Windows 11 Archives

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

Winsage

May 14, 2026

‘Avoid Disruption’—Microsoft Updates Windows Before June Deadline

Microsoft has released a security update for Windows 10 users, identified as KB5087544, which includes dynamic status reporting for Secure Boot states. Secure Boot certificates, in place for 15 years, are set to expire next month, and Microsoft advises users to update their certificates to avoid security risks. All Windows 10 PCs will require new certificates, but only those in the Extended Security Updates (ESU) program will be eligible for the update. Most Windows 11 devices will also need new certificates, except those purchased in the last two years. Failure to install the new certificates may affect device boot security. The update also addresses a security warning related to Remote Desktop Connection and may prompt some users to enter a BitLocker recovery key after restarting. New certificates will only be issued to devices that show successful update signals, and users should upgrade their Windows Security App to address potential issues. Notifications will be sent once new Secure Boot certificates are installed.

Winsage

May 14, 2026

Dell confirms its SupportAssist software causes Windows BSOD crashes

Dell's SupportAssist software is causing blue-screen crashes on certain Windows systems, attributed to a recent update to the SupportAssist Remediation service, specifically version 5.5.16.0. Users experiencing these crashes are advised to uninstall or disable the service to resolve the issue. Dell has acknowledged the problem and is working on a solution. Uninstalling the service may result in the loss of system repair points created by Dell OS SupportAssist Recovery. Users still facing issues after uninstallation should contact Dell support. This incident follows previous software challenges faced by Dell, including blue screens from earlier SupportAssist versions and BIOS updates that prevented some laptops from booting. Additionally, vulnerabilities have been identified in the BIOSConnect feature of Dell SupportAssist, posing security risks.

Winsage

May 14, 2026

Microsoft Fixes Windows Autopatch Bug Installing Restricted Drivers on Windows 11

Microsoft's Windows Autopatch service mistakenly deployed restricted driver updates to some managed Windows devices without proper approval, affecting Windows 11 versions 25H2, 24H2, and 23H2. This led to unexpected restarts and stability issues. Microsoft implemented a server-side fix to address this problem, confirming that only a limited subset of devices in the EU region was impacted and that no client-side action was required. Additionally, some users faced difficulties installing Office on Windows 365 machines due to a configuration change from a recent service update.

Winsage

May 14, 2026

Windows Update will soon automatically roll back faulty drivers

Microsoft is introducing a feature in Windows 11 that allows users to pause updates indefinitely, enhancing user control over their systems. Additionally, they are rolling out a "Cloud-Initiated Driver Recovery" feature that enables automatic reversion of problematic drivers installed via Windows Update, allowing Microsoft to replace faulty drivers directly from the cloud without user intervention. This updated Windows Update experience is currently being tested with hardware partners and is expected to begin a gradual rollout in September. Users will also gain the ability to extend pause dates, skip updates during device setup, and restart or shut down their PCs without needing to install pending updates.

Winsage

May 14, 2026

Raising the bar together. Introducing the Driver Quality Initiative at WinHEC 2026

The Windows Hardware Engineering Conference (WinHEC) 2026 took place in Taipei, marking Microsoft's return to the event after a hiatus since 2018. The conference focused on the Driver Quality Initiative (DQI), aimed at improving driver quality, reliability, and security on the Windows platform. The DQI is built on four pillars: Architecture, Trust, Lifecycle, and Quality Measures. Key themes discussed included the importance of collaboration among stakeholders, enhancing Windows 11 quality, and fostering innovation through strong foundational practices. Attendees participated in workshops and hands-on labs to deepen their understanding of driver development and compatibility testing. Partners expressed a shared commitment to improving driver and platform quality, emphasizing the need for transparency and ongoing engagement. Microsoft plans to continue investing in reliability, security, performance, compatibility, and quality in collaboration with its partners.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 14, 2026

Windows 11 Emoji Picker Search Box Disappears in Some Builds, Restarting Explorer Restores It

A glitch in Windows 11 has caused the search box in the emoji picker to disappear, affecting users' ability to search for emojis by name. This issue has been reported by multiple users and confirmed by Windows Central in the Insider Beta channel, but Microsoft has not acknowledged it or provided a fix. A temporary solution involves restarting Windows Explorer through Task Manager, which can restore the search box functionality. The bug's prevalence varies among users, and it is unclear if it affects stable releases of Windows 11.

Winsage

May 14, 2026

Windows 11 26H1: Microsoft keeps the special branch on track for new hardware

Microsoft has released an update to Windows 11 version 26H1, OS Build 28000.2113, through cumulative update KB5089548 on May 12, 2026. This update includes essential security fixes and non-security enhancements from the previous month's optional preview. Windows 11 version 26H1 is specifically designed for new devices launching in early 2026 and will not be available as an in-place update for existing systems running versions 24H2 or 25H2. The update focuses on maintenance for this branch, with improvements in SSDP notifications and gaming compatibility. It also includes AI enhancements exclusive to Copilot+-enabled PCs. Microsoft continues to support versions 24H2 and 25H2 for enterprise deployments, while 26H1 is relevant only for new hardware platforms. Currently, there are no known issues reported for Windows 11 26H1 or update KB5089548.

Winsage

May 14, 2026

Dell SupportAssist is crashing some Windows 11 PCs, causing them to enter reboot loops. Here’s how to stop it.

Dell users on Windows 11 are experiencing frequent blue screens and reboot loops after updating the Dell SupportAssist Remediation software to version 5.5.16.0, released on April 30. This issue particularly affects models like the XPS 15 9530, with crashes occurring approximately every thirty minutes and a common error message being "CRITICALPROCESSDIED." The problem has been traced to the DellSupportAssistRemediationService.exe, which is pre-installed on many Dell systems and designed to manage diagnostics, driver updates, and recovery tools. Users are advised to uninstall or disable the software to restore normal functionality. Dell has acknowledged the issue and is working on a resolution. Temporary workarounds include disabling the service via Command Prompt or fully uninstalling the SupportAssist components through the Settings app. However, uninstalling may result in the loss of system repair points created by the service.