Security Patch Archives

Winsage

January 17, 2026

How to fix Nvidia GPU FPS drop due to the Windows January 2026 update?

Users with Nvidia GPUs are experiencing decreased gaming performance after the January 2026 Windows update (KB5074109), which was intended to enhance security and address vulnerabilities. Reported issues include drops in frames per second (FPS), black screen freezes, display hangs, and driver crashes related to nvlddmkm errors. Nvidia has released a new GPU driver to address these problems. A temporary solution for affected users is to uninstall the KB5074109 update, although it is a security patch that may need to be reinstalled later. Users can also update their Nvidia drivers to the latest hotfix version and use Display Driver Uninstaller (DDU) in Safe Mode for better results. It is recommended to pause Windows updates until a fix is provided by Microsoft.

Winsage

December 12, 2025

Windows Defender Firewall Service Vulnerability

On December 9, 2025, Microsoft addressed a vulnerability identified as CVE-2025-62468, which allowed an authenticated local attacker to access sensitive memory within the Windows Defender Firewall Service due to an out-of-bounds read in the service's memory handling routines. This flaw could expose heap or process memory, potentially revealing sensitive information. The vulnerability requires local authenticated access, raising concerns for both home users and system administrators. Microsoft classified the vulnerability as important, emphasizing the need for prompt action. Users are advised to update their systems through Windows Update to mitigate the risk. There is no confirmed public exploit for this vulnerability, and it does not allow remote code execution, but it can lead to information disclosure.

Winsage

December 5, 2025

Microsoft Silently Activates Critical Windows Security Update

Microsoft has enhanced its Windows security measures by addressing the CVE-2025-9491 vulnerability, which has existed for nearly eight years and was exploited by state-sponsored groups for cyber espionage and data theft. The vulnerability was previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro. The November Patch Tuesday updates have fixed this issue, which was described as having been demoted from a vulnerability to a functional bug. The update modifies the Properties dialog of a .lnk file to display the entire Target command in a single line. Microsoft has not officially acknowledged the update but stated that it is continuously rolling out enhancements for security and user experience.

BetaBeacon

December 3, 2025

Google Pixel Phones Just Got a Game‑Changing Android 16 Update

- Google has introduced new screen customizations for Pixel phones in Android 16 QPR2. - Users can now customize app icons with new shape options on the home screen. - Pixel phone users can place widgets on the lock screen by swiping left, with limited options compared to the home screen. - Other lock screen changes include a new low-light mode for the screen saver and fingerprint scanning on the switched-off display. - Users can now disable or reduce blur effects in background elements, adjust HDR intensity, and schedule expanded dark mode. - The update also adds a more flexible split-screen layout, AI-powered notifications, and strengthened parental controls. - Android 16 QPR2 includes the December security patch to fix vulnerabilities and protect against threats.

Winsage

November 18, 2025

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft released an emergency out-of-band update, KB5072653, on November 17, 2025, to address installation issues related to the November extended security updates for Windows 10. This update specifically targets the error code 0x800f0922 that prevented users from successfully installing the ESU update. To install this update, devices must be running Windows 10 version 22H2 and have the October 2025 KB5066791 cumulative update installed. Users can check for updates via Windows Update, where KB5072653 will be included. Microsoft plans to release a new Scan Cab with updated metadata to improve compliance update checks for organizations using WSUS and SCCM.

AppWizard

November 12, 2025

Android 16 QPR2 Beta 3.3 fixes annoying Pixel lock-screen freezes

Android 16 QPR2 Beta 3.3 has begun rolling out for Pixel 6 and newer devices, including the Pixel 10 lineup and foldable models. The update addresses a lock-screen freeze bug and carries the build number BP41.250916.015 for the Pixel 6 series and BP41.250916.015.A1 for newer models, while maintaining the October 2025 security patch. The update focuses on stability and does not introduce new features. It is available to those enrolled in the Android Beta Program, with a gradual rollout to all eligible Pixel phones. Users can manually check for the update in Settings > System > Software update. The full release is expected later this year, likely in December.

Winsage

November 11, 2025

Microsoft releases KB5068781 — The first Windows 10 extended security update

Microsoft has released the KB5068781 update, which is the first extended security update for Windows 10 since the operating system reached its end of support last month. This update follows the final cumulative update on October 14, which ended bug fixes and free security updates for Windows 10. Extended security updates (ESU) are available for consumers and business customers for up to three years, depending on the account type. Consumers can enroll in the ESU program through payment, Microsoft reward points, or Windows Backup synchronization. In the European Economic Area, additional options include free access with a Microsoft account or payment for a local account. Business customers can utilize the ESU program for three years at a total cost of 0 per device. A bug has affected some devices' enrollment in the ESU program, prompting Microsoft to issue an emergency fix. Users can install the update via Settings and Windows Update. The update is mandatory and will automatically install, requiring a device restart. After installation, Windows 10 ESU will be upgraded to build 19045.6575, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6575. The update primarily addresses a bug that incorrectly indicated Windows 10 LTSC devices had reached their end of support. It also includes security updates that fix 63 vulnerabilities, including one actively exploited elevation-of-privilege vulnerability, with no known issues reported.

Winsage

November 6, 2025

Microsoft confirms a bug is hitting paid Windows 10 ESU users

Microsoft's extended security updates (ESU) program for Windows 10 is experiencing a display bug that causes some users to receive erroneous "end of support" notifications despite being enrolled in the program. This issue arose after the installation of the KB5066791 update, released on October 14, 2025, which is the final official security patch for Windows 10. The glitch affects various editions, including Windows 10 22H2 Pro, Education, and Enterprise, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. Microsoft has confirmed that this is a visual error, and devices with a legitimate ESU license will continue to receive security updates. A temporary solution has been provided for businesses, while individual users will need to wait for a future Windows update to fix the issue. Users can verify their enrollment in the ESU program by checking the Windows Update settings for a confirmation message.

Winsage

November 1, 2025

New Warning As Microsoft Windows Attacks Confirmed

Microsoft has rolled out an emergency security update for Windows users, but a new vulnerability, CVE-2025-9491, is being exploited by attackers and remains unpatched. This vulnerability is being actively exploited by threat actors associated with China, primarily targeting European diplomatic entities in Hungary, Belgium, and other nations. The attacks involve phishing emails with embedded URLs that deliver malicious LNK files, allowing attackers to execute obfuscated PowerShell commands and deploy a multi-stage malware chain, culminating in the PlugX remote access trojan. Users are advised to block .lnk files from untrusted sources to mitigate risks.

Winsage

October 24, 2025

Microsoft issues emergency Windows server security patch – update now or risk attack

Microsoft has released an emergency patch for a critical vulnerability in its Windows Server Update Service (WSUS), identified as CVE-2025-59287, as part of the Patch Tuesday cumulative release on October 14, 2025. The vulnerability, categorized as a "deserialization of untrusted data" issue, has a severity score of 9.8 out of 10 and allows unauthenticated attackers to execute remote code without user interaction, potentially leading to broader network compromises. The flaw can be exploited with low-complexity attacks, and public exploit code has emerged, prompting the urgent update. Organizations are advised to apply the patch promptly to protect their systems.