Windows 11 systems Archives

Winsage

May 18, 2026

Old Windows Flaw Returns to Spotlight With MiniPlasma Exploit

Security researcher Chaotic Eclipse has introduced a Windows exploit called MiniPlasma, which may allow privilege escalation from standard user accounts to SYSTEM level access, even on patched versions of Windows. This exploit is linked to CVE-2020-17103, a flaw in the Windows Cloud Filter driver that was addressed by Microsoft in December 2020. Tests have reportedly demonstrated the exploit functioning on a patched Windows 11 Pro system, achieving SYSTEM access from a standard user account. The exploit involves an undocumented registry-key path within the .DEFAULT user hive, raising concerns about the effectiveness of the 2020 fix. There is a discrepancy between public and Canary builds of Windows 11, with the exploit working on the public build but not on the Canary build. Microsoft’s April 2026 Patch Tuesday updates included another entry related to the Windows Cloud Files Mini Filter Driver elevation-of-privilege issue. Defenders are advised to monitor the CVE-2020-17103 record for further clarification regarding the status of the original fix and the implications of the MiniPlasma exploit.

Winsage

May 18, 2026

Microsoft confirms Windows 11 security update install issues

Microsoft has acknowledged a significant issue with the May 2026 Windows 11 security update, KB5089549, where users are encountering difficulties in installation, specifically the 0x800f0922 error code. This issue is primarily due to insufficient free space on the EFI System Partition (ESP), especially for devices with 10 MB or less available. The installation may fail during the reboot phase at around 35–36% completion, with users receiving notifications like "Something didn't go as planned. Undoing changes." Log entries may indicate insufficient ESP free space, such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70." Microsoft recommends affected users utilize the Known Issue Rollback feature to reverse problematic updates and advises IT departments to install and configure the relevant Group Policy to address the issue.

Winsage

May 18, 2026

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse has unveiled a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, codenamed MiniPlasma, which targets the "cldflt.sys" component and could grant SYSTEM privileges on fully patched Windows systems. This vulnerability was initially reported to Microsoft by James Forshaw from Google Project Zero in September 2020. Although Microsoft was believed to have resolved it in December 2020 as part of CVE-2020-17103, further analysis indicates that the flaw remains unaddressed. Chaotic Eclipse demonstrated that the original PoC could still spawn a SYSTEM shell reliably on his machines. The vulnerability is believed to affect all versions of Windows, with confirmation that MiniPlasma opens a "cmd.exe" prompt with SYSTEM privileges on Windows 11 systems with the latest May 2026 updates, though it does not function on the latest Insider Preview Canary version. In December 2025, Microsoft addressed a separate privilege escalation flaw in the same component, identified as CVE-2025-62221, which had a CVSS score of 7.8 and was reportedly being exploited by threat actors.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 14, 2026

Windows 11 26H1: Microsoft keeps the special branch on track for new hardware

Microsoft has released an update to Windows 11 version 26H1, OS Build 28000.2113, through cumulative update KB5089548 on May 12, 2026. This update includes essential security fixes and non-security enhancements from the previous month's optional preview. Windows 11 version 26H1 is specifically designed for new devices launching in early 2026 and will not be available as an in-place update for existing systems running versions 24H2 or 25H2. The update focuses on maintenance for this branch, with improvements in SSDP notifications and gaming compatibility. It also includes AI enhancements exclusive to Copilot+-enabled PCs. Microsoft continues to support versions 24H2 and 25H2 for enterprise deployments, while 26H1 is relevant only for new hardware platforms. Currently, there are no known issues reported for Windows 11 26H1 or update KB5089548.

AppWizard

May 8, 2026

Windows 11 rumored to get new mode that instantly boosts game and app performance by up to 70%, but there’s a catch

Windows 11 is facing criticism for its CoPilot AI integration, performance on handheld devices, and limited customization options. However, reports indicate that Microsoft is developing a "Low Latency Profile" feature aimed at enhancing performance by temporarily increasing CPU frequency for brief intervals of one to three seconds. This mode is expected to improve app launch times by up to 40%, speed up load times for interface elements by up to 70%, and boost performance for many third-party applications. The feature is part of the Windows K2 initiative, which seeks to address user complaints about Windows 11. It is currently in early testing, and it is unclear if users will be able to toggle it on and off.

Winsage

May 4, 2026

Microsoft Confirms Critical Windows Update Error Disrupting Global Systems

Microsoft has confirmed a critical bug in its latest cumulative update, affecting millions of Windows 10 and Windows 11 users. The issue leads to a "Restart and Shut Down" loop, preventing users from completing the update and locking them out of their devices. This disruption is particularly severe for corporate IT departments, with reports of entire office networks being paralyzed. The problematic update, identified as KB5037853, was meant to address security vulnerabilities but has caused systems to display an endless "Update and Restart" message. Some users experience a "Blue Screen of Death" (BSOD) and may be forced into "Recovery Mode." Microsoft is working on a "Known Issue Rollback" (KIR) to automatically undo the problematic code for consumer machines, while enterprise users may require manual intervention. The downtime is projected to result in significant financial losses, with large enterprises potentially losing up to ,600 per minute of unplanned downtime. Affected versions include Windows 11 22H2, 23H2, and Windows 10 22H2. Symptoms include failure to shut down, BSOD on boot, and missing Start menu icons. The estimated downtime ranges from 4 to 12 hours, depending on IT response speed. Critics have raised concerns about Microsoft's development process, suggesting it places users in the role of beta testers.

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

Winsage

May 1, 2026

Windows 11 KB5083631 update released with 34 changes and fixes

Microsoft has released the KB5083631 optional cumulative update for Windows 11, featuring 34 enhancements aimed at improving user experience and system performance. Key features include a new Xbox mode for immersive gaming, improved performance for startup applications, enhanced security for batch files and CMD scripts, haptic feedback on supported devices, improvements to Secure Boot, and updates to Kerberos authentication. The update also addresses issues with Windows Security event logging, eliminates a white flash in dark mode, and increases the reliability of explorer.exe processes. Users can install the update via Windows Settings under Windows Update. After installation, Windows 11 devices will be updated to builds 26100.8328 and 26200.8328. Additionally, updated Secure Boot certificates are being rolled out, and some Windows Server 2025 devices may require a BitLocker recovery key after the update.