Windows Defender Archives

Winsage

June 22, 2026

Microsoft says it’ll force install Microsoft 365 Copilot on Windows 11 with MS 365 Business in the next 30 days

Microsoft is reintroducing the Microsoft 365 Copilot app, which will automatically install on eligible Windows PCs with Microsoft 365 desktop applications between mid-June and mid-July. Users in the European Economic Area will not be affected by this automatic installation. Admins can opt out of the automatic integration. The app will be activated by default, requiring no user intervention. Microsoft is not using the Windows Store for this installation; instead, it relies on the built-in Microsoft 365 Apps updater. Users can disable Copilot features on a case-by-case basis in specific Office apps or change privacy settings to block Copilot functionalities. Microsoft has also made Classic plans available in select regions for users who want a version without Copilot. Administrators can use Office policy settings to block connected experiences that drive Copilot functionalities but must opt out through the Microsoft 365 Apps admin center to prevent installation.

Winsage

June 18, 2026

Skip paying full price and save $80 on Windows 11 Home

A Windows 11 Home license is currently available for .99, a significant reduction from the standard retail price of 9.99. The license is permanent and non-transferable, valid for the lifetime of the installation on one specific machine. It is provided as a digital key, requiring the download and installation of Windows prior to activation.

Winsage

June 12, 2026

Microsoft’s bug-hunting nemesis extends vendetta with more zero-day attacks — Nightmare Eclipse publishes RoguePlanet and GreatXML local privilege escalation exploits

Nightmare-Eclipse, also known as Chaotic-Eclipse, has introduced two new exploits: RoguePlanet and GreatXML. RoguePlanet exploits a vulnerability in Windows Defender, allowing attackers to gain SYSTEM user access privileges by tricking a user into executing a script. This access enables attackers to execute commands beyond standard Administrator capabilities, siphon sensitive data, and install malware. GreatXML provides a method for bypassing BitLocker encryption by creating a specially crafted "unattend.xml" file and a "Recovery" directory on the Windows recovery partition. Microsoft has shifted its stance from threatening legal action against Eclipse and is now monitoring the situation, while Eclipse has postponed a planned mass disclosure of zero-day Windows vulnerabilities initially set for July 14 due to delays in developing RoguePlanet.

Winsage

June 11, 2026

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse has released a Windows BitLocker bypass tool named GreatXML, following a previously disclosed exploit targeting Microsoft Defender. The discovery was made accidentally and took four hours. A critical vulnerability exists for users who have used the Windows Defender Offline Scan feature, making them susceptible to the BitLocker bypass. The exploit involves copying an XML file and a recovery folder to the recovery partition and rebooting into the Windows Recovery Environment (WinRE). If the Defender offline scan was not initiated, users must log in to start it or find a way to boot into WinRE in offline scan state. GreatXML is the second BitLocker bypass tool released by Chaotic Eclipse, following the earlier exploit known as YellowKey (CVE-2026-45585), which has been patched by Microsoft.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 9, 2026

Troubleshoot common Windows 11 Pro security alerts and what to do next

Windows 11 Pro includes a suite of security features under Windows Security, which continuously protects the PC. Common security alerts include: 1. "Turn on virus protection" or "Real-time protection is off" alerts: These occur after installing or removing a third-party antivirus. To restore protection, open Windows Security, select Turn on in the Virus & threat protection section, and confirm. 2. "Threat found" or "Threat found - action needed" alerts: Indicate that Windows Defender has detected a potential threat. To manage these, open Windows Security, navigate to Virus & threat protection, click on Protection history, select Threat blocked, and use the Actions dropdown to quarantine or allow the file. 3. "Threat quarantined" or "Threat blocked" alerts: A Threat quarantined alert means a file is isolated for review, while a Threat blocked alert indicates successful removal by Defender. Investigate how the threat entered the system. 4. SmartScreen alerts: SmartScreen protects against malicious websites and downloads. If a threat is identified, a red warning page appears. Users can report the site as safe or proceed at their own risk. Blocked downloads can be managed in Edge's Downloads menu. 5. "This app has been blocked" alerts: Smart App Control prevents the installation of untrusted applications. Disabling this feature should only be done if the application is deemed safe. Settings can be found under Windows Security > App & browser control > Smart App Control settings.

