system access Archives

Winsage

June 1, 2026

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

Microsoft is facing scrutiny due to a critical remote execution vulnerability, CVE-2026-41089, rated at 9.8, affecting Windows Server domain controllers from version 2012 onward. This vulnerability allows unauthenticated users on the same network to send malformed UDP packets to a domain controller, potentially granting unauthorized system access or causing a reboot, leading to denial-of-service scenarios. The vulnerable service is Netlogon, and there are no immediate mitigations available; patches will be released on May 12. The vulnerability could allow attackers to create multiple accounts with various access levels, compromising the security of entire networks. Cybersecurity experts recommend patching all linked domain controllers simultaneously. The vulnerability is caused by a buffer overflow in the Netlogon service due to a field in a network packet exceeding its expected size. A GitHub repository exists with proof-of-concept code that can crash the LSASS service. Additionally, Microsoft is in conflict with security researcher Chaotic Eclipse, who has published zero-day exploits following a breakdown in negotiations.

Winsage

May 22, 2026

Microsoft’s Yusuf Mehdi pledges to reimagine Windows 11 for the AI era in his final year before leaving

Yusuf Mehdi is leaving Microsoft after a 35-year tenure, during which he played a significant role in launching products like Windows 95, Internet Explorer, Bing, Xbox One, and the Surface Pro lineup. He was the Executive Vice President and Consumer Chief Marketing Officer, leading Microsoft's consumer strategy and its push into AI, particularly with the Copilot brand. Mehdi announced plans to continue working on Microsoft's AI strategy, focusing on making Windows 11 an "agentic OS," which allows AI agents to operate autonomously. Despite backlash from users regarding performance issues, Mehdi remains committed to this vision. Recently, Microsoft has shifted its focus to improving Windows 11's functionality, addressing criticism about its performance while continuing to explore AI integration.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

Winsage

May 18, 2026

Old Windows Flaw Returns to Spotlight With MiniPlasma Exploit

Security researcher Chaotic Eclipse has introduced a Windows exploit called MiniPlasma, which may allow privilege escalation from standard user accounts to SYSTEM level access, even on patched versions of Windows. This exploit is linked to CVE-2020-17103, a flaw in the Windows Cloud Filter driver that was addressed by Microsoft in December 2020. Tests have reportedly demonstrated the exploit functioning on a patched Windows 11 Pro system, achieving SYSTEM access from a standard user account. The exploit involves an undocumented registry-key path within the .DEFAULT user hive, raising concerns about the effectiveness of the 2020 fix. There is a discrepancy between public and Canary builds of Windows 11, with the exploit working on the public build but not on the Canary build. Microsoft’s April 2026 Patch Tuesday updates included another entry related to the Windows Cloud Files Mini Filter Driver elevation-of-privilege issue. Defenders are advised to monitor the CVE-2020-17103 record for further clarification regarding the status of the original fix and the implications of the MiniPlasma exploit.

Winsage

May 18, 2026

MiniPlasma zero-day gives SYSTEM access on fully patched Windows 11

GitHub has introduced enhancements aimed at improving security and user experience on its platform. Key features include a more robust authentication process to protect user accounts, improved monitoring tools for tracking changes and vulnerabilities in repositories, a streamlined interface for easier navigation, and new collaboration features such as integrated chat options and real-time updates. Additionally, GitHub has launched initiatives to encourage user feedback to ensure the enhancements meet the needs of its user base.

