Security update Archives

Winsage

April 28, 2026

I investigated Windows 11’s massive 5GB monthly .msu updates. AI is only part of the problem.

Windows 11 updates have significantly increased in size, with monthly cumulative updates often exceeding 4GB and some approaching 5GB. One update can expand to nearly 9GB when extracted. Microsoft has shifted to delivering Latest Cumulative Updates (LCUs), which include all previous fixes, leading to larger update sizes over time. The introduction of Checkpoint Cumulative Updates aims to reduce this growth by establishing periodic baselines, but the effectiveness has been mixed. The May 2025 cumulative update saw a size increase from approximately 6.5GB to nearly 9GB, with new MSIX files related to semantic search and on-device AI contributing to this growth. Windows Update uses applicability logic to minimize download sizes for users, but enterprises must download full packages, resulting in increased storage costs. The average yearly storage cost for enterprises rose from about 11 GB in 2024 to 52 GB by 2026. Users can check their actual download sizes through the Windows Update settings and Event Viewer logs.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

Winsage

April 22, 2026

Microsoft Changes Windows Security After 15 Years—Update By ‘End Of April’

Microsoft is set to expire the Secure Boot authentication certificates that protect Windows PCs from threats upon each restart, with this initiative beginning in April 2023. The update will install new certificates and confirm if user action is necessary, with all devices expected to have the update by the end of April 2026. Users can check their Secure Boot status in Windows Security, where a badge system indicates the status. If the certificates expire, users may be at risk of boot-level malware. Microsoft is enhancing visibility of Secure Boot certificate status to aid user awareness. Users should check their PC by the end of the month to ensure it is updated.

Winsage

April 21, 2026

Microsoft releases Windows Server update fix to fix its April update fixes

Microsoft has released an out-of-band update to fix a restart loop issue affecting certain Windows Server devices after the April 2026 update. The problem arose after installing the April 2026 Windows security update (KB5082063), causing domain controllers in multi-domain environments using Privileged Access Management (PAM) to experience LSASS crashes during startup, leading to repeated restarts and potential domain outages. The update targets Windows Server versions 2016 through 2025 and includes hotpatches for failed installations. Only Windows Servers were affected, while some enterprise devices may need to enter their BitLocker recovery key after the first restart post-installation. Microsoft has issued similar updates recently, raising concerns about the frequency of these occurrences.

Winsage

April 20, 2026

Emergency Update for Windows Server Following Reboot Issues

Microsoft has released emergency updates for various versions of Windows Server due to issues arising from the April 2026 Patch Tuesday security updates. A significant problem was a reboot loop affecting domain controllers caused by crashes of the Local Security Authority Subsystem Service (LSASS), which disrupted authentication services. This issue was especially problematic during the setup of new domain controllers. Additionally, some Windows Server 2025 systems encountered difficulties in installing the security update KB5082063. The out-of-band update (KB5091157) for Windows Server 2025 addresses both the installation failure and the domain controller restart issue. Other updates targeting the domain controller restart problem were released for additional supported Windows Server versions. Microsoft has introduced an out-of-band update for seven versions, including KB5091157 for Windows Server 2025 and KB5091571 for Windows Server, version 23H2. Furthermore, some Windows Server 2025 devices may boot into BitLocker recovery mode after the update, requiring users to enter a BitLocker recovery key.

Winsage

April 20, 2026

Microsoft tests Windows Explorer speed, performance improvements

Microsoft is enhancing File Explorer for Windows 11 Insider program users, focusing on improved launch speed and performance. A preloading feature was tested that allows File Explorer to load in the background for faster access, which users can disable in the Folder Options. These updates follow the introduction of Startup Boost for Office applications, which also aims to improve loading times. The Windows Insider Program Team is also working on enhancing the reliability of the explorer.exe process and addressing issues with bright white flashes when opening File Explorer in dark mode. Additionally, a new Xbox mode has been introduced for Windows 11 PCs, providing a full-screen gaming interface to reduce distractions. These updates are being rolled out to Insiders in the Release Preview channel with specific Windows 11 builds installed.

Winsage

April 20, 2026

Microsoft releases emergency updates to fix Windows Server issues

Microsoft has confirmed that some administrators are experiencing difficulties installing the KB5082063 security update on Windows Server 2025. This month's Patch Tuesday updates have caused certain Windows servers, especially those with domain controller roles, to enter a restart loop due to failures in the Local Security Authority Subsystem Service (LSASS). Microsoft has released emergency out-of-band updates, including KB5091157 for Windows Server 2025, to address both the installation failure and the restart issues. Additionally, some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update. A bug affecting Windows Server 2019 and Windows Server 2022 that caused unexpected upgrades to Windows Server 2025 has also been resolved. Microsoft has issued various emergency updates throughout the year to address other issues, including a Bluetooth device visibility bug and vulnerabilities in the Routing and Remote Access Service (RRAS).

Winsage

April 20, 2026

Windows 11 to get a major reliability update in May with faster clipboard, stable taskbar, storage and more

Microsoft has released new Insider builds for Windows 11 across various channels, focusing on enhancing reliability and performance. Key components receiving updates include: 1. File Explorer: Improved speed and reliability, retaining customized folder views. 2. Settings App: Enhanced navigation and consistency, particularly in the Installed Apps page and Privacy & Security section. 3. Drop Tray: Optimized for better usability during multitasking. 4. Clipboard History: Performance enhancements to reduce access delays. 5. Storage Settings: Improved performance for large storage volumes, enabling instant loading of the Disks & Volumes page. 6. Windows Hello: Enhanced fingerprint and face recognition reliability, maintaining biometric data across upgrades. 7. Input and Voice Dictation: Improved keyboard navigation and persistent voice typing settings. 8. Startup Applications: Refined performance and memory management for faster boot times. 9. Display, Audio, and Font Rendering: Better stability and compatibility for color profiles, audio drivers, and font legibility. 10. Security Enhancements: Improved trust model for third-party drivers and command-line scripts. These updates are expected to be available to regular users in the upcoming April optional update and the mandatory May security update.

Winsage

April 18, 2026

Windows Server 2025 Update KB5082063: Error 0x80073712 due to Media Player; and Error 0x800F0983

Cumulative update KB508206, released on April 14, 2024, for Windows Server 2025, is causing installation failures for some administrators. Error code 0x800F0983 has been acknowledged by Microsoft as an issue related to the update process, while error code 0x80073712 has been linked to the legacy Windows Media Player application. Reports indicate that the installation of KB5082063 is problematic, particularly on systems configured in German, with users experiencing persistent failures despite attempts to use repair commands. The installation issues may be related to missing files associated with the Media Player language packs, affecting various language configurations.

Winsage

April 17, 2026

Microsoft’s April patch puts Windows domain controllers into reboot loops — third known issue from KB5082063 is affecting Windows Server 2016 through 2025

Microsoft has acknowledged that the April 2026 security update for Windows Server, patch KB5082063, has caused significant disruptions for some enterprise domain controllers, leading to continuous reboot cycles in non-Global Catalog domain controllers used in Privileged Access Management (PAM) deployments. This has resulted in the unavailability of Active Directory authentication and directory services on affected servers. Additionally, the installation of KB5082063 may fail on some Windows Server 2025 systems. This issue marks the third consecutive year that April security updates have caused problems for Windows Server domain controllers. In previous years, Microsoft issued emergency fixes for similar issues, including crashes and complications with NTLM authentication. Administrators currently have limited options, including delaying the update, isolating a test domain controller, or engaging with Microsoft Support for tailored mitigation steps.