Security Patch Archives

Winsage

February 19, 2025

Windows 11 update is reportedly breaking the operating system’s most vital tool

The recent 24H2 update (KB5051987) for Windows 11 has caused significant disruptions, particularly affecting File Explorer, leading to user frustrations. Many users report that File Explorer has become unresponsive, preventing access to commonly used folders. The issue has been confirmed to occur even on fresh installations of Windows 11, indicating a problem with the update itself. Some users are also experiencing Blue Screen of Death (BSoD) errors and complete operating system corruption. Microsoft has not yet provided a definitive solution, but users can temporarily revert to the previous January 2025 update to resolve File Explorer issues. There is hope that a fix will be included in the upcoming February 2025 optional update.

Winsage

February 14, 2025

Windows Server 2022 KB5051979 released, direct download .msu

The February 2025 security patch for Windows Server 2022, KB5051979, resolves issues with Digital-to-Analog Converter (DAC) devices and USB peripherals that previously displayed error code 10. It upgrades the system to Build 20348.3207, fixing a memory leak related to predictive input ideas and issues with the Device Health Attestation service. The update also addresses crashes related to symbolic links and acknowledges lingering harmless errors from the January 2025 update, specifically concerning the System Guard Runtime Monitor Broker Service. Users of OpenSSH and Citrix may face conflicts due to the January update. Some fixes are also applied to Windows 10 with KB5051974. Additionally, Microsoft has resolved a boot error in Windows Server 2025 and released cumulative updates KB5051989 and KB5051987 for Windows 11.

Winsage

February 13, 2025

How to prevent forced installation of new Outlook on Windows 10 PCs

In February 2025, Microsoft began a mandatory update for Windows 10 users that included the forced installation of the new Outlook app as part of a strategy to integrate it into their ecosystem. This installation is linked to the KB5051974 update, which is a critical security patch. Users can prevent the new Outlook from being installed by modifying the Windows registry, specifically by creating a new string value named BlockedOobeUpdaters and setting its value data to ["MS_Outlook"]. This process must be repeated with each subsequent Windows 10 update. For users who have already had the new Outlook installed, it cannot be uninstalled through standard methods but can be removed using Windows PowerShell with the command: Remove-AppxProvisionedPackage -AllUsers -Online -PackageName (Get-AppxPackage Microsoft.OutlookForWindows).PackageFullName. Additionally, to uninstall unsupported Mail or Calendar apps, the command is: Get-AppxProvisionedPackage -Online | Where {$.DisplayName -match "microsoft.windowscommunicationsapps"} | Remove-AppxProvisionedPackage -Online -PackageName {$.PackageName}.

Winsage

February 12, 2025

You Should Install This Windows Security Patch Right Away

Microsoft's February 2025 Patch Tuesday security update addresses 55 security vulnerabilities across the Windows platform, including: - 22 remote code execution vulnerabilities - 19 elevation of privilege vulnerabilities - 9 denial of service vulnerabilities - 3 spoofing vulnerabilities - 2 security feature bypass vulnerabilities - 1 information disclosure vulnerability Among these, four vulnerabilities are classified as critical zero-day vulnerabilities, with two requiring immediate attention. 1. CVE-2025-21194: A security feature bypass vulnerability related to Microsoft Surface devices, potentially allowing unauthorized access to Windows virtual machines. 2. CVE-2025-21377: An NTLM hash disclosure spoofing vulnerability that could allow attackers to retrieve plain-text passwords by interacting with a malicious file. The other two zero-day vulnerabilities confirmed to be actively exploited are: 1. CVE-2025-21391: A Windows storage elevation of privilege vulnerability that enables deletion of targeted files on a user's computer. 2. CVE-2025-21418: A vulnerability that allows attackers to gain elevated system privileges within Windows. Users are advised to install the patch promptly to protect their systems.

AppWizard

February 4, 2025

Google warns Android users of a zero-day software exploit causing instability

Google has warned Android users about a significant zero-day exploit, identified as CVE-2024-53104, that could cause software instability and allow attackers to manipulate devices. This vulnerability operates at the Linux kernel level and affects all Android devices, including the Galaxy S25 and S24. A fix is included in the February security patch, but OEMs must distribute it. Current reports indicate that exploitation attempts are limited, but users are urged to update their devices promptly. Additionally, another flaw affecting Qualcomm technology may grant remote access to devices, with no reported victims yet. In 2023, 97 zero-day vulnerabilities were exploited, a 50% increase from 2022, primarily impacting Android devices.

