Windows 11 version 24H2 Archives

Winsage

November 21, 2025

CVE-2025-50165: Critical Flaw in Windows Graphics Component

In May 2025, Zscaler ThreatLabz identified a critical remote code execution vulnerability, CVE-2025-50165, with a CVSS score of 9.8, affecting the Windows Graphics Component within the windowscodecs.dll library. Applications relying on this library, including Microsoft Office documents, are vulnerable to exploitation via a malicious JPEG image. When a user opens such a file, their system can be compromised, allowing remote code execution. Microsoft released a patch for this vulnerability on August 12, 2025, affecting several versions of Windows, including Windows Server 2025 and Windows 11 Version 24H2 for both x64 and ARM64-based systems. ThreatLabz recommends that all Windows users update their applications to the patched versions. The attack chain involves crafting a JPEG image to exploit the vulnerability, which can be triggered directly or indirectly through other files. The vulnerability's analysis revealed issues with uninitialized memory and the need for a Control Flow Guard bypass for exploitation. Attackers can manipulate the instruction pointer through heap spraying and Return-Oriented Programming. ThreatLabz developed a Proof-of-Concept application to demonstrate the exploitation process and has implemented protective measures against the vulnerability.

Winsage

November 15, 2025

Why Microsoft is automatically upgrading certain Windows 11 PCs to version 25H2 and why you shouldn’t try to block it

Windows 11 version 23H2 has reached end of servicing as of November 11, 2025, for Home and Pro editions, while Enterprise and Education editions will receive updates until November 10, 2026. Users are encouraged to upgrade to Windows 11 version 25H2 for ongoing security updates and new features. Some older PCs may not qualify for the upgrade due to outdated processors. Windows 11 versions 25H2 and 24H2 will share the same feature set, including an improved Start menu and enhanced gaming experience. Users upgrading from version 23H2 can expect features introduced in version 24H2.

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.

Winsage

November 12, 2025

Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege

Microsoft has identified a critical vulnerability, CVE-2025-62215, affecting the Windows Kernel, which is currently being exploited. This flaw, rated as Important, involves an elevation of privilege issue due to improper synchronization of shared resources, categorized under race condition (CWE-362) and double free (CWE-415). Exploitation requires high complexity and local authorization, allowing attackers to gain SYSTEM privileges for significant control over the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11 (multiple versions), and Windows Server (2019, 2022, and 2025), with patches released on November 12, 2025. Organizations are advised to prioritize swift patching and detection efforts, especially for servers and administrative workstations.

Winsage

November 6, 2025

Latest Windows Updates Trigger BitLocker Recovery

Microsoft has warned that its October 2025 security update may cause a BitLocker recovery prompt on certain systems, particularly affecting devices running Windows 10 version 22H2 and Windows 11 versions 25H2 and 24H2. BitLocker, a security feature in Windows, encrypts drive contents to protect against unauthorized access. The issue arises when some devices inadvertently enter BitLocker recovery mode during startup. This is especially common with Intel-based devices that support Connected Standby. Affected users may need to enter a recovery key once, after which the device should boot normally. Microsoft has provided a fix that administrators must manually deploy, and users without their recovery key risk losing data. They are advised to try retrieving the key through their Microsoft account.

Winsage

November 4, 2025

Microsoft WSUS Patch Breaks Hotpatching on Windows Server 2025

A recent Microsoft security update (KB5070881) aimed at fixing a critical vulnerability in the Windows Server Update Service (WSUS) inadvertently disrupted hotpatching for some Windows Server 2025 systems enrolled in the Hotpatch program. This disruption prevents affected servers from applying updates without requiring a restart, forcing administrators to revert to traditional cumulative updates until January 2026. The vulnerability, CVE-2025-59287, allowed potential remote code execution by exploiting weaknesses in WSUS. Microsoft has since released a new update (KB5070893) that addresses the vulnerability while restoring hotpatching capabilities for those who have not yet installed the problematic update.

