snapshots Archives

Winsage

May 7, 2026

Upwind expands runtime protection to Windows Server VMs

Upwind has expanded its runtime protection and visibility offerings to include Windows Server virtual machines (VMs) on major cloud platforms such as Amazon Web Services, Google Cloud, and Microsoft Azure. This integration applies to Windows Server 2016 and later versions and enhances runtime monitoring and detection workflows. Upwind's Windows Sensor provides visibility into host activities, including process executions, network connections, and DNS requests, while also conducting continuous assessments for vulnerabilities and configuration issues. The telemetry collected aids in real-time detection of potential security threats and supports ongoing vulnerability scanning. The integration of Windows Server VMs into Upwind's Runtime Map, Detections, and Sensor components allows for unified monitoring and risk prioritization across cloud environments. This expansion aims to address the critical need for runtime behavior insights in cloud security, particularly for businesses relying on Windows Server for essential applications.

Winsage

May 6, 2026

“Minimize downtime and simplify troubleshooting”: Microsoft’s powerful new recovery tool is quietly fixing System Restore. Here’s how it actually works.

System Restore is a recovery tool in Windows that allows users to revert their systems to a previous state, originating with Windows ME. It generates restore points that can be created manually or automatically, with a maximum retention of 60 days starting from the Windows 11 24H2 update in 2025. System Restore captures essential system files and settings but does not recover personal files. The new Point-in-Time Restore feature, introduced in 2025 and appearing in the Windows 11 Insider Experimental preview in April 2026, captures a broader range of data, including user files and applications, and operates on a scheduled basis with snapshots retained for up to 72 hours. It is optional for standard users, enabled by default for PCs with 200GB or more storage, and has storage limits set to 2% of total drive capacity. In enterprise settings, it is always enabled for Windows 365 Enterprise, maintaining restore points for up to one month and utilizing cloud storage. Point-in-Time Restore aims to improve the recovery experience and address limitations of the classic System Restore.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

Winsage

May 4, 2026

Microsoft confirms April Windows updates cause backup failures

Microsoft has acknowledged that the April 2026 security updates have disrupted the functionality of various third-party backup applications using the psmounterex.sys driver, raising concerns among users. The issue primarily affects software leveraging the Volume Shadow Copy Service (VSS) snapshots, leading to failures due to VSS service timeouts. Notable impacted products include Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, used on Windows 11, Windows Server, and Windows 10 devices. Disruptions can manifest as failures to mount backup image files, errors or timeouts when browsing or restoring from backup images, and error messages related to VSS timeouts. Microsoft updated its support documentation to clarify that the April updates included a security hardening change that added psmounterex.sys to the vulnerable driver blocklist to protect against a high-severity buffer overflow vulnerability (CVE-2023-43896). Affected users are advised to upgrade to newer application versions with updated drivers and not to uninstall or pause the security update. Users can check if the Microsoft Vulnerable Driver Blocklist is blocking a driver by looking for Event ID 3077 in the Code Integrity Operational log. Additionally, Microsoft has alerted users that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update and has issued out-of-band updates to address installation failures and restart loops affecting Windows Server systems after the April 2026 updates.

Winsage

May 1, 2026

Windows 11’s April update is now breaking third-party backup apps

Microsoft rolled out update KB5083769 for Windows 11 to enhance security, but users have reported issues such as BitLocker lockouts, boot loops, and problems with Remote Desktop functionality. The update is causing compatibility problems with third-party backup applications, including Acronis Cyber Protect Cloud, Macrium Reflect, NinjaOne Backup, and UrBackup Server, due to a bug in the Volume Shadow Copy Service (VSS). Users experiencing backup failures are advised to uninstall update KB5083769 as a temporary solution until Microsoft releases a patch. The timeline for resolving these issues is currently unclear.

