system administrators Archives

Winsage

June 2, 2026

Microsoft outs new Windows 11 native command-line utility. Revolutionizes native app making.

Microsoft has announced the general availability of Coreutils for Windows, introducing a native suite of Linux-style command-line utilities designed to enhance cross-platform development workflows. Coreutils includes essential commands for file, shell, and text manipulation, such as ls, cp, mv, rm, cat, and pwd, and will function similarly to its GNU counterpart, allowing seamless use across Windows, Linux, macOS, containers, and the Windows Subsystem for Linux (WSL). Microsoft has excluded certain utilities that rely on POSIX-specific functionality to avoid disrupting Windows operations. Additionally, Microsoft introduced "Windows Development Skills," a set of AI-powered tools aimed at improving the development and maintenance of Windows applications, built on WinUI 3 and the Windows App SDK, and available through a dedicated GitHub repository.

Winsage

June 1, 2026

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.

Winsage

May 29, 2026

Microsoft is killing Windows 11’s awkward 5-letter user folder name after years of complaints, but only for new setups

Windows 11 introduced the ability to customize the default user profile folder name during setup with the May 2026 Optional Update KB5089573. Previously, the folder name was automatically truncated to the first five letters of the user's email ID used for logging in. The default user folder is located under C:Users and serves as the primary directory for personal files. Users can now choose a custom name for their user folder during the Device Name page in Windows setup, but if skipped, the default name will be used. Custom user folder names must adhere to standard Windows naming requirements and cannot include reserved characters or system names. The feature is being rolled out gradually, and existing users may need to reinstall Windows to change their folder names.

Winsage

May 28, 2026

Microsoft tests the 15-character limit of Windows Server admins’ patience

Windows Server 2016 has a bug introduced by the May 12 security update that affects servers with hostnames exactly 15 characters long, causing errors in domain controller discovery. Specifically, calling the DCLocator results in an ERRORINVALIDPARAMETER, hindering applications and tools from locating a domain controller. This issue impacts features like Distributed File System (DFS) Namespace management. Microsoft has not provided a workaround but suggests changing the hostname length. Windows Server 2016 is officially supported until January 12, 2027, with extended support options available. Despite representing only 2.2 percent of all Windows devices, it accounts for 20.3 percent of all servers. Additionally, the May 2026 security update has caused installation failures on some Windows 11 devices due to insufficient EFI System Partition size.

Winsage

May 8, 2026

Windows 11 Clients: The Group Policy Editors gpedit.msc and GPMC are broken

The Group Policy Editors gpedit.msc and gpmc from the RSAT tools are experiencing functionality issues in Windows 11 due to a bug that causes an overflow error, resulting in incorrect configurations being saved. This issue was first reported by Mark Heitbrink to Microsoft in March 2026, but he has not received feedback. The bug appears to be unique to Windows 11 clients, as tests on Windows Server did not show the problem. Mark documented the bug with submission number VULN-180447 and case number 111952. He described how to reproduce the issue involving the group policy "Delay Foreground download from http" and the decimal value "4294967295," which gets altered to "2147483647" on Windows 11. Mark speculated that the issue might be due to the Windows client using the INT data type instead of unsigned INT, leading to an overflow. He noted that over 50 policies are affected by this MaxValue issue across various components.

Winsage

May 5, 2026

All new features arriving in the Windows 11 May 2026 update

Microsoft will release the Windows 11 May 2026 update on May 12, 2026, as part of its regular Patch Tuesday rollout. Key features include: 1. Enhanced File Explorer with improved launch speed and persistent View/Sort preferences. 2. Haptic feedback integration for compatible input devices. 3. Xbox mode for an improved gaming experience, available to all users later this month. 4. Transformation of the Drag Tray to Drop Tray with settings relocated for easier file sharing. 5. Introduction of the Arabic 101 Legacy keyboard layout. 6. New AI agent support on the taskbar for app previews. 7. Ability to format FAT32 drives up to 2TB. 8. Updated Windows Driver policy requiring drivers to be signed through the Windows Hardware Compatibility Program. 9. Improvements to Voice Typing, allowing activation via the Voice Typing key. 10. Security changes restricting certain CMD scripts that could manipulate system files. 11. Updated Group Policy for removing default Microsoft Store packages with a dynamic list for customization.

Winsage

April 21, 2026

Microsoft releases Windows Server update fix to fix its April update fixes

Microsoft has released an out-of-band update to fix a restart loop issue affecting certain Windows Server devices after the April 2026 update. The problem arose after installing the April 2026 Windows security update (KB5082063), causing domain controllers in multi-domain environments using Privileged Access Management (PAM) to experience LSASS crashes during startup, leading to repeated restarts and potential domain outages. The update targets Windows Server versions 2016 through 2025 and includes hotpatches for failed installations. Only Windows Servers were affected, while some enterprise devices may need to enter their BitLocker recovery key after the first restart post-installation. Microsoft has issued similar updates recently, raising concerns about the frequency of these occurrences.

Winsage

April 20, 2026

Microsoft releases emergency updates to fix Windows Server issues

Microsoft has confirmed that some administrators are experiencing difficulties installing the KB5082063 security update on Windows Server 2025. This month's Patch Tuesday updates have caused certain Windows servers, especially those with domain controller roles, to enter a restart loop due to failures in the Local Security Authority Subsystem Service (LSASS). Microsoft has released emergency out-of-band updates, including KB5091157 for Windows Server 2025, to address both the installation failure and the restart issues. Additionally, some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update. A bug affecting Windows Server 2019 and Windows Server 2022 that caused unexpected upgrades to Windows Server 2025 has also been resolved. Microsoft has issued various emergency updates throughout the year to address other issues, including a Bluetooth device visibility bug and vulnerabilities in the Routing and Remote Access Service (RRAS).

Tech Optimizer

April 19, 2026

This legit-looking software is actually antivirus-killing adware

Security researchers at Huntress discovered adware signed by Dragon Boss Solutions LLC, which was designed to deliver unwanted advertisements and disrupt user experience. The software had a sophisticated update mechanism that disabled antivirus programs and prevented their reactivation. Huntress found that the primary update domain and its fallback had not been registered, creating a vulnerability that could have allowed malicious actors to take control of the compromised network. In response, Huntress acquired the domains to prevent further exploitation, observing tens of thousands of compromised endpoints attempting to connect. They identified 324 infected devices in high-value sectors, including 221 academic institutions, 41 Operational Technology networks, 35 municipal governments and public utilities, 24 educational institutions, and 3 healthcare organizations. Additionally, networks of multiple Fortune 500 companies were also compromised. Researchers advised monitoring for specific WMI event subscriptions and processes associated with Dragon Boss Solutions LLC to mitigate risks.

Winsage

April 18, 2026

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has officially resolved the incident involving the unexpected upgrade to Windows Server 2025, which occurred over a year ago and caused significant disruption for system administrators. The upgrade was automatic, with no rollback option, and was attributed to third-party products managing updates. Additionally, Microsoft's cumulative update KB5082063 has introduced new issues, causing LSASS crashes on non-Global Catalog domain controllers in environments using Privileged Access Management, leading to repeated restarts and potential inaccessibility of domains. Microsoft has acknowledged this problem and promised a resolution soon.