System Information Archives

Winsage

June 12, 2026

June’s Windows 10 patch has a BitLocker user lockout problem… again

Microsoft released a cumulative update for Windows 10, designated as KB5094127, during the latest Patch Tuesday. Some users are experiencing issues where they are prompted to enter their BitLocker recovery key after installing the update. This problem is linked to systems with an "unrecommended" BitLocker Group Policy configuration and has occurred in previous updates. Specific conditions that can lead to this issue include having BitLocker enabled on the operating system drive, a certain Group Policy setting configured, the System Information tool reporting a specific Secure Boot State, the presence of a particular certificate in the Secure Boot Signature Database, and not using the 2023-signed Windows Boot Manager. Affected users may face difficulties accessing their BitLocker recovery key, potentially leading to lockouts. Microsoft suggests that personal devices are less likely to be affected, with the issue primarily impacting enterprise setups. The company is working on a resolution and advises IT administrators to consider removing the Group Policy configuration before installing the update. Update KB5094127 is available only to Windows 10 users in the Extended Security Updates program for versions 21H2 and 22H2, addressing various bugs and security vulnerabilities.

Winsage

June 11, 2026

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.

AppWizard

June 8, 2026

Minecraft 26.2 Pre-Release 5

26.2 Pre-Release 5 introduces adjustments to Hardcore mode settings and various bug fixes, with an official launch scheduled for June 16. Changes include: - Automatic adjustment of the Graphics API setting if a crash occurs during startup. - Correction of the sound effect for hitting the sulfur cube in the bouncy archetype. - World hosts can change the game mode using F3 + F4 or commands, updating the default game mode for the world. - Removal of the "Game Mode" and "Allow Commands" buttons in Hardcore mode worlds. Startup and Fallback Behavior for Graphics API: - If a crash occurs at startup with "Prefer Vulkan" selected, it reverts to "Default." - The game collects system information regarding Vulkan even when set to "Default." - If a crash occurs with "Default," it switches to "Prefer OpenGL." - "Prefer OpenGL" prevents interaction with Vulkan to avoid crashes. Fixed bugs: - Sounds for the bouncy sulfur cube play at appropriate volume levels. - Flower patches now generate instead of single flowers. - Spear with Lunge no longer launches players downwards on a geyser. - Players cannot change their game mode from the World Options menu in hardcore worlds. - Friends Screen key binding allows typing instead of closing the screen. - Custom dialog buttons no longer disrupt the game menu. - Adjusting command settings updates the "Game Rules" button state correctly. - Changing game modes with commands reflects accurately in the World Options screen. - The "Statistics" button has been realigned in the game menu. - Correction of a string error in the friends error message. - Game mode is no longer incorrectly set to Survival mode upon re-entering the save. - Hardcore death cannot be circumvented by rejoining the world. Pre-Releases are available for Minecraft: Java Edition, and users are advised to back up their data before testing.

Tech Optimizer

June 6, 2026

Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises

Researchers have identified a new malware called JS.MonoGlyphRAT, which disguises itself as business documents to infiltrate corporate networks. It is primarily spread through phishing emails targeting various sectors in the U.S. and has been reported in countries like Germany, Sweden, and Australia. The malware is classified as "Unknown malware" on threat intelligence platforms, making traditional antivirus solutions ineffective. It establishes a persistent presence in the network by executing a JavaScript file and communicating with command-and-control (C2) servers over HTTP. Key indicators of compromise include unusual HTTP traffic, registry changes, and the execution of specific JavaScript files. The malware can download additional payloads and execute commands without leaving traces on disk. Indicators of compromise include specific IP addresses, URLs, file hashes, and registry keys associated with the malware's operation.

AppWizard

June 3, 2026

Malware campaign targeting Minecraft users infects over 116,000 systems

A recent investigation by McAfee researchers has identified a Malware-as-a-Service (MaaS) operation called WeedHack, which targets Minecraft users. Since its launch in January 2026, WeedHack has compromised over 116,000 systems, with 2,000 to 3,000 new infections daily. The operation uses YouTube and SEO poisoning to distribute malware, promoting Minecraft mods and utilities through videos. WeedHack is accessible for free, with premium features available at low costs. The malware targets Minecraft session IDs, collects system information, and extracts credentials from various platforms. It includes a web-based dashboard for tracking infections and offers tools for injecting malware into legitimate mods. The operation has also been linked to incidents of cyberbullying among its users. McAfee advises caution when engaging with Minecraft-related content on YouTube.

