startup process Archives

Winsage

January 18, 2026

Microsoft issues emergency fix afer a security update left some Windows 11 devices unable to shut down

Microsoft has released an emergency fix to address critical bugs from the January 2026 Windows security update, which affected shutdown and hibernation functions on some Windows 11 devices, causing unexpected restarts. The update also restores remote login functionality for Windows 10 and 11 users, with issues related to credential prompts identified as the cause of previous login difficulties. Some users still report issues such as blank screens and crashes in Outlook Classic. Microsoft previously issued an emergency fix in October for complications related to the Windows Recovery Environment. Additionally, the Extended Security Updates program is available for users who want to continue using Windows 10 with security support.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

Winsage

November 6, 2025

Latest Windows Updates Trigger BitLocker Recovery

Microsoft has warned that its October 2025 security update may cause a BitLocker recovery prompt on certain systems, particularly affecting devices running Windows 10 version 22H2 and Windows 11 versions 25H2 and 24H2. BitLocker, a security feature in Windows, encrypts drive contents to protect against unauthorized access. The issue arises when some devices inadvertently enter BitLocker recovery mode during startup. This is especially common with Intel-based devices that support Connected Standby. Affected users may need to enter a recovery key once, after which the device should boot normally. Microsoft has provided a fix that administrators must manually deploy, and users without their recovery key risk losing data. They are advised to try retrieving the key through their Microsoft account.

Winsage

November 5, 2025

Microsoft Warns October 2025 Updates May Trigger BitLocker Recovery on Some Windows Systems

Microsoft has acknowledged an issue affecting Windows 11 versions 24H2 and 25H2, as well as Windows 10 version 22H2, where users of specific Intel-based devices encounter unexpected BitLocker recovery screens after installing updates released on or after October 14, 2025. This problem is linked to devices with Connected Standby technology, which affects the startup process but does not indicate a continuous encryption issue. Entering the recovery key resolves the prompt, and subsequent boots do not trigger additional prompts. Microsoft has activated a Known Issue Rollback (KIR) to address the issue without requiring users to uninstall previous patches. Server editions of Windows are unaffected, and users are advised to monitor the Windows Release Health dashboard for updates.

Winsage

August 12, 2025

You should deep clean your Windows PC every year to keep it running smoothly — here’s how I do it

Maintaining a computer's performance requires regular software upkeep in addition to physical care. An annual deep clean is advisable, with more frequent maintenance being beneficial. 1. Uninstall unused applications using the built-in Settings app or a tool like BCUninstaller, which can bulk uninstall and identify leftover files. 2. Run debloat scripts, such as Chris Titus Tech's Windows Utility, to remove bloatware and manage privacy settings. 3. Disable unnecessary startup apps through the Task Manager to optimize boot times. 4. Check for driver updates manually under Advanced options > Optional updates, and visit manufacturer websites for graphics drivers. 5. Run a malware scan using MalwareBytes for periodic checks. 6. Delete temporary files via System > Storage > Temporary files in the Settings app, and manage cached files in web browsers.

Winsage

August 7, 2025

Secure Boot is required to play Battlefield 6 on PC — here’s how to enable it on Windows 10 and Windows 11

Secure Boot is a feature in Windows 10 and Windows 11 that prevents unsafe applications from launching during startup, helping maintain a malware-free environment and serving as a prerequisite for anti-cheat systems like EA's Javelin. It is mandatory for upgrading to Windows 11 but not required for Windows 10. To check if Secure Boot is enabled, users can type "msinfo" in the Windows search bar and verify the Secure Boot State and BIOS Mode in the System Summary. If Secure Boot is off or unsupported, users may need to change their BIOS Mode to UEFI and enable Secure Boot. To enable Secure Boot, TPM 2.0 must be enabled, and the Windows boot drive must be GPT. If the drive is MBR, it can be converted to GPT using the command "mbr2gpt /validate /disk:0 /allowFullOS" followed by "mbr2gpt /convert /disk:0 /allowfullOS." After ensuring UEFI mode is set by disabling Compatibility Support Module (CSM) in the BIOS, users can enable Secure Boot by navigating to the Boot or Secure Boot menu in BIOS and setting it to enabled.

