system administrators Archives

Winsage

January 16, 2026

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shutdown after Microsoft patch

Microsoft's January Patch Tuesday update has caused shutdown and hibernation issues for some Windows 11 23H2 users, with devices refusing to power down despite user commands. The problem is linked to the Secure Launch feature, which prevents shutdown, restart, and hibernation attempts from functioning correctly. Microsoft has suggested a workaround using the command "shutdown /s /t 0" to force shutdown. They have not disclosed how many devices are affected or provided a timeline for a fix. Additionally, there is a separate issue affecting classic Outlook POP account profiles that may freeze or hang after the update.

Winsage

January 12, 2026

2026 Shift: Professionals Ditch Windows 11 for Linux’s Speed and Savings

Professionals are increasingly moving away from Windows 11 to various Linux distributions due to dissatisfaction with performance issues and intrusive features in Windows. A 2025 analysis showed Linux distributions outperforming Windows by an average of 19.5% in everyday tasks. Performance tests indicated that SteamOS, a Linux-based platform, often matched or exceeded Windows 11 in gaming performance. Linux's lightweight nature and superior system administration tools appeal to those managing servers and virtual environments. Security concerns regarding Windows 11, including privacy issues and forced updates, have led users to prefer Linux's open-source model, which allows for greater transparency and customization. Economic factors also play a role, as Linux is free and open-source, eliminating licensing fees associated with Windows 11. User-friendly distributions like Linux Mint facilitate the transition for new users, and community support helps address common challenges. Large organizations are increasingly adopting Linux for its stability and responsiveness, while the Linux community fosters rapid improvements and adaptability. User feedback highlights privacy, performance, and customizability as key benefits of switching to Linux.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

Winsage

January 12, 2026

Microsoft releases 2026’s first Insider build of Windows 11

The latest Insider build of Windows 11, KB5072046, updates the operating system to build 26220.7535 and is available to Insiders in the Dev and Beta channels. A significant enhancement is the new Narrator feature powered by Copilot, which allows users to generate AI-driven descriptions for images. This feature is not available in the European Economic Area due to regulatory restrictions. Users can press Narrator key + Ctrl + D to describe a focused image or Narrator key + Ctrl + S for a full screen description. Microsoft has also introduced a policy for system administrators to uninstall the Microsoft Copilot App under specific conditions, applicable to Enterprise, Pro, and EDU SKUs. Various fixes have been implemented, including resolving issues with the Start menu, File Explorer, input using the Snipping Tool, print dialogs, and Windows Update settings.

Winsage

December 29, 2025

Microsoft Adds Sudo to Windows 11 24H2 for Seamless Elevated Commands

Microsoft has introduced the sudo command in Windows 11 version 24H2, allowing users to execute commands with elevated privileges directly from a standard command prompt or PowerShell window. Users can enable this feature via Settings under System > For Developers. Sudo can run commands in three modes: “in a new window,” “with input disabled,” and “inline.” The inline mode runs the elevated command in the same console session, preserving context and variables. Microsoft has open-sourced the project on GitHub, inviting community contributions. Sudo integrates with User Account Control (UAC) for security, ensuring every elevation request is vetted. It simplifies administrative tasks for software engineers and system administrators, particularly in corporate environments where full admin access is restricted. The feature works seamlessly in Windows Terminal and supports Azure integrations. While some users have reported compatibility issues, Microsoft emphasizes that sudo is a developer tool rather than a complete replacement for Linux's sudo. Future developments may include community-driven extensions and integration with Windows Subsystem for Linux (WSL).

Winsage

December 25, 2025

Native NVMe support in Windows Server 2025 promises dramatic speed gains

Microsoft has introduced native NVMe support in Windows Server 2025, enhancing the performance of modern NVMe devices, including PCIe Gen5 SSDs and high-end Host Bus Adapters (HBAs). This feature eliminates the translation layers that previously routed NVMe I/O through SCSI, resulting in reduced processing overhead and latency. Testing shows that Windows Server 2025 can achieve up to 80% higher 4K random read IOPS and approximately 45% fewer CPU cycles per I/O compared to Windows Server 2022. The enhancements benefit enterprise applications such as SQL Server, OLTP workloads, and virtualization environments using Hyper-V, as well as analytics and AI/ML workloads. To utilize native NVMe, system administrators must use the in-box Windows NVMe driver, and the feature requires an opt-in process with the latest cumulative update and registry key or Group Policy configuration. Organizations should validate the implementation to assess its impact on their production environments.

Winsage

December 18, 2025

Microsoft Eases Windows 11 Smart App Control with Toggle Option

Microsoft's Smart App Control feature in Windows 11 is designed to evaluate and block potentially harmful applications by cross-referencing them against a database of known safe software. Initially, it required a clean installation to enable or disable, which hindered its adoption. Recent updates have removed this requirement, allowing users to toggle the feature on or off directly through the Windows Security app without a system reset. This change addresses user complaints and enhances usability, particularly for developers and IT professionals managing multiple devices. The feature employs artificial intelligence for real-time decisions on app safety and integrates with other Microsoft security tools. Feedback from the tech community has been positive, highlighting the update as a significant improvement in balancing security and user flexibility.

Winsage

December 17, 2025

Microsoft security updates breaks MSMQ on older Win systems

Microsoft has acknowledged that Message Queuing (MSMQ) may fail on certain Windows 10 devices and older Windows Server versions after the December 2025 Security update. Reported issues include MSMQ queues becoming inactive, IIS sites generating "Insufficient resources to perform operation" errors, and applications failing to write to queues. System logs may show misleading messages about insufficient disk space or memory due to folder permissions and MSMQ's write access requirements. The root cause is linked to changes in the MSMQ security model and NTFS permissions for the C:WindowsSystem32MSMQstorage folder, which now requires write access typically restricted to administrators. This issue primarily affects Windows 10 versions 22H2 and earlier, as well as Windows Server versions 2012 to 2019, with minimal impact on Windows Home or Pro editions. Microsoft recommends contacting support for workarounds, and some users have resolved the issue by uninstalling the update, though this would remove security enhancements. The problems are confined to older operating systems often used by enterprises delaying upgrades.

Winsage

December 17, 2025

Windows Server 2025 Gets Native NVMe SSD Support After 12 Years

Microsoft has introduced native NVMe SSD support in Windows Server 2025 as an opt-in feature, marking a significant advancement 12 years after NVMe's inception. This new support allows direct multi-queue access to hardware, delivering up to 3.3 million IOPS on PCIe Gen 5 SSDs and over 10 million IOPS on Host Bus Adapters, while significantly reducing latency. The previous reliance on converting NVMe commands to SCSI commands caused processing latency and overhead. Native NVMe support eliminates outdated translation layers, enhances CPU utilization, and unlocks next-generation storage capabilities. Microsoft has set up an email address, nativenvme@microsoft.com, for user feedback and inquiries. There is no current information on the timeline for native NVMe support in Windows 11.

Winsage

December 17, 2025

Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges

Microsoft has identified a significant out-of-bounds vulnerability (CVE-2025-55681) in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. This vulnerability is found in the dwmcore.dll component and affects all versions of Windows 10, Windows 11, and various Windows Server editions (2016, 2019, 2022, and 2025). The flaw originates from the CBrushRenderingGraphBuilder::AddEffectBrush function, enabling attackers with local access to exploit improper buffer handling without user interaction. The vulnerability has a CVSS v3.1 score of 7.8, indicating high severity. Microsoft has released security patches, and organizations are advised to apply them promptly while implementing strict access controls until the patches are installed.