Winsage

December 28, 2024

Unable to install security updates after freshly installing Windows 11? You’re not alone

A bug in the recent installation media for Windows 11 prevents users from installing the latest security updates if the media includes the October 2024 or November 2024 security patches. Microsoft has acknowledged that this issue occurs only when using installation media, such as CD and USB flash drives, created in the last few months with these updates. The problem does not affect devices that receive the updates via Windows Update or the Microsoft Update Catalog. Users are advised to avoid installation media with the October or November 2024 patches and instead use media with the September 2024 or December 2024 patches. Some users have found success using the "Fix Windows Update" button in the Recovery section of Windows Settings, and the official Windows 11 ISO tool can create an installation image without the problematic patches.

Winsage

November 27, 2024

How to Delay Windows Updates and Tell Microsoft to Leave You Alone

Microsoft provides annual updates and monthly security patches for Windows 10 and Windows 11. Major updates have faced challenges, including a blue screen of death from an August 2023 update for Windows 11 and printer functionality issues from a July 2022 security patch for Windows 10. Users can now delay significant feature updates, a change from Microsoft's previous mandatory update policy. To pause updates, users can pause for seven days through the Settings menu, with a total pause duration of 35 days available. Windows 10 users can pause updates by clicking "Pause updates for 7 days" up to five times or selecting a specific date in Advanced Options. Windows 11 users can choose how many weeks to pause updates using a drop-down menu. Active hours can be adjusted to prevent updates during specific times, ensuring uninterrupted work. Users can set active hours manually or allow Windows to adjust them automatically. For Windows 10 or 11 Pro, Enterprise, or Education users, updates can be deferred for up to 365 days using the Local Group Policy Editor. This feature is beneficial for businesses to test updates before broader rollout. Users can also configure notifications for updates instead of automatic installations. If an update causes issues, Windows provides options to roll back changes.

Winsage

November 15, 2024

Windows 11 update bug falsely warns of end of support, confusing users

A new mandatory security patch for Windows 11, update KB5046633 for the 23H2 version, was released recently. Users who installed this update are receiving an erroneous warning about the end of support for Windows 11 23H2, which is actually set to receive support until November 11, 2025. Microsoft has stated that this warning is a reporting bug and is investigating the issue, with a fix expected within the week. Users are advised to log off and restart their systems or wait for the server-side update. Additionally, a legitimate end-of-support notification was issued for Windows 11 22H2 users, who are encouraged to upgrade as that version will no longer receive updates.

Winsage

November 11, 2024

Windows Server 2025 snafu was like a supply chain attack

A metadata error misidentified the Windows Server 2025 complete OS upgrade as a security patch, causing significant disruptions for users and administrators. The update was a five-gigabyte file requiring 32 GB of available storage, which is atypical for a security patch. This incident highlights a lack of automated checks and human oversight in Microsoft's update processes. The mislabeling of a patch intended for Windows 11 that delivered a Windows Server payload indicates critical flaws in patch management protocols. Windows Update struggles to adapt to modern computing demands, lacking transparency and control options necessary for effective patch management in enterprise settings. There is a call for reevaluation of update mechanisms to create a unified framework for better flexibility and reliability in software maintenance. The incident underscores vulnerabilities in current systems and the need for a comprehensive overhaul of the patching process.

AppWizard

November 7, 2024

Android 15’s first monthly software update is finally rolling out now

Google has begun distributing the first monthly software update for Android 15, which includes various fixes and enhancements along with the latest security patch. The rollout is phased, starting for devices running Android 15, and users will receive a notification when the update is available. Key fixes in this update include: - Bluetooth: Fix for range issues on the Pixel 9 series. - Camera: Resolution of camera tilt issues when zooming on the Pixel 9 series. - Display and Graphics: Correction of flashing white dots on the Pixel 9 series and screen brightness flickering on the Pixel 8a. - Sensors: Fix for occasional failure of Adaptive brightness on the Pixel 9 series. - Touch: Resolution of keyboard dismiss button issues on the Pixel 9 series. - User Interface: General performance and stability improvements for multiple Pixel models (Pixel 6 to Pixel 9 series). The software version is AP3A.241105.007 for Pixel models from Pixel 6 to Pixel 8a and AP3A.241105.008 for the Pixel 9 series.