Winsage

May 17, 2026

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher, known as Chaotic Eclipse, has released a proof-of-concept exploit for a Windows privilege escalation zero-day vulnerability called "MiniPlasma," which allows attackers to gain SYSTEM privileges on fully patched Windows systems. The vulnerability affects the cldflt.sys Cloud Filter driver and was reported by Google Project Zero in September 2020, assigned the identifier CVE-2020-17103, and claimed to be resolved by Microsoft in December 2020. However, Chaotic Eclipse asserts that the vulnerability remains unpatched. Testing confirmed that the exploit works on Windows 11 Pro, enabling command prompt access with SYSTEM privileges from a standard user account. Will Dormann, a vulnerability analyst, verified the exploit's effectiveness but noted it did not work in the latest Windows 11 Insider Preview Canary build. The exploit leverages the undocumented CfAbortHydration API to manage registry key creation improperly. Chaotic Eclipse has previously disclosed other Windows zero-day vulnerabilities and claims their actions are a protest against Microsoft's handling of vulnerabilities.

Winsage

May 16, 2026

Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

On May 14, Pwn2Own Berlin 2026 began, where researchers earned ,000 for 24 unique zero-day vulnerabilities. Cheng-Da Tsai, also known as Orange Tsai, achieved a significant Edge sandbox escape, earning ,000, and later exploited Microsoft Exchange for remote code execution, earning an additional ,000. Tsai accumulated 17.5 Master of Pwn points, contributing to DEVCORE's lead with ,000 in total earnings. Other researchers, including Angelboy and TwinkleStar03, earned ,000 for an Improper Access Control vulnerability, while Marcin Wiązowski and Kentaro Kawane also contributed successful exploits. By the end of Day One, DEVCORE led with ,000, and the event featured a prize pool exceeding ,000,000 across 31 targets. As of Day Two, a total of ,750 had been awarded for 39 unique vulnerabilities, with DEVCORE leading at 40.5 points and ,000 in earnings.

Winsage

May 14, 2026

Dell SupportAssist is crashing some Windows 11 PCs, causing them to enter reboot loops. Here’s how to stop it.

Dell users on Windows 11 are experiencing frequent blue screens and reboot loops after updating the Dell SupportAssist Remediation software to version 5.5.16.0, released on April 30. This issue particularly affects models like the XPS 15 9530, with crashes occurring approximately every thirty minutes and a common error message being "CRITICALPROCESSDIED." The problem has been traced to the DellSupportAssistRemediationService.exe, which is pre-installed on many Dell systems and designed to manage diagnostics, driver updates, and recovery tools. Users are advised to uninstall or disable the software to restore normal functionality. Dell has acknowledged the issue and is working on a resolution. Temporary workarounds include disabling the service via Command Prompt or fully uninstalling the SupportAssist components through the Settings app. However, uninstalling may result in the loss of system repair points created by the service.

Tech Optimizer

April 21, 2026

Microsoft says Windows 11 users do not need third-party antivirus software

Microsoft has introduced built-in antivirus software, Microsoft Defender, in Windows 11, which is active by default and continuously updated. Independent testing shows Defender achieving a score of 6 out of 6 from AV-Test and real-world protection rates between 98.5% and 100% from AV-Comparatives. The security features include real-time scanning, behavior monitoring, cloud-delivered protection, SmartScreen technology, Controlled Folder Access, and Smart App Control. Microsoft acknowledges that while Defender is sufficient for most users, third-party solutions may be necessary in enterprise environments. Windows Security benefits from automatic updates through Windows Update, providing continuous protection. Over 500 million Windows 11 users have received this updated guidance.

Winsage

April 7, 2026

Disgruntled researcher drops “BlueHammer” Windows zero-day LPE exploit

A security researcher, known as "Nightmare-Eclipse," released proof-of-concept exploit code for a Windows zero-day vulnerability called "BlueHammer," which allows local privilege escalation (LPE). The exploit has been validated by another researcher, Will Dormann, who confirmed it can escalate privileges on Windows systems, allowing non-administrative users to gain SYSTEM-level access. The exploit's reliability varies across different Windows versions, with inconsistent success rates reported. Microsoft has not acknowledged the vulnerability or provided a patch, raising concerns about potential exploitation by threat actors. Users are advised to restrict local user access, monitor for suspicious activity, and enable advanced endpoint protection.