Windows 11 security

AppWizard
June 25, 2026
Riot Games has introduced a new feature for its Vanguard anti-cheat system called Vanguard On-Demand, which allows the kernel driver to load only when a Riot game is launched and unload upon exit. This change ends the previous practice of loading the driver at Windows start-up, which has been in place since 2020. The new mode is supported by Windows 11 25H2 and requires specific hardware configurations, including UEFI Secure Boot, TPM 2.0, Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and IOMMU. Approximately 35% of players currently meet these hardware requirements, while around 3% are using incompatible systems. Riot has created a checklist called Vanguard Pre-Check to help players determine if their systems qualify. The percentage of fully secured machines is estimated to be around 34.33% and is increasing monthly. Players whose systems do not meet the criteria will need to make manual adjustments in their BIOS. Vanguard On-Demand mode will be available for players on Windows 11 starting later today. The feature is based on Microsoft’s Runtime Driver Attestation Report, which tracks driver activity since boot and helps ensure no vulnerable drivers have been loaded while Vanguard is inactive. Riot Games has required TPM 2.0 and Secure Boot on Windows 11 since 2020 and has faced criticism for these requirements. Enabling VBS and HVCI may affect frame rates and could disable older peripheral drivers due to Microsoft's vulnerable driver blocklist.
Winsage
June 18, 2026
Microsoft resolved an installation issue affecting the June 2026 security updates (KB5094122) on Windows Server 2016 systems that had not previously installed the KB5087537 update, which was a prerequisite. Users had encountered 0x80070002 or FILENOTFOUND errors. Microsoft acknowledged the problem and confirmed that affected devices should no longer experience installation failures for the June 2026 update. Additionally, Microsoft fixed a similar issue with the May 2026 Windows 11 security update (KB5089549) that resulted in 0x800f0922 errors due to insufficient space on the EFI System Partition. They also warned users about potential installation issues with error codes 0x80073712 or 0x800f0993 on devices upgraded to Windows 11 24H2 or 25H2. Furthermore, Microsoft addressed a boot issue for Windows Server 2025 devices after the April 2026 update and a bug affecting installation failures for updates since May 2025 using the Windows Update Standalone Installer (WUSA). Lastly, they are investigating a separate issue preventing third-party applications from launching essential Office programs after the June 2026 updates.
Winsage
June 10, 2026
Microsoft has warned customers about potential installation complications with the latest monthly updates on certain Windows devices upgraded to Windows 11 versions 24H2 or 25H2. Users may encounter error codes 0x80073712 or 0x800f0993 when attempting to install cumulative updates for June 2026. Affected devices include a small fraction of those running Windows 10 versions 22H2 and 21H2, as well as Windows 11 version 23H2. Users may find that updates have failed, and the specified error codes will appear in the Windows Update log files. Microsoft plans to deploy a resolution for unmanaged enterprise devices and personal PCs after a system restart, with no new devices in these categories affected starting from May 19, 2026. For impacted devices, Microsoft has released specific updates as part of its June 2026 Patch Tuesday to prevent the issue. However, the problem will not be fixed for systems already upgraded to Windows 11 versions 24H2 or 25H2, and users are advised to remove the affected package using a command in an elevated Command Prompt. If this does not resolve the issue, users may need to perform a Windows 11 in-place upgrade. Microsoft has previously addressed similar challenges related to Windows update installations, including issues from the March 2026 non-security preview update and the January 2026 optional non-security preview updates.
Winsage
June 1, 2026
Microsoft resolved an issue causing installation failures and error code 0x800f0922 during the deployment of the May 2026 Windows 11 security update (KB5089549), which was linked to insufficient free space on the EFI System Partition (ESP). The problem mainly affected devices with 10 MB or less available space, leading to automatic rollbacks of the update. The resolution was provided through the release of the Windows 11 KB5089573 preview cumulative update on May 26, 2026. Users installing updates released on or after this date will not need a workaround, while those with earlier updates can use the Known Issue Rollback feature. Additionally, IT administrators in enterprise settings can manually address the issue through Group Policy configurations. The KB5089573 update introduced 30 changes to improve performance and reliability.
Winsage
May 28, 2026
Microsoft has acknowledged an issue with the May 2026 security update for Windows Server 2016, affecting systems with hostnames of exactly 15 characters, which leads to failed domain controller (DC) lookups. The error occurs during DC lookups, specifically returning the error code ERRORINVALIDPARAMETER. Servers with 14 or 16 character hostnames are not affected. Administrators may face challenges with DFS Namespace management and other functions reliant on DC access. Microsoft is investigating the issue but has not provided a timeline for a fix. Windows Server 2016's mainstream support ended in January 2022, but extended support will continue until January 2027.
Winsage
May 26, 2026
Microsoft has acknowledged an issue affecting Windows Server 2016 systems related to domain controller lookups after the installation of the KB5087537 security update released in May 2026. The problem occurs specifically for devices with hostnames that are exactly 15 characters long, causing domain controller discovery to fail and resulting in an ERRORINVALIDPARAMETER during DCLocator calls. This issue may disrupt administrative operations that depend on domain controller lookups, such as DFS Namespace management. Microsoft is investigating the issue but has not provided a timeline for resolution.
Winsage
May 19, 2026
Microsoft has issued a service alert indicating that customers in restricted network environments may encounter Windows Update failures, specifically error code 0x80010002, after installing the January 2026 optional non-security preview updates. Affected devices might download the February monthly Windows security update but could struggle with updates released in March and beyond due to changes in download timeout requirements. Microsoft is working on a resolution, and IT administrators can use Known Issue Rollback (KIR) as a workaround by configuring the appropriate Group Policy for their Windows version. A device restart is required to apply these settings. Historical issues include a bug fixed in April 2025 affecting WSUS installations and another issue resolved in August 2025 related to the Windows 11 24H2 cumulative update. Additionally, a KIR fix was provided for a known issue causing the May 2026 Windows 11 security update to fail with error code 0x800f0922.
Winsage
May 18, 2026
Microsoft has acknowledged a significant issue with the May 2026 Windows 11 security update, KB5089549, where users are encountering difficulties in installation, specifically the 0x800f0922 error code. This issue is primarily due to insufficient free space on the EFI System Partition (ESP), especially for devices with 10 MB or less available. The installation may fail during the reboot phase at around 35–36% completion, with users receiving notifications like "Something didn't go as planned. Undoing changes." Log entries may indicate insufficient ESP free space, such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70." Microsoft recommends affected users utilize the Known Issue Rollback feature to reverse problematic updates and advises IT departments to install and configure the relevant Group Policy to address the issue.
Winsage
May 15, 2026
Microsoft will roll out Low Latency Profile enhancements for Windows 11 in the coming weeks, currently being tested in Release Preview builds. This feature optimizes CPU performance by temporarily boosting frequency during brief intervals, potentially improving app launch responsiveness by up to 40% and system flyouts by up to 70%. Preliminary tests indicate significant performance improvements, especially for users with lower-end hardware. The feature operates in the background and is not user-configurable. It will be included in an upcoming optional non-security preview update expected by the end of the month, followed by integration into the next monthly security patch on June 9. Updates will be rolled out in phases. These enhancements are part of Microsoft's Windows K2 initiative.
Winsage
May 13, 2026
Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.
Search