Server 2025 Archives

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Winsage

February 25, 2026

Microsoft gives Windows laggards the ‘gift of time’ wrapped in licensing fees

Microsoft is offering up to three years of Extended Security Updates (ESU) for older Windows installations, with the expectation of compensation. Most major versions of Windows 10 will reach end of support by 2025, while Windows 10 Enterprise 2016 LTSB and Windows IoT Enterprise LTSB 2016 will end support on October 13, 2026, and Windows Server 2016 will conclude support on January 12, 2027. Microsoft recommends upgrading to Windows Server 2025 for Windows Server 2016 users. The pricing for ESU for Windows 10 2016 LTSB starts at a specified amount per device for the first year, with expected increases in subsequent years. Customers using Intune or Windows Autopatch may receive a reduced rate. There is no official pricing for Windows Server 2016 ESU, creating uncertainty for administrators. Historically, Microsoft has charged a premium for extended support, with previous ESU costs for Windows Server 2012 being 100 percent of the full license price for the first year. The final cost of ESU will depend on each organization’s licensing agreement.

Winsage

February 24, 2026

Microsoft extends security patching for three Windows products at a price

Support for Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will end on October 13, 2026, while Windows Server 2016 will reach its end of support on January 12, 2027. Organizations using these products will receive one final monthly security update on the specified dates, after which they will not receive security patches, updates, or technical support. The Extended Security Updates (ESU) program allows organizations to purchase coverage for up to three years beyond the end of support, with pricing starting at a specified amount per device for the first year and doubling for each subsequent year. Windows Server 2016's ESU pricing has not been announced, and Microsoft recommends upgrading to newer Long-Term Servicing Channel releases. In the European Economic Area, Windows 10 users can access ESU until October 14, 2026, without payment or cloud account requirements due to advocacy from Euroconsumers.

Tech Optimizer

February 16, 2026

How to Uninstall McAfee on Windows 11 (3 Methods Including winget)

To uninstall McAfee on Windows 11, go to Settings → Apps → Installed apps, find McAfee, and select Uninstall. Alternatively, use the command winget uninstall --id "McAfee.TotalProtection" in an elevated terminal. After uninstalling, run McAfee’s MCPR removal tool to remove any leftover files and registry entries. Windows Security (Defender) will automatically activate after McAfee is removed. McAfee is often preinstalled on Windows 11 laptops by manufacturers like Dell, HP, Lenovo, and ASUS. It is recommended to create a system restore point before uninstalling and ensure you have administrative rights. After uninstalling, check for any remaining McAfee entries in installed apps, running services, Task Manager processes, leftover folders, and scheduled tasks. If issues arise during uninstallation, booting into Safe Mode or using the MCPR tool can help. Windows Security is a built-in antivirus that activates automatically after McAfee removal, providing protection.

Winsage

February 11, 2026

Microsoft Patch Tuesday: February 2026

Microsoft has identified several vulnerabilities affecting its products, particularly within Windows Server and Office suites. The affected products and their corresponding vulnerabilities include: - Windows Server 2025: CVE-2026-21510, CVE-2026-21513, CVE-2026-21519, CVE-2026-21525, CVE-2026-21533; updates under article numbers 5075899 and 5075942. - Windows Server 2022, 23H2: Same vulnerabilities as above; update article number 5075897. - Windows Server 2022: Same vulnerabilities; update article number 5075906. - Windows Server 2019: Same vulnerabilities; update article number 5075904. - Windows Server 2016: Same vulnerabilities; update article number 5075999. - Windows Server 2012 R2: CVE-2026-21510, CVE-2026-21513, CVE-2026-21525, CVE-2026-21533; update article number 5075970. - Windows 11 and Windows 10: Various versions (26H1, 25H2, 24H2, 22H2) affected; update articles range from 5077179 to 5075912. - Microsoft Office LTSC for Mac 2024 and Mac 2021: Affected by CVE-2026-21514; release notes available. - Microsoft Office LTSC 2024 and 2021: CVE-2026-21509 and CVE-2026-21514; release notes provided. - Microsoft 365 Apps for Enterprise: Affected by CVE-2026-21509 and CVE-2026-21514; release notes available.

Winsage

January 30, 2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft will disable the NTLM authentication protocol by default in the next major Windows Server release and associated Windows client versions. NTLM, introduced in 1993, has been vulnerable to various cyberattacks, including NTLM relay and pass-the-hash attacks. The transition plan includes three phases: enhanced auditing tools in Windows 11 24H2 and Windows Server 2025, new features like IAKerb and a Local Key Distribution Center in late 2026, and eventually disabling network NTLM by default in future releases. NTLM will remain in the operating system but will not be used automatically. Microsoft deprecated NTLM authentication in July 2024 and has encouraged developers to transition to Kerberos or Negotiation authentication.

