system administrators Archives

Winsage

April 21, 2026

Microsoft releases Windows Server update fix to fix its April update fixes

Microsoft has released an out-of-band update to fix a restart loop issue affecting certain Windows Server devices after the April 2026 update. The problem arose after installing the April 2026 Windows security update (KB5082063), causing domain controllers in multi-domain environments using Privileged Access Management (PAM) to experience LSASS crashes during startup, leading to repeated restarts and potential domain outages. The update targets Windows Server versions 2016 through 2025 and includes hotpatches for failed installations. Only Windows Servers were affected, while some enterprise devices may need to enter their BitLocker recovery key after the first restart post-installation. Microsoft has issued similar updates recently, raising concerns about the frequency of these occurrences.

Winsage

April 20, 2026

Microsoft releases emergency updates to fix Windows Server issues

Microsoft has confirmed that some administrators are experiencing difficulties installing the KB5082063 security update on Windows Server 2025. This month's Patch Tuesday updates have caused certain Windows servers, especially those with domain controller roles, to enter a restart loop due to failures in the Local Security Authority Subsystem Service (LSASS). Microsoft has released emergency out-of-band updates, including KB5091157 for Windows Server 2025, to address both the installation failure and the restart issues. Additionally, some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update. A bug affecting Windows Server 2019 and Windows Server 2022 that caused unexpected upgrades to Windows Server 2025 has also been resolved. Microsoft has issued various emergency updates throughout the year to address other issues, including a Bluetooth device visibility bug and vulnerabilities in the Routing and Remote Access Service (RRAS).

Tech Optimizer

April 19, 2026

This legit-looking software is actually antivirus-killing adware

Security researchers at Huntress discovered adware signed by Dragon Boss Solutions LLC, which was designed to deliver unwanted advertisements and disrupt user experience. The software had a sophisticated update mechanism that disabled antivirus programs and prevented their reactivation. Huntress found that the primary update domain and its fallback had not been registered, creating a vulnerability that could have allowed malicious actors to take control of the compromised network. In response, Huntress acquired the domains to prevent further exploitation, observing tens of thousands of compromised endpoints attempting to connect. They identified 324 infected devices in high-value sectors, including 221 academic institutions, 41 Operational Technology networks, 35 municipal governments and public utilities, 24 educational institutions, and 3 healthcare organizations. Additionally, networks of multiple Fortune 500 companies were also compromised. Researchers advised monitoring for specific WMI event subscriptions and processes associated with Dragon Boss Solutions LLC to mitigate risks.

Winsage

April 18, 2026

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has officially resolved the incident involving the unexpected upgrade to Windows Server 2025, which occurred over a year ago and caused significant disruption for system administrators. The upgrade was automatic, with no rollback option, and was attributed to third-party products managing updates. Additionally, Microsoft's cumulative update KB5082063 has introduced new issues, causing LSASS crashes on non-Global Catalog domain controllers in environments using Privileged Access Management, leading to repeated restarts and potential inaccessibility of domains. Microsoft has acknowledged this problem and promised a resolution soon.

Winsage

April 7, 2026

Microsoft has removed the Support and Recovery Assistant from Windows

Microsoft has phased out the Support and Recovery Assistant (SaRA) and replaced it with a command line version of the Get Help service. This new tool retains the core functionalities of SaRA while offering a console interface. The transition aims to unify Microsoft's support offerings and enhance user experience. The revamped Get Help tool continues to diagnose issues related to systems, network services, and Microsoft products, including Office, in a more streamlined manner. The command line approach may present a learning curve for casual users but offers potential benefits for advanced users and system administrators by simplifying support processes and enhancing automation capabilities. Microsoft is moving away from standalone utilities in favor of integrated solutions.

Winsage

March 31, 2026

What Is Conhost.exe?

Conhost.exe, or Console Window Host, is a legitimate Windows system process responsible for managing the display and behavior of console windows such as Command Prompt and PowerShell. It facilitates text rendering and manages input/output interactions with the graphical user interface. Each time a console application is launched, a new instance of conhost.exe is created, and multiple instances can appear in Task Manager based on active console applications. To verify the authenticity of conhost.exe, it should run from C:WindowsSystem32 or C:WindowsSysWOW64, have a valid Microsoft Windows Publisher digital signature, and not make outbound network connections. High CPU usage or unusual behavior may indicate malware masquerading as conhost.exe. Troubleshooting steps for issues related to conhost.exe include running a malware scan, checking for Windows updates, updating device drivers, and using the System File Checker. Disabling conhost.exe is not advisable as it is essential for the functioning of console applications.

Winsage

March 24, 2026

Microsoft quietly announced upcoming WSL upgrades, including a “more streamlined first-time setup and onboarding”

Microsoft has introduced several updates for Windows 11, including a simplified installation process for the Windows Subsystem for Linux (WSL), allowing users to install it with a single command or via the Microsoft Store. Additionally, there are enhancements in interoperability between Windows and Linux file systems, as well as improvements in networking capabilities. WSL provides a genuine Linux kernel and supports GUI applications, facilitating seamless communication with the Windows environment.

Winsage

March 18, 2026

Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges

A Windows vulnerability named "RegPwn" (CVE-2026-24291) allows low-privileged users to elevate their access to full SYSTEM privileges. Discovered by the MDSec red team, it has been in use since January 2025 and was addressed in a recent Microsoft Patch Tuesday update. The vulnerability exploits the management of Windows accessibility features, which generate a registry key that grants full control to low-privileged users. When a user activates an accessibility tool, the configurations are copied into the local machine registry hive, which remains writable by the logged-in user. This creates an opportunity for manipulation, especially when user-controlled settings interact with the Windows Secure Desktop environment. An attacker can exploit this by modifying their user-level accessibility registry key and using an oplock on a system file, allowing them to replace the local machine registry key with a symbolic link to an arbitrary system registry key. This process operates under SYSTEM privileges, enabling the attacker to write arbitrary values to restricted areas of the Windows registry. MDSec demonstrated this technique to gain access to a SYSTEM-level command prompt. Microsoft has released security updates to address this vulnerability, and MDSec has made the exploit code available on GitHub for research purposes.

Winsage

March 13, 2026

These 4 open-source apps fixed Windows’ biggest problems

Windows operating system has evolved over the years, but initially, it often required external tools for tasks like video playback, file compression, secure connections, and file transfers. VLC Media Player addressed the issue of codec compatibility in video playback by bundling its own codecs, making it a widely used media player. 7-Zip improved file compression on Windows by offering superior efficiency, extensive format support, and user-friendly features, becoming essential for archiving tasks. PuTTY provided Windows users with their first effective SSH client, allowing secure terminal connections to remote servers, and remains popular despite Microsoft integrating OpenSSH. FileZilla simplified the process of uploading files to servers with its user-friendly graphical interface, becoming a staple for web developers. Despite improvements in Windows, many users continue to install these open-source applications out of habit due to their reliability and effectiveness.

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.