security updates Archives

Winsage

May 28, 2026

Three in ten HP customers still clinging to Windows 10

HP estimates that approximately 30% of its PC customers are still using Windows 10, which exited standard support in October. Ketan Patel, HP's president of personal systems, noted that the slow transition to Windows 11 is providing a financial tailwind for the company. HP's CFO, Karen Parkhill, mentioned that the Windows 11 refresh in EMEA and APJ markets is now on par with North America. Microsoft will end support for Windows 10 for business customers on October 14, 2025, but will offer security updates for those who pay for extended support. Gartner forecasts a modest 6.1% increase in device spending in 2026. Approximately 400 million systems cannot upgrade to Windows 11 due to hardware requirements. European campaigners have called for EU intervention regarding the Windows 11 upgrade, citing vendor-imposed software cutoffs. Microsoft is offering extended support for Windows 10 in the European Economic Area without conditions after the October deadline. HP's revenue grew by 9% year-on-year, reaching .41 billion in the second quarter of fiscal 2026, and net profit increased to million from million the previous year.

Winsage

May 28, 2026

Windows Server 2016 fails to find domain controller

Microsoft has acknowledged an issue with the May 2026 security update for Windows Server 2016, affecting systems with hostnames of exactly 15 characters, which leads to failed domain controller (DC) lookups. The error occurs during DC lookups, specifically returning the error code ERRORINVALIDPARAMETER. Servers with 14 or 16 character hostnames are not affected. Administrators may face challenges with DFS Namespace management and other functions reliant on DC access. Microsoft is investigating the issue but has not provided a timeline for a fix. Windows Server 2016's mainstream support ended in January 2022, but extended support will continue until January 2027.

Winsage

May 27, 2026

Your PC’s trust in Windows has an expiration date

Microsoft will change Secure Boot certificates in June 2026, impacting Windows 11 PCs. If users do not update the certificates, their PCs may still function but will lack critical boot updates and malware blacklists, potentially compromising security. Without the new certificates, systems cannot run the latest Windows Boot Manager, making them vulnerable to bootkit malware and hindering future Windows feature updates. Older computers using BIOS are exempt from this issue. The new Secure Boot certificates are valid until 2038. Users can check their Secure Boot status in the Windows Security app; a green circle indicates readiness for the deadline.

Winsage

May 26, 2026

‘Restart Multiple Times’—Microsoft Changes Windows Next Week

Microsoft will begin the expiration of Secure Boot certificates on most PCs in June, marking the end of a 15-year period of stability. This affects all PCs manufactured before 2023. Users will likely need to perform multiple restarts during the update process, which includes pushing data into firmware and loading a new bootloader. Ignoring the Secure Boot deadline in June 2026 may lead to significant security risks, as Microsoft will stop providing essential boot updates and malware blacklists. The Windows Security App has been updated to help users monitor these changes, and users should check for warnings indicating the status of Secure Boot. It is important for Windows 10 users to ensure they are enrolled in the Extended Security Updates (ESU) program to avoid vulnerabilities.

Winsage

May 26, 2026

Microsoft: Domain Controller lookup may fail on Windows Server 2016

Microsoft has acknowledged an issue affecting Windows Server 2016 systems related to domain controller lookups after the installation of the KB5087537 security update released in May 2026. The problem occurs specifically for devices with hostnames that are exactly 15 characters long, causing domain controller discovery to fail and resulting in an ERRORINVALIDPARAMETER during DCLocator calls. This issue may disrupt administrative operations that depend on domain controller lookups, such as DFS Namespace management. Microsoft is investigating the issue but has not provided a timeline for resolution.

Winsage

May 23, 2026

Microsoft says you should pause Windows 11 Updates when you need to work, as it tests greater controller

Microsoft is shifting its approach to Windows updates, responding to user frustrations about receiving update notifications during critical work hours. The company is currently testing more nuanced controls for updates with Windows Insiders, including a "Pick a date" feature that allows users to pause updates for up to 35 days, with the option to extend the pause indefinitely. Retail Windows 11 users can pause updates for up to five weeks, after which updates will automatically download without further pause options. Microsoft acknowledges that the frequency of updates can disrupt workflows for its 1.6 billion users, many of whom view mandatory updates as interruptions. The time required for updates has increased due to larger cumulative update packages, which can exceed 4GB, and the complexity of the operating system. To improve user control, Microsoft is testing a new power menu that separates update and shutdown options, allowing users to power down without installing updates. Additionally, updates will now include device class information in their titles for better user awareness. These changes aim to streamline the update experience and address long-standing user complaints.

Tech Optimizer

May 23, 2026

CVE-2026-9082: Critical Drupal Core SQLi Flaw

Drupal has issued critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which affects sites using PostgreSQL databases. This flaw allows anonymous attackers to exploit the system through arbitrary SQL injection, posing risks such as sensitive information disclosure, privilege escalation, and remote code execution. The vulnerability is rated 20 out of 25 by Drupal and 6.5 out of 10 by CVE.org. It specifically impacts the database abstraction API, which fails to properly sanitize queries. The fixed versions include 11.3.10, 11.2.12, 11.1.10, 10.6.9, 10.5.10, and 10.4.10, with best-effort patches available for unsupported versions 9.5 and 8.9. Organizations are advised to inventory their Drupal installations, verify PostgreSQL usage, and prioritize patching for public-facing sites.

Winsage

May 22, 2026

Get That Windows 7 Feel In An OS That Still Gets Updates

Classic 7 is a reskin of Windows 10 IoT Enterprise LTSC, not a revival of Windows 7. It offers long-term support with security updates until 2032 and lacks consumer-oriented bloatware. Classic 7 eliminates forced feature updates, providing a stable user experience and a visually appealing interface reminiscent of Windows 7. Users may face challenges in obtaining a license for this version.

AppWizard

May 22, 2026

New SteamOS update finally fixes one of the Steam Deck’s most irritating bugs

Valve has released the SteamOS 3.8.5 Beta, which includes bug fixes and enhancements for the Steam Deck and other devices like the Asus ROG Ally and Lenovo Legion Go. Key improvements include a fix for audio issues on the Steam Deck OLED, enhancements to video memory management for discrete GPUs, and a resolution for a bug in Desktop Mode. The update also includes stability and security updates, a fix for the Asus ROG Ally's control behavior after suspend, and improvements from the previous 3.8.4 Beta, such as solutions for WiFi performance issues and trackpad sensitivity adjustments. Users can join the beta by navigating to Settings > System > System Update Channel.

Tech Optimizer

May 21, 2026

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has announced critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which allows attackers to execute remote code, escalate privileges, or disclose sensitive information. The vulnerability has a CVSS score of 6.5 and affects only sites using PostgreSQL databases. It can be exploited by anonymous users and is rooted in a database abstraction API used for query validation and SQL injection prevention. Updates have been released for the following versions: - Drupal 11.3.10 - Drupal 11.2.12 - Drupal 11.1.10 - Drupal 10.6.9 - Drupal 10.5.10 - Drupal 10.4.10 Drupal 7 is not impacted by this vulnerability. Users on unsupported versions 9 and 8 can access manual patches for: - Drupal 9.5 - Drupal 8.9 Drupal has stated that versions 11.1.x, 11.0.x, and 10.4.x and below are end-of-life and do not receive security coverage, and that both Drupal 8 and 9 have reached end-of-life status. Patches for unsupported versions are provided as a best effort, but users should be aware of potential other vulnerabilities.