update services Archives

Winsage

May 19, 2026

Microsoft confirms patching issues in restricted Windows networks

Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.

Winsage

May 15, 2026

Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

Windows systems are threatened by a vulnerability in the Windows DNS Client, identified as CVE-2026-41096, which allows remote code execution without user intervention. It has a CVSS base score of 9.8, indicating high severity. The flaw is a heap-based buffer overflow in the dnsapi.dll component, enabling unauthenticated remote attackers to execute arbitrary code. Exploitation requires sending a specially crafted DNS response to a vulnerable system, potentially leading to complete control over the host. Affected systems include supported versions of Windows 11 and Windows Server 2022/2025. Microsoft released security updates on May 12, 2026, and administrators are advised to apply these patches and reboot systems. Despite the severity, Microsoft currently classifies exploitation as “Exploitation Unlikely,” with no known public exploits or in-the-wild attacks.

Winsage

April 18, 2026

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has officially resolved the incident involving the unexpected upgrade to Windows Server 2025, which occurred over a year ago and caused significant disruption for system administrators. The upgrade was automatic, with no rollback option, and was attributed to third-party products managing updates. Additionally, Microsoft's cumulative update KB5082063 has introduced new issues, causing LSASS crashes on non-Global Catalog domain controllers in environments using Privileged Access Management, leading to repeated restarts and potential inaccessibility of domains. Microsoft has acknowledged this problem and promised a resolution soon.

Winsage

April 16, 2026

Microsoft Overhauls Windows Update for First Time in 15 Years Starting April

Microsoft is transforming its Windows Update system, starting in April, marking the most significant overhaul in over 15 years. The new system will centralize the management of operating system patches, drivers, and application updates, aiming to enhance user experience by simplifying the update process and improving reliability. Users will experience fewer interruptions, as updates will be consolidated into a single restart cycle, and updates will be scheduled during idle times to minimize disruptions. The update system will also expand support for driver and hardware updates. This transformation aligns with Microsoft's long-term vision for AI-enhanced PCs and cloud-integrated systems, enabling scalable updates for AI features and improving compliance for enterprise users. The rollout will begin gradually in April to mitigate risks associated with compatibility and execution.

Winsage

April 7, 2026

How to prevent updates on Windows 10 desktops

Organizations may pause or block Windows updates to maintain system stability and compatibility, particularly to avoid disruptions with legacy applications or customized environments, manage bandwidth consumption, and protect fortified Windows configurations. IT departments can disable updates using several methods: 1. Centralized patch management tools like WSUS or Microsoft Intune allow control over update deployment. 2. Configuring Group Policy settings can notify users of available updates without automatic installation. 3. Disabling the Windows Update service halts all future updates until re-enabled. 4. Setting a connection as metered can reduce automatic updates, though some critical updates may still download. In Windows 11, similar strategies apply, but organizations must consider the risks of blocking updates due to the end of regular security updates for Windows 10 and align their strategies with Microsoft's evolving update delivery methods.

Winsage

November 30, 2025

Microsoft warns Windows 11 users: If you can’t find password login option, it’s because… – The Times of India

Windows 11 users are experiencing a glitch where the password sign-in icon is missing from the lock screen after installing the non-security preview update KB5064081. This issue affects users with the August 2025 update or later on Windows 11 24H2 and 25H2 systems. Microsoft confirmed that the password functionality is still available by hovering over the area where the icon should be, allowing users to access the password text box. Microsoft has not provided a permanent fix yet. Additionally, other problems linked to recent updates include DRM-protected videos freezing and unexpected User Account Control prompts for non-admin users. Microsoft also addressed failures in security updates delivered through WSUS, which affected reset and recovery features in Windows 10 and Windows 10 Enterprise.

Winsage

November 29, 2025

Microsoft: Windows updates make password login option invisible

Microsoft has warned Windows 11 users about an issue where the password sign-in option may not appear on the lock screen after updates since August 2025, although the functionality is still available. This issue affects users who installed the KB5064081 non-security preview update or later on Windows 11 24H2 and 25H2 systems. Users can still log in by hovering over the area where the password icon should be, which reveals the button to access the password text box. Microsoft is working on a fix but has not provided a timeline. Additionally, Microsoft addressed other issues related to the KB5064081 update, including playback interruptions in DRM-protected video applications and installation problems for non-admin users. Earlier, Microsoft also released emergency updates to fix issues with security updates failing and problems with Windows reset and recovery features.

Winsage

November 3, 2025

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band security update, KB5070881, has disrupted the hotpatching feature for some Windows Server 2025 devices. This update was released alongside reports of the CVE-2025-59287 remote code execution vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has instructed U.S. government agencies to strengthen their systems against this vulnerability. Microsoft has acknowledged that the OOB update caused some Hotpatch-enrolled Windows Server 2025 systems to lose their enrollment status and has ceased distributing the update to these devices. Those who installed the update will not receive Hotpatch updates in November and December but will get standard monthly security updates. Administrators can install the KB5070893 security update to address the CVE-2025-59287 flaw without disrupting hotpatching. Microsoft has also disabled the display of synchronization error details in its WSUS error reporting system and resolved various issues affecting Windows 11.

Winsage

November 2, 2025

Windows 11 update names got simpler, drops YYYY-MM. Now, IT admins are going mad

Microsoft has introduced a new naming convention for Windows Update titles, moving away from the YYYY-MM format and the term cumulative. The October 2025 optional update is now labeled as “Security Update (KB5034123) (26100.4747)” instead of the previous detailed titles that included the release date and specific Windows version. This change has raised concerns among IT professionals and users, as it complicates the identification of updates and may lead to confusion between different types of updates. IT administrators have expressed frustration over the lack of critical information in the new titles, which they believe hinders troubleshooting and update management. Microsoft has acknowledged the feedback but remains committed to the new naming scheme, while updates accessed through the Microsoft Update Catalog or WSUS will retain their original naming structure.

Winsage

October 31, 2025

Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data

Counter Threat Unit™ (CTU) researchers are investigating a remote code execution vulnerability, CVE-2025-59287, in Microsoft’s Windows Server Update Service (WSUS). Microsoft released patches for affected Windows Server versions on October 14, 2025, and issued an out-of-band security update on October 23 after the emergence of proof-of-concept code. On October 24, Sophos detected exploitation of this vulnerability targeting internet-facing WSUS servers across various industries. The first recorded activity occurred at 02:53 UTC, where a threat actor executed a Base64-encoded PowerShell script to collect and exfiltrate sensitive information to Webhook.site. The script gathered data such as external IP addresses, Active Directory domain users, and network configurations, attempting to send this information via HTTP POST requests. By 11:32 UTC, the maximum limit of 100 requests was reached. Affected entities included universities and organizations in technology, manufacturing, and healthcare sectors, primarily in the United States. Censys scan data confirmed that the exploited servers had default WSUS ports 8530 and 8531 exposed publicly. CTU recommends organizations review vendor advisories, apply patches, identify exposed WSUS server interfaces, and examine logs for malicious activity. Sophos has implemented specific protections to detect related activities.