Winsage

July 28, 2025

I ditched most of the Windows start-up chaos and sped up my boot times without any third-party tools, here’s how

As computers age, performance often declines due to the accumulation of installed applications, saved files, and the number of startup tasks running in the background, particularly in Windows 11. New programs frequently set up tasks that launch at startup, leading to longer boot times and increased resource consumption. Users can manage these startup tasks using Task Manager, which allows them to view and disable unnecessary programs that run automatically upon login. Disabling these tasks does not delete applications but prevents them from launching automatically, improving startup efficiency. Additionally, Task Scheduler can be used to identify and manage tasks that may still launch at login. Managing startup tasks can lead to significant performance improvements, such as reducing boot time from approximately 25 seconds to just 31 seconds for a fully loaded desktop.

Winsage

July 20, 2025

10 useful Windows built-in tools you’ve never used

- Windows Memory Diagnostic tests RAM for errors that may cause system crashes or freezes. It can be launched by typing "Windows Memory Diagnostic" in the Start Menu or using the Run Command with mdsched.exe. - Resource Monitor provides detailed insights into CPU, RAM, disk activity, and network bandwidth, helping identify resource-consuming applications. It can be accessed through Task Manager or the Windows search box. - Reliability Monitor displays a timeline of system stability, including software installations, updates, crashes, and hardware errors, aiding in troubleshooting. It can be found by searching in the Start bar or through Control Panel > Security and Maintenance. - DirectX Diagnostic Tool offers information about GPU, audio drivers, and DirectX version, useful for diagnosing gaming-related issues. It can be launched by pressing Win + R and typing dxdiag. - Credential Manager securely manages Windows login credentials and network login information. It can be accessed by searching for "Credential Manager" in the Start bar or through Control Panel. - God Mode consolidates over 200 system settings into a single folder, accessible by creating a new folder and renaming it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}. - Local Group Policy Editor allows advanced customization of Windows settings for Pro or Enterprise users. It can be launched by pressing Win + R and typing gpedit.msc. - Computer Management Console provides access to various system tools like Device Manager and Disk Management. It can be opened by right-clicking the Start button or using Win + R with compmgmt.msc. - Powercfg Tool diagnoses battery issues and provides reports on battery usage and health. It can generate a report by running powercfg /batteryreport in Command Prompt. - System Configuration (msconfig) allows users to control Windows boot options and troubleshoot startup issues. It can be launched by pressing Win + R and typing msconfig.

Winsage

June 11, 2025

Patch your Windows PC now before bootkit malware takes it over

Microsoft's June updates address a significant vulnerability identified as CVE-2025-3052, which allows attackers to gain control over a PC via bootkit malware by bypassing the Secure Boot feature. This memory corruption issue enables unsigned code to run during the boot process, compromising the system's chain of trust. The vulnerability allows an attacker to sign a compromised UEFI application with Microsoft’s third-party certificates, granting it unrestricted execution rights. Although the flaw has not been exploited in real-world scenarios, it has been present since late 2022. Microsoft has released a patch for this flaw, and users of Windows 10 or 11 are advised to download the latest updates to protect their PCs. Additionally, June's Patch Tuesday addressed a total of 66 weaknesses, including another Secure Boot flaw (CVE-2025-4275) and a zero-day vulnerability (CVE-2025-33053).

Winsage

May 30, 2025

Windows 11’s May security update is crashing PCs with code 0xc0000098

Microsoft rolled out update KB5058405 for Windows 11 23H2 to address critical security vulnerabilities, but users are reporting significant issues, including boot failures with error code 0xc0000098. This problem affects both Windows 11 23H2 and 22H2, primarily in virtual environments like Azure Virtual Machines and on-premises virtual machines hosted on Citrix or Hyper-V. Home users with Windows Home or Pro editions are less likely to experience this issue. The error indicates a missing or corrupted ACPI.sys file, which is essential for managing hardware resources and power states. Microsoft is currently investigating the issue and has not yet provided a resolution.