Winsage

January 30, 2026

Windows 11 KB5074105 update fixes boot, sign-in, and activation issues

Microsoft has released the KB5074105 preview cumulative update for Windows 11, which includes 32 enhancements to improve user experience. This optional update allows administrators to test upcoming fixes and features before the next Patch Tuesday. It addresses issues such as Explorer.exe hanging during login with specific startup apps, system unresponsiveness during startup with Windows Boot Manager debugging enabled, iSCSI boot failures, and problems with Windows license migrations during upgrades. The update elevates Windows 11 25H2 and 24H2 devices to builds 26200.7705 and 26100.7705, respectively. Key highlights include enhanced Cross-Device Resume functionality, support for peripheral fingerprint sensors in Windows Hello Enhanced Sign-in Security, fixes for unresponsiveness when running Windows Terminal with elevated permissions, resolution of GPU-related system errors, and improvements to Windows Sandbox. Microsoft will also introduce distinct identifiers for Windows 11 and Windows Server 2025 updates starting with the January 2026 security update, and has simplified update titles for better accessibility.

Winsage

January 20, 2026

Microsoft issues emergency patch for latest Windows bugs

Microsoft released the January Patch Tuesday update on January 13, 2026, addressing over 110 security vulnerabilities. The update introduced bugs affecting Windows 11, Windows 10, and Windows Server. The first issue involves authentication failures when connecting to a Cloud PC via Remote Desktop, primarily affecting Windows 11 25H2, Windows 10 22H2 ESU, and Windows Server 2025. The second issue affects systems with Secure Launch enabled, causing unexpected restarts instead of shutting down or entering hibernation mode, specifically impacting Windows 11 23H2. Microsoft has released emergency patches for the affected versions, which include: - Windows 11, versions 25H2 and 24H2 (KB5077744) - Windows 11, version 23H2 (KB5077797) - Windows 10, version 22H2 ESU and Windows 10 Enterprise LTSC 2021 (KB5077796) - Windows Server 2025 (KB5077793) - Windows Server 2022 (KB5077800) - Windows Server 2019 and Enterprise LTSC 2019 (KB5077795)

Winsage

January 20, 2026

Unscheduled updates fix critical bugs in Windows 11

On January 19, 2026, Microsoft released unscheduled security and stability updates for Windows 11 in response to significant errors that emerged after routine updates, which affected system functionality. Users reported issues with shutting down, hibernation failures, and authentication challenges with Remote Desktop and other remote applications. Microsoft rolled out out-of-band updates KB5077744 and KB5077797 to address these problems, impacting Windows 11 version 25H2, Windows 10 version 22H2, and Windows Server 2025. The updates also fix issues related to improper shutdowns and unreliable hibernation in Windows 11 version 23H2 when the Secure Launch feature is enabled. Recent incidents are part of a pattern of update-related challenges across various Windows versions, leading to criticism of the quality assurance processes for Windows updates.

Winsage

January 19, 2026

The Last Windows Security Updates of January 2026 Are Here

Microsoft released its first set of security updates for the Windows operating system and various products in January 2026, addressing over 110 vulnerabilities. The updates are available for all supported versions of Windows, with Windows 10 receiving fixes only through the Extended Security Updates (ESU) program. Windows 11 versions 24H2 and 25H2 are the main consumer releases benefiting from these updates. Approximately 112–114 security updates were released, with around 8 rated as Critical. At least one zero-day vulnerability is actively exploited. The updates include security fixes for Windows, Office, Edge, Azure, and server components. Windows 11 versions 23H2, 24H2, and 25H2, as well as Windows Server 2023 and 2025, have known issues. Windows 11 version 24H2 and 25H2 received security fixes for multiple vulnerabilities, while version 23H2 continues to receive support through enterprise servicing channels. Windows 10 updates are limited to ESU-enrolled systems, with general support ending in October 2025. Windows Server 2016, 2019, 2022, 2023, and 2025 received January security updates, addressing important vulnerabilities without disclosing any critical ones. Microsoft also released updates for Office products and SharePoint Server components. Known issues after the January updates include credential prompt failures and authentication issues in Azure Virtual Desktop and Windows 365, particularly affecting the new Windows App. Workarounds involve using the classic Remote Desktop client or the web-based RDP client. Additionally, devices with Secure Launch enabled may experience shutdown and sleep mode failures. Microsoft has provided out-of-band fixes for certain affected systems as of January 18, 2026. Users can manually install updates through the Windows Update feature, and it is recommended to create a full system backup before proceeding with updates.