Server 2025 Archives

Winsage

March 17, 2026

Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

Microsoft is implementing a two-phase initiative to disable the hands-free deployment feature in Windows Deployment Services (WDS) due to a critical remote code execution vulnerability (CVE-2026-0386) identified on January 13, 2026. This vulnerability arises from improper access control related to the Unattend.xml file, which is transmitted over an unauthenticated RPC channel, allowing attackers on the same network segment to exploit it. Successful exploitation could grant SYSTEM-level privileges and compromise OS deployment images. The initiative includes: - Phase 1 (January 13, 2026): The hands-free deployment feature will remain operational but can be disabled. New Event Log alerts and registry key controls will be introduced to enforce secure practices. - Phase 2 (April 2026): The hands-free deployment feature will be completely disabled by default for administrators who have not modified registry settings. Administrators can temporarily re-enable the feature by setting AllowHandsFreeFunctionality = 1, but this is not secure. Recommendations include reviewing WDS configurations, applying security updates, setting registry keys for secure behavior, monitoring Event Viewer for alerts, and considering alternative deployment methods. Microsoft’s KB article 5074952 provides further guidance for impacted organizations.

Winsage

March 11, 2026

New Windows-native NVMe driver benchmarks reveal transformative performance gains, up to 64.89% — lightning-fast random reads and breakthrough CPU efficiency

Microsoft's native NVMe driver, initially released for Windows Server 2025, is now available for Windows 11, enhancing SSD performance. Users can achieve performance gains through registry tweaks. Benchmark tests showed significant improvements in random read bandwidth and input/output operations per second (IOPS). In a test with AMD EPYC 9754 processors and Solidigm P5316 SSDs, the following results were observed: - 4K Random Read: Non-Native Driver 6.1 GiB/s, Native Driver 10.058 GiB/s (+64.89%) - 64K Random Read: Non-Native Driver 74.291 GiB/s, Native Driver 91.165 GiB/s (+22.71%) - 64K Sequential Read: Non-Native Driver 35.596 GiB/s, Native Driver 35.623 GiB/s (+0.08%) - 128K Sequential Read: Non-Native Driver 86.791 GiB/s, Native Driver 92.562 GiB/s (+6.65%) - 64K Sequential Write: Non-Native Driver 44.67 GiB/s, Native Driver 50.087 GiB/s (+12.13%) - 128K Sequential Write: Non-Native Driver 50.477 GiB/s, Native Driver 50.079 GiB/s (-0.79%) Random read latency decreased significantly, with 4K and 64K read times dropping by 38.46% and 13.39%, respectively. However, 64K sequential write latency increased by 39.85%, while 128K sequential write latency rose by 12.43%. The NVMe driver also showed favorable CPU usage results during sequential read and write operations. It is not enabled by default in Windows 11, requiring users to make registry changes to activate it.

Winsage

March 6, 2026

Windows Server 2025 Native NVMe: Storage Stack Overhaul and Benchmark Results

On December 15, 2025, Microsoft announced native NVMe support in Windows Server 2025, marking a significant evolution in data management and access. The new architecture replaces Disk.sys with NVMeDisk.sys, allowing direct communication from the filesystem to hardware via StorMQ, eliminating latency and enhancing performance. Testing revealed increased read speeds, particularly in random 4K and 64K benchmarks, with significant reductions in average read latency and lower CPU usage during sequential operations. Write operations showed modest improvements. A registry modification is required to enable this feature, and caution is advised due to potential complications with NVMe drives when deduplication is enabled.

Winsage

March 5, 2026

Microsoft is fundamentally redesigning NVMe drivers for Windows; initial tests show significant performance shifts

Microsoft is developing a new NVMe storage driver for Windows 11 25H2 and Windows Server 2025, moving away from the existing storNVMe.sys driver to better align with modern I/O mechanisms. This new driver utilizes the IoRing framework to enhance efficiency by allowing the processor to manage multiple storage requests simultaneously, reducing latency and administrative overhead. Initial tests show significant performance improvements in random read accesses, particularly benefiting applications like databases and virtualization systems. However, sequential access performance may be lower due to ongoing optimizations. The new driver is currently in preview and not activated by default, with practical use limited until further refinements are made.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Winsage

