Windows 11 23H2

Winsage
July 1, 2026
Microsoft has restored GIF functionality in the Emoji Panel for Windows 11 users after the retirement of the Tenor GIF search engine's API, which caused disruptions starting June 30. The company has transitioned to GIPHY as the new GIF provider, implemented in the preview cumulative update KB5095093 released on June 23 for Windows 11 versions 24H2, 25H2, and 26H1. Users are advised to install the latest updates to restore GIF functionality. Microsoft is also working on a solution for users on Windows 11 23H2 and Windows Server 2025. The KB5095093 update includes the Point-in-Time Restore feature and addresses various bugs and known issues.
Winsage
June 24, 2026
Windows 11 version 24H2 will reach the end of servicing on October 13, 2026. Enterprises often face version drift, requiring different upgrade strategies for various Windows 11 builds across endpoints. Upgrade methods include enablement packages, ISO-based feature updates, or direct upgrades from Windows 10. Enablement packages are the quickest and least disruptive option for compatible Windows 11 systems. Qualys TruRisk Eliminate can standardize upgrades and minimize version drift on a large scale. Endpoints should be assessed for readiness, categorized by eligibility and current OS status. Enablement packages are recommended for recent Windows 11 builds due to their minimal download size, faster installation, and reduced operational impact. If enablement packages are unavailable, ISO-based feature updates may be necessary. Direct upgrades from Windows 10 to Windows 11 25H2 can be executed without intermediate transitions. Qualys TruRisk Eliminate provides tools for managing these upgrade processes effectively.
Winsage
June 11, 2026
Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.
Winsage
April 8, 2026
Microsoft has implemented a server-side remedy for an issue affecting the Windows Start Menu search functionality on select Windows 11 23H2 devices, which began impacting users on April 6. The problem was linked to a server-side Bing update aimed at improving search performance. Microsoft has rolled back the problematic Bing update and expects search issues to decrease as the fix is deployed. Users have reported blank search results in the Start Menu, but options remain clickable. Microsoft confirmed that the issue will resolve automatically with the rollout of the fix, provided devices are connected to the internet and Web Search is enabled. Additionally, there have been previous Start Menu-related issues, including crashes and error messages, with Microsoft working on permanent solutions for these problems.
Winsage
March 12, 2026
Recent reports indicate concerns among users about automatic upgrades of Windows PCs, particularly for those who prefer to stay on Windows 10 or a specific feature update. Despite these fears, there is no evidence that Microsoft upgrades PCs without user consent; many users may unintentionally accept upgrade prompts or face bugs that trigger updates. Microsoft's upgrade approach can feel aggressive, especially when feature updates are bundled with regular updates. If the option to receive the latest updates is enabled, automatic installations may occur, particularly when a version reaches its end of service. Users can prevent unwanted upgrades through several methods: 1. Group Policy Editor: For Windows Pro or Enterprise users, they can lock in a specific feature update by accessing the Group Policy Editor and setting the desired OS edition and feature update version. 2. Windows Registry: Windows Home users can modify the Windows Registry to restrict upgrades. This involves creating specific DWORD and String Values to set the target OS edition and feature update version. 3. InControl App: A user-friendly application that allows users to freeze their current OS edition and feature update version, preventing upgrades while still allowing monthly updates. These methods enable users to maintain control over their operating systems and avoid unexpected upgrades.
Winsage
March 4, 2026
A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.
Winsage
February 26, 2026
Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.
Winsage
January 28, 2026
Windows 11 version 25H2 has outperformed Windows 10 (22H2) in gaming benchmarks, a shift from earlier assessments where Windows 10 was faster than Windows 11 23H2. The improvements in Windows 11's gaming capabilities were largely due to the 24H2 update. Testing was conducted on high-end hardware, specifically with an AMD Ryzen 9800X3D processor and Nvidia RTX 5090 GPU, and results may vary with different setups. Games like Arc Raiders and Borderlands 4 showed performance increases of 11% and 9% to 13%, respectively, on Windows 11. However, Windows 11 has faced bugs and glitches, including boot failures and sleep mode issues, particularly on older PCs, leading to hesitation among gamers about upgrading from Windows 10, which remains stable with only security updates. The deadline for Windows 10's extended support is October 2026, prompting users to consider upgrades or new purchases.
Winsage
January 20, 2026
Microsoft released the January Patch Tuesday update on January 13, 2026, addressing over 110 security vulnerabilities. The update introduced bugs affecting Windows 11, Windows 10, and Windows Server. The first issue involves authentication failures when connecting to a Cloud PC via Remote Desktop, primarily affecting Windows 11 25H2, Windows 10 22H2 ESU, and Windows Server 2025. The second issue affects systems with Secure Launch enabled, causing unexpected restarts instead of shutting down or entering hibernation mode, specifically impacting Windows 11 23H2. Microsoft has released emergency patches for the affected versions, which include: - Windows 11, versions 25H2 and 24H2 (KB5077744) - Windows 11, version 23H2 (KB5077797) - Windows 10, version 22H2 ESU and Windows 10 Enterprise LTSC 2021 (KB5077796) - Windows Server 2025 (KB5077793) - Windows Server 2022 (KB5077800) - Windows Server 2019 and Enterprise LTSC 2019 (KB5077795)
Winsage
January 19, 2026
Some users of Windows 11 have experienced a problem where their PCs reboot instead of shutting down after the Patch Tuesday security update KB5073455. This issue primarily affects devices with Secure Launch on Windows 11 version 23H2. Microsoft has confirmed this behavior, which disrupts the usual power-off sequence and can drain battery life for laptops and complicate remote management processes. An out-of-band update, KB5077797, has been released to restore normal shutdown and hibernation functionalities for affected systems. Users can check for this update in Windows Update or download it from the Microsoft Update Catalog. To determine if they are affected, users should look for immediate restarts when selecting Shut Down or Hibernate and check if Secure Launch is enabled in System Information.
Search