Winsage

May 26, 2026

Why Hyper-V Breaks Emulators on Windows 11 (And the Fix)

Enabling Hyper-V on Windows 11 can cause applications like BlueStacks or VirtualBox to lag or fail to launch due to conflicts with CPU virtualization extensions (VT-x/AMD-V). Hyper-V is a Type-1 hypervisor that monopolizes these resources, preventing Type-2 hypervisors from accessing them directly. Common issues include error messages from BlueStacks, LDPlayer, VirtualBox, VMware, and Android Studio related to virtualization availability. To check if Hyper-V is enabled, users can use Task Manager, System Information, Windows Features, Command Prompt, or PowerShell. Disabling Hyper-V can be done through various methods, including unchecking it in Windows Features, using PowerShell, the bcdedit command, or modifying BIOS settings. However, disabling Hyper-V also stops functionalities like WSL2 and Memory Integrity. Some modern emulators, such as BlueStacks and VMware Workstation Pro, have adapted to work alongside Hyper-V, while VirtualBox's compatibility remains experimental. For optimal emulator performance, users should allocate appropriate CPU cores and RAM, ensure virtualization is enabled in BIOS, enable GPU acceleration, and set the Windows power plan to "Best performance." If issues persist, users should confirm Hyper-V is off, check BIOS settings, and reset emulator configurations.

Winsage

May 24, 2026

I stopped avoiding PowerShell after these 3 Windows tweaks

The author initially found PowerShell to be less integrated into their daily Windows workflow, often accessing it through the Start menu and closing it after use. To improve accessibility, they began using Windows Terminal more frequently, pinning it to the taskbar and utilizing the "Open in Terminal" option in File Explorer. They also discovered keyboard shortcuts to launch PowerShell quickly. These changes led to increased usage of PowerShell for tasks like checking IP configurations and retrieving system information. To enhance the PowerShell experience, the author customized its appearance by installing Oh My Posh, a prompt theme engine, and experimenting with color schemes, fonts, and transparency in Windows Terminal. They also made modifications to their PowerShell profile, adding aliases and shortcuts for frequently used commands to streamline their workflow. Over time, PowerShell became an essential tool for resolving various Windows issues, transforming from a fallback option to a key component of their toolkit.

Tech Optimizer

April 22, 2026

New STX RAT Uses Hidden Remote Desktop and Infostealer Features to Evade Detection

A newly identified remote access trojan, STX RAT, emerged in 2026, integrating hidden remote desktop access with credential theft features. The name "STX" comes from the Start of Text magic byte x02, which it appends to communications with its command-and-control (C2) server. Initial sightings were reported in late February 2026, when it was delivered via a browser-downloaded VBScript file to a financial organization. By early March, Malwarebytes noted a campaign distributing STX RAT through compromised FileZilla installers. Researchers from eSentire’s Threat Response Unit analyzed the malware, which includes extensive anti-analysis measures and employs techniques like AMSI-ghosting. Once operational, STX RAT connects to a C2 server at 95.216.51.236, transmitting system information securely. It targets saved credentials from applications like FileZilla and includes a Hidden Virtual Network Computing (HVNC) module, allowing attackers to control a victim's machine without detection. Security teams are advised to block the C2 IP and implement detection rules to mitigate the threat.

Winsage

April 16, 2026

Windows 11’s April update is locking some users out of their PCs

Users have reported issues with Windows 11 update KB5083769, which has triggered BitLocker recovery key prompts, locking some users out of their PCs. Microsoft acknowledged that the problem mainly affects corporate devices with specific BitLocker Group Policy settings. The issue is limited to systems where BitLocker is enabled, certain Group Policy configurations are set, and the Secure Boot State PCR7 Binding is “Not Possible.” Affected users need to enter their BitLocker recovery key or contact IT support for assistance. Microsoft has also provided guidance for IT departments to perform a Known Issue Rollback to remove the problematic updates, though this may expose systems to vulnerabilities.

Winsage

April 16, 2026

Microsoft: April updates trigger BitLocker key prompts on some servers

Microsoft announced that certain Windows Server 2025 devices may experience a BitLocker recovery prompt after installing the April 2026 KB5082063 Windows security update. The recovery mode will be triggered under specific conditions: BitLocker must be enabled on the operating system drive, the Group Policy for TPM validation must be configured with PCR7, the Secure Boot State PCR7 Binding must indicate "Not Possible," the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft stated that this issue is unlikely to affect personal devices, as the configurations are mainly found in enterprise-managed systems. They are working on a resolution and recommend administrators remove the Group Policy configuration before deploying the update. If removal is not possible, applying a Known Issue Rollback (KIR) is advised to prevent triggering the recovery prompt. Microsoft has previously addressed similar BitLocker recovery prompt issues in May 2025, August 2024, and August 2022.