SysInternals Archives

Winsage

March 6, 2026

Windows 11’s March 2026 update is packing 9 new upgrades you’ll actually notice

On March 10, 2026, Microsoft will release a Patch Tuesday update for Windows 11, introducing several new features and enhancements. Key updates include a network speed test feature accessible from the Taskbar, updated camera controls for pan and tilt settings, a new settings page for Widgets, support for WebP images as wallpapers, Quick Machine Recovery for Windows 11 Pro, refreshed dialogs in the Settings app, and changes in File Explorer allowing "Extract All" for non-ZIP archives. Additional updates include the introduction of Emoji version 16, a magnifier icon in Task Manager for the Windows Search process, and expanded RSAT support for ARM64 devices. Users are advised to be cautious during installation due to potential errors.

Winsage

February 25, 2026

Microsoft Releases February Optional Updates for Windows 11

Microsoft has released optional February updates for Windows 11 versions 25H2 and 24H2, which include several enhancements: - A network speed test tool accessible from the taskbar for measuring Ethernet, Wi-Fi, and cellular connections. - Enhanced camera settings with new pan and tilt options for supported cameras. - A built-in version of the System Monitor (Sysmon) tool, available as an optional feature. - Improvements to Remote Server Administration Tools (RSAT) for Windows 11 Arm64 devices. - A new automatic recovery tool for Windows 11 Professional devices not domain-joined. - Support for .webp images as desktop backgrounds. - Introduction of new emojis in the Emoji 16.0 release. - BitLocker improvements to prevent devices from becoming unresponsive after entering a recovery key. Additionally, Microsoft has shared release notes for an upcoming optional update for Windows 11 version 26H1, which is currently only available to Insiders on the Canary Channel and is expected to debut on new devices with advanced silicon.

Winsage

February 17, 2026

I’m stuck with Windows for gaming in 2026, but here’s how I’m optimizing it

In early 2026, Windows 11 posed challenges for users, leading to multiple reinstallations. To optimize gaming performance, users can create a restore point, activate Game Mode, adjust power settings to High Performance or Ultimate Performance, enable "Optimizations for windowed games," and activate Hardware-accelerated GPU scheduling. Managing startup apps through Windows Settings or Task Manager, disabling the Virtual Machine Platform and Hyper-V, and using the Win11Debloat PowerShell script can improve system performance. Adjustments in the NVIDIA Control Panel, such as setting the Shader Cache Size to 10 GB and Power management mode to "Prefer maximum performance," enhance gaming experience. Registry edits like changing Scheduling Category to High and modifying NetworkThrottlingIndex can further optimize performance.

Winsage

November 19, 2025

Microsoft Integrates System Monitor (Sysmon) into Windows 11

Microsoft will integrate its forensic tool, System Monitor (Sysmon), into the Windows kernel with the upcoming releases of Windows 11 and Server 2025. This integration will transform Sysmon from a standalone utility into a native “Optional Feature” that will be serviced automatically through Windows Update. Administrators will no longer need to manually distribute Sysmon; instead, it can be activated through the “Turn Windows features on or off” dialog or command-line instructions. The integration will ensure that updates flow through the standard Windows Update pipeline, providing official support and Service Level Agreements (SLAs) for Sysmon. Microsoft plans to utilize local computing capabilities for AI inferencing to enhance security measures, focusing on detecting credential theft and lateral movement patterns. Sysmon will maintain backward compatibility with existing workflows, allowing the use of custom configuration files and adhering to the XML schema while continuing to log events to the Windows event log. Community-driven configuration repositories will remain operational, preserving established community knowledge.

Winsage

November 18, 2025

Microsoft is bringing native Sysmon support to Windows 11, Server 2025

Microsoft is integrating Sysmon into Windows 11 and Windows Server 2025, eliminating the need for separate deployments of Sysinternals tools. This integration will allow users to utilize custom configuration files for filtering captured events, which will be logged in the Windows event log. Sysmon is a free tool that monitors and blocks suspicious activities while logging events such as process creation, DNS queries, and executable file creation. It will be easily installable via the "Optional features" settings in Windows 11, with updates delivered through Windows Update. Sysmon will retain its standard features, including support for custom configuration files and advanced event filtering. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025, eliminating the need for standalone deployment. Sysmon will allow users to utilize custom configuration files for event filtering, logging events in the Windows event log. It tracks events such as process creation, DNS queries, executable file creation, changes to the clipboard, and auto-backup of deleted files. Users can access Sysmon through "Optional features" in Windows 11 and receive updates via Windows Update. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft Finally Makes Sysmon Native To Windows

Sysmon is a system monitoring tool that traditionally requires users to download and install it from Microsoft's Sysinternals page, often leading to its deployment only after issues arise. Pre-installing Sysmon can enhance proactive monitoring and issue diagnosis. Its effectiveness can be improved through tailored configurations, with resources available from Bleeping Computer for specific use cases like monitoring DNS queries. Additionally, Sysmon can now be installed on Linux systems via the Windows Subsystem for Linux (WSL), increasing its accessibility and versatility for users familiar with Sysmon.

Winsage

November 6, 2025

Microsoft Store Web Now Lets You Install Multiple Windows Apps at Once

Microsoft has introduced a "Multi-app Install" feature on the Microsoft Store website, allowing users to select and install multiple Windows applications simultaneously. Users can bundle several applications into a single installer, which, when executed, initiates the installation of all chosen apps without requiring additional clicks or permissions. Currently, users can select from a curated list of 48 popular apps, including Netflix, Instagram, Apple Music, and Spotify. This feature is only available on the web version of the Microsoft Store, as the desktop application does not support it yet.

Winsage

August 4, 2025

I use this official Microsoft application to make booting Windows 11 so much easier

Windows users can streamline their morning routine by using a Microsoft utility called Autologon, which automates the login process. Autologon allows users to bypass traditional login steps and securely stores passwords as Local Security Authority (LSA) secrets, unlike the registry method that stores credentials in plain text. For enhanced efficiency, Autologon can be combined with PowerToys' Workspaces and Task Scheduler to automate the launch and arrangement of applications upon login. Users can create a task in Task Scheduler to trigger the desired workspace, ensuring that applications are ready and arranged as preferred. This setup saves time and improves productivity for users managing multiple applications.

Winsage

May 8, 2025

Windows 0-Day Vulnerability Exploited in Wild to Deploy Play ransomware

Threat actors associated with the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows, identified as CVE-2025-29824, before a patch was released on April 8, 2025. This vulnerability affects the Windows Common Log File System (CLFS) driver, allowing attackers to elevate their privileges to full system access. The Play ransomware group targeted an unnamed organization in the United States, likely gaining initial access through a public-facing Cisco Adaptive Security Appliance (ASA). During this intrusion, no ransomware payload was deployed; instead, the attackers used a custom information-stealing tool named Grixba. Microsoft attributed this activity to the threat group Storm-2460, known for deploying PipeMagic malware. The exploitation affected various sectors, including IT, real estate in the U.S., finance in Venezuela, software in Spain, and retail in Saudi Arabia. The vulnerability received a CVSS score of 7.8 and was addressed in Microsoft's April 2025 Patch Tuesday updates. The attack involved creating files in the path C:ProgramDataSkyPDF, injecting a DLL into the winlogon.exe process, extracting credentials from LSASS memory, creating new administrator users, and establishing persistence. The Play ransomware group has been active since June 2022 and employs double-extortion tactics. Organizations are urged to apply the security updates released on April 8, 2025, especially for vulnerable Windows versions, while Windows 11 version 24H2 is not affected due to existing security mitigations.