Winsage

April 30, 2026

Windows AI Recall is pushing data destruction upstream

The introduction of Copilot+ PCs has created new complexities in IT asset disposition (ITAD), as these devices may contain a comprehensive, time-stamped archive of user activity, which was not present on corporate laptops two years ago. Microsoft's Recall feature captures user activity screenshots and stores them securely, but recent research by Alexander Hagenah suggests that the safeguards may be ineffective, as his tool can extract sensitive data without breaking encryption. Microsoft defends the security of Recall, stating that observed access patterns align with intended protections. This situation presents challenges for ITAD operators, as pre-collection now constitutes a data-destruction event, requiring devices to be powered down or purged before leaving the client’s environment. Certificates of sanitization must evolve to address the specific destruction of Recall snapshot stores, and conversations with clients should differentiate between managed and unmanaged fleets regarding Recall settings. The presence of Recall shifts some data-destruction responsibilities upstream to clients, complicating traditional ITAD value propositions.

Winsage

April 29, 2026

Microsoft open-sources 86-DOS 1.00, the ancestor of Windows

Microsoft has made the source code for 86-DOS 1.00 available on GitHub to celebrate its 45th anniversary. 86-DOS, developed by Tim Paterson, was foundational for MS-DOS and Windows. This release is part of Microsoft's effort to preserve historically significant software. Microsoft previously released the source code for MS-DOS versions 1.25, 2.11, and 4.0. A team of historians and preservationists has gathered and transcribed DOS-era source listings, including the 86-DOS 1.00 kernel and development snapshots of the PC-DOS 1.00 kernel. Microsoft acquired 86-DOS from Seattle Computer Products for approximately ,000 and modified it to deliver PC-DOS 1.0 in August 1981, which became known as MS-DOS for IBM-compatible computers.

AppWizard

April 29, 2026

Minecraft 26.2 Snapshot 5

The 26.2 Snapshot 5 introduces several new features, including an explosive archetype for the Sulfur Cube and the addition of erupting Geysers formed by Potent Sulfur. The new Sulfur Cube archetype, called Explosive, shares properties with the Regular archetype but has higher air drag and can absorb TNT blocks. When primed, absorbed TNT has a fuse time of 6 seconds when ignited by fire or Redstone, and a randomized fuse time between 0.75 and 3 seconds when primed by an explosion. Sulfur Cubes with absorbed TNT cannot be picked up or damaged, and no Small Sulfur Cubes will spawn upon explosion. Potent Sulfur creates Geysers when placed above a Magma block and under water, sending water particles skyward at random intervals. Various adjustments have been made to mob hitboxes, and Hoglins are now classified as hostile and will not spawn on Peaceful difficulty. New sounds for Geyser eruptions have been added, and Touchscreen Mode has been removed. The Data Pack version is now 104.0, and the Resource Pack version is 86.2. New particles related to Geysers have been introduced, and several bugs have been fixed in this update.

AppWizard

April 29, 2026

Dial up the chaos in testing

Geysers are a new feature in Minecraft that create vertical jets of sulfurous water when a magma block generates beneath a sulfur block submerged under one to four blocks of water. Players can experience these geysers by enabling snapshots in Minecraft: Java Edition or activating experimental features in Minecraft: Bedrock Edition. Feedback from players is encouraged to help shape the development of these features.

Winsage

April 20, 2026

“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions

Windows Recall, an AI-driven tool by Microsoft designed to capture and analyze users' screen content, was initially unveiled in 2024 but faced a delayed rollout due to significant security concerns. It launched in April 2025 with enhanced security features, including isolation within a "VBS Enclave" to protect against third-party access and filtering out sensitive information. However, security researcher Alexander Hagenah identified a flaw where data is transmitted to a less secure process, d AIXHost.exe, allowing tools like TotalRecall Reloaded to access sensitive data without administrative privileges. Despite reporting this vulnerability, Microsoft deemed it "not a vulnerability" and has not planned significant fixes. In response to user backlash, Microsoft is reassessing its AI initiatives, including Windows Recall, while privacy-focused organizations have introduced features to block the tool. Experts are calling for improved security protocols and user opt-out options.