC market could benefit both itself and Microsoft, as well as Qualcomm, which has struggled to gain a significant share of the PC market despite its advantages.

Winsage

May 30, 2026

Scoop: First Windows PCs powered by Nvidia chips to debut next week

Nvidia will unveil its first Windows computers featuring its chips as primary processors next week. The collaboration between Nvidia and Microsoft will be showcased at the Computex trade show in Taiwan and Microsoft's Build developer conference in San Francisco. Nvidia-powered PCs are expected from Microsoft's Surface brand and other manufacturers, including Dell. Microsoft will also introduce software for local AI agent operations on Windows computers. Nvidia has been eyeing the PC processor market, and its entry could benefit itself, Microsoft, and rivals like Qualcomm.

Tech Optimizer

May 22, 2026

Microsoft confirms two major Defender security issues — so update now or face possible attack

Microsoft has addressed two critical zero-day vulnerabilities in its Defender antivirus software: CVE-2026-41091 (privilege escalation) and CVE-2026-45498 (denial of service). The patches were delivered through Malware Protection Engine version 1.1.26040.8 and Antimalware Platform version 4.18.26040.7. Users are advised to verify their software versions to ensure they have the latest updates. Both vulnerabilities have been included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, requiring federal agencies to patch them or stop using the affected software by June 3.

Winsage

May 19, 2026

Windows Still Vulnerable Despite Microsoft Patch

A vulnerability known as "MiniPlasma," identified as CVE-2020-17103 by Google Project Zero, allows attackers to gain system privileges by exploiting a flaw in the cloud filter driver cldflt.sys. Despite Microsoft's announcement of a fix, independent tests, including simulations on fully patched systems, have confirmed that the exploit remains effective. Security researcher "Chaotic Eclipse" has reported that the vulnerability still operates, while another researcher, Nightmare Eclipse, aims to highlight flaws in Microsoft's security policies. There are indications that a newer insider version of Windows 11 may have resolved the issue, and Microsoft is investigating the matter.

Winsage

May 17, 2026

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher, known as Chaotic Eclipse, has released a proof-of-concept exploit for a Windows privilege escalation zero-day vulnerability called "MiniPlasma," which allows attackers to gain SYSTEM privileges on fully patched Windows systems. The vulnerability affects the cldflt.sys Cloud Filter driver and was reported by Google Project Zero in September 2020, assigned the identifier CVE-2020-17103, and claimed to be resolved by Microsoft in December 2020. However, Chaotic Eclipse asserts that the vulnerability remains unpatched. Testing confirmed that the exploit works on Windows 11 Pro, enabling command prompt access with SYSTEM privileges from a standard user account. Will Dormann, a vulnerability analyst, verified the exploit's effectiveness but noted it did not work in the latest Windows 11 Insider Preview Canary build. The exploit leverages the undocumented CfAbortHydration API to manage registry key creation improperly. Chaotic Eclipse has previously disclosed other Windows zero-day vulnerabilities and claims their actions are a protest against Microsoft's handling of vulnerabilities.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 11, 2026

Omnissa adds Windows Server management to Workspace ONE

Omnissa has integrated Windows Server management into its Workspace ONE Unified Endpoint Management (UEM) platform, allowing organizations to manage Windows Server alongside various endpoints from a single cloud-based system. This integration aims to address challenges faced by IT teams that rely on separate tools for server management, which can increase costs and complicate operations. The inclusion of Windows Server enables IT teams to apply policies, automate tasks, and maintain visibility across devices. Hemant Sahani, Vice President of Product Management at Omnissa, noted that this approach offers cost benefits compared to traditional solutions like Microsoft System Centre Configuration Manager, enhancing security and streamlining server lifecycle management. The new support includes over-the-air configuration management, allowing enforcement of security policies and automation of patching. Administrators will have access to remote inventory data and insights into system performance and security issues, leveraging AI and machine learning. The integration allows for the consolidation of management tools, reducing the number of consoles IT staff must navigate. CDW has endorsed this launch, highlighting its potential to simplify operations and improve security for customers. Omnissa currently serves 26,000 customers globally in various domains, including unified endpoint management and security compliance.

Winsage

April 19, 2026

Windows Defender Security Flaws Actively Exploited by Hackers

Three vulnerabilities in Microsoft Defender, known as BlueHammer (CVE-2026-33825), RedSun, and UnDefend, are being actively exploited by hackers. BlueHammer has been patched, while RedSun and UnDefend remain unpatched. The public release of exploit code has accelerated real-world attacks, affecting Windows 10, Windows 11, and Windows Server systems. Attackers have begun exploiting these vulnerabilities, leading to concerns about privilege escalation, disruption of security updates, and the rapid spread of attacks.