AppWizard

June 9, 2026

This New Computer Virus Is Disguising Itself As A Popular Video Game

Old-school gaming consoles are seeing a resurgence, but hackers are exploiting this trend with a malware campaign called "WeedHack," which emerged in January. This malware operates on a "Malware-as-a-Service" model, allowing users to purchase it to infect victims. WeedHack functions as a remote access infostealer, compromising computers to manipulate screens, access webcams, and steal sensitive data. It propagates by enticing users with unofficial "Minecraft" mods and clients, often using videos and download links as bait. Additionally, it employs "SEO poisoning" to promote fake websites as legitimate sources for these mods on platforms like Discord and Reddit. WeedHack disguises itself as a JAR file, similar to the official "Minecraft" client, and once executed, it installs its payload from Ethereum server domains. It can insert itself into antivirus exclusion lists, evading detection, and McAfee's tests show that Windows Defender is ineffective against it. The malware collects extensive information, including Wi-Fi networks and browser cookies, and grants hackers complete control over infected computers. The WeedHack virus serves as both malware and a training ground for aspiring hackers, structured into two tiers: a free version with core capabilities and a paid subscription for advanced features. A community has formed around WeedHack, offering tutorials, a Discord server, and a website for feature requests and custom payload creation. This community aspect lowers the barrier for newcomers, particularly targeting a younger audience that may not understand online safety.

Tech Optimizer

June 9, 2026

I trusted Malwarebytes to secure my PC for a month

Malwarebytes is an effective antivirus solution that provides robust protection against cyber threats, identified and blocked threats efficiently during usage. The software features a user-friendly interface with a Dashboard that includes tools such as a system scanner, VPN, and Trusted Advisor, which assesses system security. The Privacy, Identity, Tools, and Scam Guard sections offer additional functionalities, including monitoring for data breaches and identifying fraudulent emails. Malwarebytes operates with minimal CPU resource usage while effectively blocking malware and phishing attempts. An independent evaluation by MRG Effitas confirmed its high performance, earning a Level 1 certification. Pricing for Malwarebytes Premium starts at an annual fee for the Standard plan, with additional options available.

Winsage

June 8, 2026

Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

Microsoft has rolled out new Defender patches for Windows 11 ISOs, aligning with its commitment to security updates. Updates for Microsoft Defender for Endpoint's endpoint detection and response (EDR) will no longer be included with monthly Windows security updates or Patch Tuesdays; they will now be delivered via Microsoft Update. This change aims to allow faster deployment of EDR enhancements independently of the operating system's update cycle. The rollout for Windows 10 began in late May 2026, with plans to extend support to Windows 11 and other versions by fall 2026. EDR updates will be delivered using KB5005292, contingent on prerequisite updates. Systems must run Sense version 10.8798.25857.1000 or later and have specific Windows updates installed to qualify for the new delivery method. Organizations should align their update policies with this new approach before the broader rollout. In case of significant issues, the EDR update can be reverted using a specific command. Further details are available in the Microsoft 365 Admin Center under message ID MC1381119.

Winsage

June 6, 2026

Microsoft released new Defender update for Windows 11, 10, Server ISO installations

Microsoft is rolling out updates for Windows Defender to protect users from newly discovered malware threats. These updates occur frequently, with a significant refresh every three months for Windows installation images (WIM and VHD) and ISOs. The recent Windows 11 update includes the latest definitions and addresses vulnerabilities from outdated anti-malware definitions in installation images. The latest security definitions were delivered through security intelligence update version 1.445.323.0, applicable to various platforms, including Windows 11 and several Windows Server versions. The update enhances the anti-malware client, engine, and signature versions to platform version 4.18.26040.7, engine version 1.1.26040.8, and security intelligence version 1.447.236.0. The most recent intelligence update is version 1.451.297.0, which improves threat detection against various malware types.