Sysmon Archives

Winsage

March 29, 2026

Microsoft quietly shipped 9 meaningful Windows 11 improvements this year, and they actually make the OS feel more polished

Microsoft has released a series of quality updates for Windows 11 in the first quarter of 2026, introducing several new features: - Cross-device resume allows users to resume Android apps directly on Windows 11 via the Taskbar. - Windows MIDI Services now support MIDI 0 and 2.0, including WinMM and WinRT MIDI 1.0 support. - Windows Hello Enhanced Sign-in Security now supports external fingerprint readers. - A new "Device info" card in the Settings app displays key hardware specifications. - Quick Machine Recovery is now enabled by default for Windows 11 Pro. - A new network speed test feature can be accessed via the Taskbar. - Camera settings enhancements allow management of pan and tilt controls. - Sysmon is now a native feature in Windows 11, providing advanced monitoring capabilities. - Windows 11 supports WebP images as wallpapers.

Winsage

March 12, 2026

Windows 11 KB5079473 & KB5078883 cumulative updates released

Microsoft has released cumulative updates KB5079473 and KB5078883 for Windows 11 versions 25H2, 24H2, and 23H2 as part of the March 2026 Patch Tuesday. These updates address security vulnerabilities, fix bugs, and introduce new features. Users can install the updates via Start > Settings > Windows Update or manually from the Microsoft Update Catalog. The build numbers will change to 26200.8037 for 25H2, 26100.8037 for 24H2, and 22631.6783 for 23H2. Key enhancements include improved device targeting data for Secure Boot certificates, better reliability in File Explorer searches, and various new features such as a curated selection of emojis, a new backup and restore experience, automatic activation of Quick Machine Recovery, a built-in network speed test on the taskbar, and the ability to set WebP images as desktop backgrounds. Additionally, improvements have been made to the Windows Update settings page and the reliability of waking from sleep. No new issues have been reported with this month's updates.

Winsage

March 11, 2026

I tested Windows 11 March 2026 Updates: Everything new, improved, and fixed

Microsoft has rolled out the March 2026 Patch Tuesday update for Windows 11 (KB5079473, Build 26200.8037) and Windows 10, focusing on enhancements and functional upgrades. The update applies to Windows 11 versions 25H2 and 24H2, introducing new features, security enhancements, system fixes, and reliability improvements. Key features include: - Support for Emoji 16.0, allowing users to insert new emojis through the Emoji panel. - Windows Backup restore adapted for organizational use, enabling restoration of user settings and applications during sign-in. - Quick Machine Recovery (QMR) enabled by default on more Windows 11 Pro PCs. - A Bing-powered Internet speed test tool accessible from the taskbar. - Sysmon included as a native component for system activity monitoring. - Support for WebP images as desktop wallpapers. - Remote Server Administration Tools (RSAT) supported on Windows 11 Arm64 devices. - Minor enhancements in Accounts and Camera settings. The update also includes reliability and stability improvements, such as enhanced responsiveness of the Windows Update settings page, improved sign-in screen reliability, and better performance for the Windows printing service. It lays groundwork for Secure Boot certificate updates and addresses BitLocker reliability issues. Additionally, internal AI components have been updated, and a servicing stack update (SSU) has been released to enhance Windows Update infrastructure reliability. Microsoft is also expanding the updated Start menu and battery icons to more devices and warns users about the importance of updating Secure Boot certificates before their expiration in June 2026.

Winsage

March 11, 2026

Microsoft Releases March 2026 Patch Tuesday Updates

Microsoft has released the March 2026 Patch Tuesday update, KB5079473, for all supported versions of Windows 11 (25H2 and 24H2). Key changes include: - A Network Speed Test Tool in the Taskbar for measuring Ethernet, Wi-Fi, and cellular performance. - New pan and tilt options for supported cameras in the Settings menu. - Built-in System Monitor (Sysmon) available as an optional feature; users should uninstall previous versions before enabling it. - Remote Server Administration Tools (RSAT) support for Windows 11 Arm64 devices. - Quick Machine Recovery tool enabled for Windows Professional devices not domain-joined or enrolled in enterprise management. - Ability to use .webp image files for desktop backgrounds. - Introduction of new emojis from Emoji 16.0, including a face with bags under the eyes and a fingerprint. - BitLocker improvements for device responsiveness after entering a recovery key. - Enhanced reliability of search functions in File Explorer. Additionally, Microsoft is publishing patch notes for the upcoming version 26H1, which is currently available to Windows Insiders on the Canary Channel but not yet public. The KB5079466 patch for version 26H1 includes features already seen in earlier Windows 11 versions.