February 25, 2026

Microsoft gives Windows laggards the ‘gift of time’ wrapped in licensing fees

Microsoft is offering up to three years of Extended Security Updates (ESU) for older Windows installations, with the expectation of compensation. Most major versions of Windows 10 will reach end of support by 2025, while Windows 10 Enterprise 2016 LTSB and Windows IoT Enterprise LTSB 2016 will end support on October 13, 2026, and Windows Server 2016 will conclude support on January 12, 2027. Microsoft recommends upgrading to Windows Server 2025 for Windows Server 2016 users. The pricing for ESU for Windows 10 2016 LTSB starts at a specified amount per device for the first year, with expected increases in subsequent years. Customers using Intune or Windows Autopatch may receive a reduced rate. There is no official pricing for Windows Server 2016 ESU, creating uncertainty for administrators. Historically, Microsoft has charged a premium for extended support, with previous ESU costs for Windows Server 2012 being 100 percent of the full license price for the first year. The final cost of ESU will depend on each organization’s licensing agreement.

Winsage

February 24, 2026

Microsoft extends security patching for three Windows products at a price

Support for Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will end on October 13, 2026, while Windows Server 2016 will reach its end of support on January 12, 2027. Organizations using these products will receive one final monthly security update on the specified dates, after which they will not receive security patches, updates, or technical support. The Extended Security Updates (ESU) program allows organizations to purchase coverage for up to three years beyond the end of support, with pricing starting at a specified amount per device for the first year and doubling for each subsequent year. Windows Server 2016's ESU pricing has not been announced, and Microsoft recommends upgrading to newer Long-Term Servicing Channel releases. In the European Economic Area, Windows 10 users can access ESU until October 14, 2026, without payment or cloud account requirements due to advocacy from Euroconsumers.

Tech Optimizer

February 16, 2026

How to Uninstall McAfee on Windows 11 (3 Methods Including winget)

To uninstall McAfee on Windows 11, go to Settings → Apps → Installed apps, find McAfee, and select Uninstall. Alternatively, use the command winget uninstall --id "McAfee.TotalProtection" in an elevated terminal. After uninstalling, run McAfee’s MCPR removal tool to remove any leftover files and registry entries. Windows Security (Defender) will automatically activate after McAfee is removed. McAfee is often preinstalled on Windows 11 laptops by manufacturers like Dell, HP, Lenovo, and ASUS. It is recommended to create a system restore point before uninstalling and ensure you have administrative rights. After uninstalling, check for any remaining McAfee entries in installed apps, running services, Task Manager processes, leftover folders, and scheduled tasks. If issues arise during uninstallation, booting into Safe Mode or using the MCPR tool can help. Windows Security is a built-in antivirus that activates automatically after McAfee removal, providing protection.

Winsage

February 11, 2026

Microsoft Patch Tuesday: February 2026

Microsoft has identified several vulnerabilities affecting its products, particularly within Windows Server and Office suites. The affected products and their corresponding vulnerabilities include: - Windows Server 2025: CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533; updates under article numbers 5075899 and 5075942. - Windows Server 2022, 23H2: Same vulnerabilities as above; update article number 5075897. - Windows Server 2022: Same vulnerabilities; update article number 5075906. - Windows Server 2019: Same vulnerabilities; update article number 5075904. - Windows Server 2016: Same vulnerabilities; update article number 5075999. - Windows Server 2012 R2: CVE-2026-21510, CVE-2026-21513, CVE-2026-21525, CVE-2026-21533; update article number 5075970. - Windows 11 and Windows 10: Various versions (26H1, 25H2, 24H2, 22H2) affected; update articles range from 5077179 to 5075912. - Microsoft Office LTSC for Mac 2024 and Mac 2021: Affected by CVE-2026-21514; release notes available. - Microsoft Office LTSC 2024 and 2021: CVE-2026-21509 and CVE-2026-21514; release notes provided. - Microsoft 365 Apps for Enterprise: Affected by CVE-2026-21509 and CVE-2026-21514; release notes available.

Winsage

January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.