vulnerabilities Archives

Winsage

June 14, 2026

Windows 11 KB5094126 crashes some PCs (HP?) with BSODs, breaks OneDrive in File Explorer, enterprise apps

Windows 11 KB5094126, released on June 9, 2026, is a significant update that introduces new features, including the Low Latency Profile, and addresses up to 200 security vulnerabilities. However, it has caused boot failures for some HP devices, particularly the HP EliteBook 840 G10, leading to BSODs or BitLocker Recovery prompts. The update may conflict with specific BIOS configurations or EFI/System partition settings, especially on devices with older EFI partitions. Users experiencing boot failures may need to disable Secure Boot as a temporary workaround. Additionally, the update has disrupted OneDrive integration in File Explorer, preventing access from the left pane and tray icon, although users can still access cloud folders directly. Similar issues have been reported with Dropbox and iCloud Drive. The update has also affected Microsoft Word integration in various business applications, leading to failures in document handling. Furthermore, changes to desktop.ini files have impacted custom folder icons, requiring users to unblock these files to restore functionality.

Winsage

June 12, 2026

Microsoft’s bug-hunting nemesis extends vendetta with more zero-day attacks — Nightmare Eclipse publishes RoguePlanet and GreatXML local privilege escalation exploits

Nightmare-Eclipse, also known as Chaotic-Eclipse, has introduced two new exploits: RoguePlanet and GreatXML. RoguePlanet exploits a vulnerability in Windows Defender, allowing attackers to gain SYSTEM user access privileges by tricking a user into executing a script. This access enables attackers to execute commands beyond standard Administrator capabilities, siphon sensitive data, and install malware. GreatXML provides a method for bypassing BitLocker encryption by creating a specially crafted "unattend.xml" file and a "Recovery" directory on the Windows recovery partition. Microsoft has shifted its stance from threatening legal action against Eclipse and is now monitoring the situation, while Eclipse has postponed a planned mass disclosure of zero-day Windows vulnerabilities initially set for July 14 due to delays in developing RoguePlanet.

AppWizard

June 12, 2026

Facebook Instagram messenger Down? Why users faced Facebook query error and Instagram outage during Meta d

On June 12, users experienced significant disruptions on Meta's platforms, including Facebook, Instagram, and Messenger, starting around 9:30 a.m. EST. Downdetector reported a spike in complaints, indicating widespread login failures and loading errors. Users encountered issues accessing accounts, blank pages on Instagram, and connection errors on Messenger. The simultaneous outages highlighted vulnerabilities in Meta's shared backend systems. This incident follows a major outage in October 2021 due to a DNS routing configuration error. The disruptions affect businesses reliant on these platforms for customer service and marketing, potentially resulting in millions in economic losses. As of the report, Meta had not provided a public statement or timeline for service restoration, and users were advised to monitor Downdetector for updates.

Winsage

June 12, 2026

Still on Windows 10? This $13 upgrade to Windows 11 Pro offers better security, AI features, and more

Upgrade to Microsoft Windows 11 Pro for .97 (MSRP 9) until June 14. Windows 11 Pro features a redesigned interface, improved multitasking capabilities, enterprise-grade security functionalities like BitLocker encryption and Windows Hello, and includes Windows Copilot AI for task automation and assistance.

Winsage

June 12, 2026

June’s Windows 10 patch has a BitLocker user lockout problem… again

Microsoft released a cumulative update for Windows 10, designated as KB5094127, during the latest Patch Tuesday. Some users are experiencing issues where they are prompted to enter their BitLocker recovery key after installing the update. This problem is linked to systems with an "unrecommended" BitLocker Group Policy configuration and has occurred in previous updates. Specific conditions that can lead to this issue include having BitLocker enabled on the operating system drive, a certain Group Policy setting configured, the System Information tool reporting a specific Secure Boot State, the presence of a particular certificate in the Secure Boot Signature Database, and not using the 2023-signed Windows Boot Manager. Affected users may face difficulties accessing their BitLocker recovery key, potentially leading to lockouts. Microsoft suggests that personal devices are less likely to be affected, with the issue primarily impacting enterprise setups. The company is working on a resolution and advises IT administrators to consider removing the Group Policy configuration before installing the update. Update KB5094127 is available only to Windows 10 users in the Extended Security Updates program for versions 21H2 and 22H2, addressing various bugs and security vulnerabilities.

AppWizard

June 12, 2026

Android users need to uninstall these apps ASAP as they are a security risk

Google will soon notify Android users when an app they installed has lost developer support. Currently, users only receive alerts from Play Protect for significant security threats or potentially harmful apps. The only way to discover if an app has been delisted is through external sources or by trying to install it on a new device. Recent findings in the Play Store indicate that Google is preparing to inform users when apps have been removed from the Play Store and will no longer receive updates. Abandoned apps pose significant security risks, as they may contain vulnerabilities that can be exploited by malicious actors. Google's new notifications aim to encourage users to uninstall unsupported apps to protect their personal data.

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 11, 2026

Windows 11 Sucks Slightly Less Now, Thanks To A June Update

The June update for Windows 11, identified as KB5094126 (OS Builds 26200.8655 and 26100.8655), introduces significant enhancements and numerous bug fixes and security patches. A key feature is a low-latency profile that improves responsiveness of core system elements like the Start Menu and Search by allowing the CPU to quickly reach maximum clock speed upon user interaction. This update also refines the Start Menu, improves app launch speeds, and addresses longstanding issues such as faster downloads from the Windows Store and optimized Windows Search results. New features include multi-app camera support, Shared Audio functionality for streaming to multiple Bluetooth devices, and the ability to personalize user folder names during installation. Additionally, the update resolves 206 security vulnerabilities, including a critical kernel-level remote code execution vulnerability (CVE-2026-45657) with a threat score of 9.8.