Winsage

March 6, 2026

Windows 11’s March 2026 update is packing 9 new upgrades you’ll actually notice

On March 10, 2026, Microsoft will release a Patch Tuesday update for Windows 11, introducing several new features and enhancements. Key updates include a network speed test feature accessible from the Taskbar, updated camera controls for pan and tilt settings, a new settings page for Widgets, support for WebP images as wallpapers, Quick Machine Recovery for Windows 11 Pro, refreshed dialogs in the Settings app, and changes in File Explorer allowing "Extract All" for non-ZIP archives. Additional updates include the introduction of Emoji version 16, a magnifier icon in Task Manager for the Windows Search process, and expanded RSAT support for ARM64 devices. Users are advised to be cautious during installation due to potential errors.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.

Winsage

February 26, 2026

Windows Update KB5077241 February 2026 Issues Nvidia GPU Bugs Task Manager Errors and ViVeTool Guide

Windows Update KB5077241, released in February 2026, is a 4.5GB feature update for the 24H2 and 25H2 versions. It poses significant performance risks for older hardware, particularly laptops and desktops without a Neural Processing Unit (NPU). Users with outdated Nvidia graphics cards, specifically the 900 Series (Maxwell) and 1000 Series (Pascal), report issues such as game stuttering, screen flickering, and system boot failures. The update also contains a flaw that inaccurately displays CPU usage in Task Manager, showing 0% utilization even under load. Many users face installation issues, encountering Error 0x800F0983, requiring them to delete update cache files and run repair tools. The update introduces features like a Taskbar Speed Test, Sysmon Security, improved Sleep/Wake functionality, and WebP wallpaper support, but many remain locked. Users can enable these features using ViVeTool with specific commands. Overall, the update is advised against for those with older Nvidia GPUs due to potential conflicts and performance issues.

Winsage

February 25, 2026

Microsoft Releases February Optional Updates for Windows 11

Microsoft has released optional February updates for Windows 11 versions 25H2 and 24H2, which include several enhancements: - A network speed test tool accessible from the taskbar for measuring Ethernet, Wi-Fi, and cellular connections. - Enhanced camera settings with new pan and tilt options for supported cameras. - A built-in version of the System Monitor (Sysmon) tool, available as an optional feature. - Improvements to Remote Server Administration Tools (RSAT) for Windows 11 Arm64 devices. - A new automatic recovery tool for Windows 11 Professional devices not domain-joined. - Support for .webp images as desktop backgrounds. - Introduction of new emojis in the Emoji 16.0 release. - BitLocker improvements to prevent devices from becoming unresponsive after entering a recovery key. Additionally, Microsoft has shared release notes for an upcoming optional update for Windows 11 version 26H1, which is currently only available to Insiders on the Canary Channel and is expected to debut on new devices with advanced silicon.

Winsage

February 20, 2026

Microsoft’s new Windows 11 speed test is just a link to Ookla’s Speedtest via Bing — button housed in the taskbar in latest Insider Preview build

The speed test feature has been introduced in Windows Insider builds 26100.7918 and 26200.7918, allowing users to assess their internet connection directly from the taskbar. Users can access this feature by right-clicking the network icon or using the Wi-Fi/cellular quick settings, selecting "Perform speed test," which opens a streamlined version of Ookla's Speedtest interface in the default browser. The interface displays three key statistics: Latency, Download, and Upload. Additionally, the new Insider builds include new emojis, improved backup and restore capabilities, enhanced camera controls for supported devices, and native implementation of System Monitor (Sysmon) within Windows.

Winsage

February 18, 2026

Releasing Windows 11 Builds 26100.7918 and 26200.7918 to the Release Preview Channel

Windows 11 Builds 26100.7918 and 26200.7918 (KB5077241) have been released for Insiders in the Release Preview Channel, covering versions 24H2 and 25H2. The update features a gradual rollout method for updates and includes various new features and enhancements: - Emoji 16.0 introduces a selection of new emojis. - Windows Backup for Organizations now includes a first sign-in restore experience. - Quick Machine Recovery (QMR) is activated for non-domain joined Windows Professional devices. - A built-in network speed test is accessible from the taskbar. - Taskbar improvements enhance the visual experience of the overflow area. - A new entry point in the account menu directs users to the Microsoft account benefits page. - Windows supports Microsoft Entra ID group and role SID resolution. - Users can control pan and tilt for supported cameras in the Settings app. - Sysmon functionality is now included natively in Windows for capturing system events. - Widget Settings now opens as a full-page experience in the Widgets app. - Users can set .webp image files as their desktop background. - The search process icon in Task Manager has been updated. - Storage Settings dialogs have been modernized, and performance for scanning temporary files has improved. - Enhancements have been made to Windows Update Settings for better responsiveness. - Reliability improvements have been implemented for the login screen and Nearby Sharing. - The Windows print service has been optimized for smoother performance during high-volume tasks. - File Explorer has received several improvements, including an extract all option for non-ZIP archive folders and enhanced reliability for displaying devices on the Network page. - Performance enhancements have been made to reduce resume-from-sleep time on heavily loaded systems. - Minor visual issues related to the taskbar, Windows Security pop-up credential fields, and the print dialog have been addressed.