UEFI Archives

Winsage

June 16, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.

Winsage

June 16, 2026

Windows 11 update is breaking some PCs with boot and BitLocker issues

Windows 11 update KB5094126 (Build 26200.8655), released on June 9, 2026, has caused boot failures, blue screens, and BitLocker recovery prompts for users, particularly affecting business devices from HP and Dell, including models like HP EliteBook 840 G10 and Dell Precision 7530. The issues stem from changes in Secure Boot and EFI partition modifications, with insufficient EFI partition space leading to errors. A workaround involves disabling Secure Boot in BIOS. Additionally, users have reported disruptions with OneDrive and Microsoft Word integration, particularly in enterprise environments. Microsoft has not yet acknowledged these problems.

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 14, 2026

Windows 11 KB5094126 crashes some PCs (HP?) with BSODs, breaks OneDrive in File Explorer, enterprise apps

Windows 11 KB5094126, released on June 9, 2026, is a significant update that introduces new features, including the Low Latency Profile, and addresses up to 200 security vulnerabilities. However, it has caused boot failures for some HP devices, particularly the HP EliteBook 840 G10, leading to BSODs or BitLocker Recovery prompts. The update may conflict with specific BIOS configurations or EFI/System partition settings, especially on devices with older EFI partitions. Users experiencing boot failures may need to disable Secure Boot as a temporary workaround. Additionally, the update has disrupted OneDrive integration in File Explorer, preventing access from the left pane and tray icon, although users can still access cloud folders directly. Similar issues have been reported with Dropbox and iCloud Drive. The update has also affected Microsoft Word integration in various business applications, leading to failures in document handling. Furthermore, changes to desktop.ini files have impacted custom folder icons, requiring users to unblock these files to restore functionality.

Winsage

June 12, 2026

June’s Windows 10 patch has a BitLocker user lockout problem… again

Microsoft released a cumulative update for Windows 10, designated as KB5094127, during the latest Patch Tuesday. Some users are experiencing issues where they are prompted to enter their BitLocker recovery key after installing the update. This problem is linked to systems with an "unrecommended" BitLocker Group Policy configuration and has occurred in previous updates. Specific conditions that can lead to this issue include having BitLocker enabled on the operating system drive, a certain Group Policy setting configured, the System Information tool reporting a specific Secure Boot State, the presence of a particular certificate in the Secure Boot Signature Database, and not using the 2023-signed Windows Boot Manager. Affected users may face difficulties accessing their BitLocker recovery key, potentially leading to lockouts. Microsoft suggests that personal devices are less likely to be affected, with the issue primarily impacting enterprise setups. The company is working on a resolution and advises IT administrators to consider removing the Group Policy configuration before installing the update. Update KB5094127 is available only to Windows 10 users in the Extended Security Updates program for versions 21H2 and 22H2, addressing various bugs and security vulnerabilities.

Winsage

June 11, 2026

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft releases Windows 10 KB5094127 extended security update

Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.

Winsage

June 9, 2026

Dell, HP PCs ran into endless reboot, BitLocker recovery loops but Windows 11 isn’t to blame

Dell confirmed that a bug in version 5.5.16.0 of its SupportAssist Remediation software is causing blue screen errors and system restarts. The issue is linked to the SupportAssist Remediation service, which operates independently from the main SupportAssist application. Dell has released an updated version, 5.5.16.1, to fix the problem. Affected users should check for version 5.5.16.0 in the Installed Apps section of Windows Settings and update their SupportAssist OS Recovery Tools. Users are advised to back up data and keep their systems powered during the update process. HP is facing issues related to Windows Secure Boot updates, causing boot problems and BitLocker recovery loops on affected devices. This occurs when new UEFI Secure Boot CA 2023 certificates fail to apply correctly. HP recommends updating to the latest BIOS version and configuring Secure Boot certificates before installing Windows 11 Patch Tuesday updates. For systems already experiencing issues, BIOS configuration changes may be necessary.

Winsage

June 1, 2026

Microsoft confirms Windows 11 update is failing on some PCs, explains if you need a workaround

Microsoft has identified the root cause of installation issues related to the May 2026 update for Windows operating system and is rolling out a solution through an optional update, KB5089573. The May 12, 2026, Patch Tuesday update (KB5089549) introduced enhancements but many users faced installation failures due to error code “0x800f0922,” indicating insufficient space on the EFI System Partition (ESP). The ESP is critical for boot files and typically occupies around 256MB. Users can check ESP storage using a specific command. Low ESP space can lead to update failures, particularly when it drops below 10MB. Microsoft has rolled back problematic code and provided a fix in the optional update KB5089573, which resolves ESP space issues and ensures future updates will proceed smoothly. Users are encouraged to install this update or wait for the next scheduled Patch Tuesday update on June 9, 2026.