Winsage

October 31, 2025

Dev and Beta Channels Get a New Preview Quality Update, Bigger Changes to Come

The Windows Insider Program is rebranding its updates, with the latest cumulative update preview build now called a Preview Quality Update. The update, Windows 11 Insider Preview Quality Update KB5067115, is available for users in the Dev and Beta channels. It upgrades Dev channel systems to Windows 11 version 25H2 build 26220.7051 and Beta channel systems to Windows 11 version 24H2 build 26220.7051. KB5067115 is classified as a recommended update for the Beta channel, indicating a shift towards testing 25H2 builds. New features in this update include: - Integration of Ask Copilot into the Taskbar's Search box, allowing access to Copilot Voice and Copilot Vision. - A Full-screen experience being extended to additional gaming handheld PCs, starting with the MSI Claw. - Support for Bluetooth LE-based shared audio broadcasts on Copilot+ PCs, enabling collaborative audio experiences. - Improvements to the x64 emulator in Windows 11 on Arm, enhancing CPU feature support and allowing more applications to function seamlessly.

Winsage

October 23, 2025

Microsoft Confirms Recent Updates Causing Login Issues Across Windows Versions

Microsoft has identified a significant issue affecting users of Windows 11 version 24H2, version 25H2, and Windows Server 2025, where many users experience persistent login failures due to duplicate Security Identifiers (SIDs) after installing updates released on or after August 29, 2025. Reports indicate that after installing the preview update KB5064081 or the cumulative update KB5065426, devices with identical SIDs struggle to complete Kerberos or NTLM authentication, leading to repeated prompts for credentials and common error messages such as "Login attempt failed" and "Your credentials didn’t work." Shared network folders become inaccessible, and Remote Desktop connections fail. The root cause is enhanced security checks enforcing SID uniqueness, which block authentication handshakes when duplicate SIDs are detected. Duplicate SIDs typically occur when administrators clone Windows installations without using Sysprep, which is necessary to assign unique SIDs. Microsoft recommends rebuilding devices with duplicate SIDs using supported methods and running Sysprep prior to capturing images for deployment. As a temporary measure, administrators can install a specific Group Policy provided by Microsoft Support for Business.

Winsage

October 18, 2025

New Windows GDI Rust Kernel Vulnerability Triggers Remote Code Execution

Security researchers identified a vulnerability in the Rust-based Windows kernel component, specifically within the Windows Graphics Device Interface (GDI), which can be triggered remotely and cause system-wide crashes. The flaw was linked to the win32kbase_rs.sys kernel driver, resulting from an out-of-bounds memory access while processing a malformed path in an EmfPlusDrawBeziers record. This vulnerability represents a denial-of-service risk, allowing a malicious actor to crash systems by embedding a harmful metafile in documents or webpages. It affects both x86 and x64 systems running Windows 11 version 24H2, with a single compromised low-privilege account capable of causing widespread crashes. Microsoft released a fix in the May 28, 2025, preview update (KB5058499), which included a new bounds-hardened routine, but initial testing showed that the feature flag for this fix was disabled, delaying full mitigation until July 2025 Patch Tuesday.

Winsage

October 17, 2025

Microsoft Issues New Windows 11 Dev and Beta Builds

Microsoft has released cumulative update KB5067106 for users in the Windows Insider Program on the Dev and Beta channels. This update brings the Dev channel to Windows 11 version 25H2 build 26220.6972 and the Beta channel to version 24H2 build 26120.6972. Key changes include: - A revamped Mobile Devices interface in the Settings app for easier management of connected devices. - File Explorer now supports Dark mode in the Folder Options dialog. - Users can disable the Drag Tray feature under Settings > System > Nearby sharing. - A new “View my benefits” link has been added to the account flyout in the Start menu. - The Game Pass promotional tile in Settings has been updated for clarity. - Various system issues have been addressed, although some known issues remain, including a bug affecting Text actions in Click to Do and Recall.