Windows 11 24H2

Winsage
September 23, 2025
Microsoft has lifted a compatibility hold that previously prevented devices with integrated cameras from upgrading to Windows 11 24H2 due to a face detection bug causing app freezes. The hold, identified by safeguard ID: 53340062, was implemented to protect users from these issues. With the bug resolved, eligible devices can now upgrade through the Windows Update release channel, although it may take up to 48 hours for the update to be available. Microsoft also removed another safeguard hold affecting Bluetooth devices. Some compatibility blocks remain for devices using specific software and drivers. Windows 11 24H2 was officially launched in October 2024 for devices running Windows 11 22H2/23H2.
Winsage
September 22, 2025
Microsoft is preparing to roll out the 25H2 update for Windows 11, with the final build version 26200.6584 designated as the release to manufacturers (RTM) candidate. The update is expected to be available in early October, just before Windows 10's end of support deadline. Notably, many features of the 25H2 update, including a redesigned Start menu, will also be available to Windows 11 24H2 users. The Start menu redesign allows users to remove the recommended section and will be rolled out in phases to both 25H2 and 24H2 users. While 25H2 is primarily a minor upgrade, it offers an extended support timeline of an extra year. Early testing has not shown significant performance improvements, and the overall value of upgrading to 25H2 may be questioned due to the availability of features in 24H2.
Winsage
September 22, 2025
A new technique called EDR-Freeze allows evasion of security solutions through Microsoft's Windows Error Reporting (WER) system, enabling attackers to suspend endpoint detection and response (EDR) tools without relying on vulnerable drivers. Security researcher TwoSevenOneThree utilized the WER framework and the MiniDumpWriteDump API to indefinitely suspend EDR and antivirus processes by exploiting the WerFaultSecure component, which operates with Protected Process Light (PPL) privileges. The method involves spawning WerFaultSecure, invoking MiniDumpWriteDump on the target process, monitoring the target until it is suspended, and then freezing the dumper. A tool has been developed to automate this process, successfully tested on Windows 11 24H2, which froze the Windows Defender process. To mitigate this attack, monitoring WER for identifiers linked to sensitive processes is recommended, and security researcher Steven Lim has created a tool to map WerFaultSecure to Microsoft Defender Endpoint processes. Microsoft has the opportunity to enhance these components against misuse by implementing restrictions on suspicious invocations.
Winsage
September 22, 2025
The initial stable release of Windows 11 version 25H2 is imminent, with users able to access the full ISO and enablement package (eKB) for upgrading from version 24H2. The eKB upgrades systems from build 26100.6584 (Windows 11 24H2) to build 26200.6584 (version 25H2). This new build is ahead of the Release Preview ISO released by Microsoft about ten days prior. A preview update for version 25H2 is expected on Tuesday, aligning with the Week D schedule, and a stable release is anticipated on Patch Tuesday, October 14th.
Winsage
September 22, 2025
Windows 11 25H2 is set to roll out in the next week or two and is primarily an enablement package rather than a significant feature update. The update includes enhancements to the Start menu and introduces an 'Xbox mode' for handheld gaming devices, aimed at improving gaming performance. Many users may already have components of this update on their systems due to Microsoft's gradual rollout approach. The update is considered minor, with more features being removed than added, including the discontinuation of PowerShell 2.0. Users are advised that there is no urgency to download it immediately.
Tech Optimizer
September 22, 2025
A security researcher has developed a tool called EDR-Freeze that allows for the temporary disabling of endpoint detection and response (EDR) systems and antivirus software without using vulnerable drivers. EDR-Freeze exploits the Windows Error Reporting functionality to execute a race condition attack that suspends security processes, specifically targeting the WerFaultSecure.exe process. The tool can successfully suspend the MsMpEng.exe process of Windows Defender on Windows 11 24H2. It operates entirely within user-mode and uses legitimate Windows components, making detection more difficult for security teams. The source code for EDR-Freeze is publicly available on GitHub, intended for legitimate security research, but poses risks of misuse by malicious actors. Security teams are advised to monitor for suspicious activity related to WerFaultSecure.exe and to enhance their process protection mechanisms.
Winsage
September 22, 2025
Windows 11 will soon allow users to set videos, including formats like .mp4, as desktop backgrounds in the upcoming 24H2 or 25H2 updates. The feature will enable videos to play automatically in a loop and is inspired by the third-party application WallpaperEngine. It is linked to forthcoming optional updates and may be available by October for users running Windows 11 Build 26220 or newer. To set a video as a background, users will go to Settings > Personalization > Background. Supported file formats include .mp4, .m4v, .mov, .wmv, .avi, .mkv, and .webm. The feature is reminiscent of the "DreamScene" functionality from Windows Vista and is designed to be non-interactive, potentially reducing power and resource consumption.
Tech Optimizer
September 21, 2025
EDR-Freeze is a proof-of-concept tool developed by Zero Salarium that can place Endpoint Detection and Response (EDR) and antivirus solutions into a suspended state. It utilizes the MiniDumpWriteDump function from the Windows DbgHelp library to achieve this by extending the suspension of target processes. The tool circumvents the Protected Process Light (PPL) security feature using WerFaultSecure.exe, which operates at a high privilege level. By launching WerFaultSecure.exe with specific parameters, EDR-Freeze can monitor and suspend it, preventing the target EDR or antivirus process from resuming. A test on Windows 11 24H2 successfully suspended the MsMpEng.exe process of Windows Defender. Detecting this technique involves monitoring for unusual executions of WerFaultSecure.exe targeting sensitive process IDs.
Search