Windows Kernel Archives

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Tech Optimizer

January 22, 2026

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware

A large-scale campaign is exploiting the truesight.sys Windows security driver from Adlice Software’s RogueKiller antivirus to disable endpoint detection and response (EDR) and antivirus solutions, facilitating the deployment of ransomware and remote access malware. This attack utilizes over 2,500 validly signed variants of the driver, allowing attackers to manipulate legacy driver signing rules to load pre-2015 signed drivers on Windows 11 machines. The vulnerable TrueSight driver exposes an IOCTL command that enables attackers to terminate security processes, providing them with kernel-level access to bypass user-mode protections. The infection chain typically starts with phishing emails or compromised sites, leading to the installation of a downloader that retrieves additional malicious components. The malware establishes persistence and deploys an EDR killer module targeting nearly 200 security products. Once defenses are disabled, the final payload, often a remote access trojan or ransomware, executes with minimal visibility, completing the attack in as little as 30 minutes.

Winsage

January 20, 2026

Microsoft veteran explains the one weird trick that made Windows 95 restart faster

Microsoft's Raymond Chen discussed the "Shift during Restart" trick in Windows 95, which allowed users to bypass a lengthy reboot process. This was achieved by sending the EW_RESTARTWINDOWS flag to the 16-bit ExitWindows function, leading to a series of shutdowns involving the 16-bit Windows kernel and the 32-bit virtual memory manager. The CPU would then revert to real mode, allowing win.com to take control and initiate protected-mode Windows. Chen explained that .com files are allocated all available conventional memory upon launch, which can be returned to the system. Win.com efficiently releases excess memory, but if another program occupies that space, memory fragmentation can occur, preventing win.com from restoring the system and resulting in a full reboot. This engineering solution provided a smoother user experience, contrasting with modern Windows users who face disruptive update notifications.

Winsage

January 1, 2026

Windows Reborn: Microsoft Moves Copilot into the Kernel, Launching the Era of the AI-Native OS

Microsoft is transitioning its Windows operating system to an "AI-native" platform, embedding AI capabilities directly into the Windows kernel, marking a significant architectural shift not seen in three decades. This new approach, called the "Agentic OS," allows AI to manage files, system settings, and workflows proactively. The updated kernel, partially rewritten in Rust, includes a new NPU-aware scheduler that treats the Neural Processing Unit as a primary resource. Microsoft has introduced "Agent Workspace" and "Agent Accounts" for autonomous agents, ensuring actions are logged and audited for compliance. Communication between agents and the system is facilitated by the Model Context Protocol (MCP). Hardware requirements for the new OS have increased, with benchmarks set for NPUs achieving 80 to 100 TOPS. Major PC manufacturers are adjusting their portfolios to accommodate "Agentic PCs." The competitive landscape is evolving, with companies like Alphabet and Apple developing their own AI-native platforms. The introduction of the AI-native kernel raises privacy and security concerns, with Microsoft implementing measures to restrict third-party access to the kernel. Future updates may include "self-healing" capabilities and "Cross-Device Agency," leading to a more integrated personal AI experience.

Winsage

December 28, 2025

Microsoft puts the brakes on speculation about a full Rust port of Windows

Microsoft has clarified that its initiative to explore migrating C and C++ codebases to Rust is primarily a research project, not a definitive plan to rewrite Windows in Rust by 2030. The company has been integrating Rust into specific areas of its operations, particularly in newer versions of Windows 11, to enhance security without overhauling existing systems. Microsoft has incorporated certain components of the Windows kernel in Rust but has not announced plans for a full migration of all kernel and user-space components. The project aims to develop tools for efficient analysis and partial automation of transferring large codebases to other programming languages, with AI-supported processes involved. Assertions that this research will lead to a complete Rust version of Windows are unsubstantiated.

Winsage

December 25, 2025

Microsoft engineer clarifies post on eliminating C, C++ languages: Windows is…

A Microsoft distinguished engineer, Galen Hunt, clarified that a project aimed at rewriting parts of Microsoft's code using AI and Rust is strictly research-focused and not an official plan to phase out C and C++ from Windows by 2030. His team is developing technology for large-scale code migration between programming languages, aiming for "1 engineer, 1 month, 1 million lines of code." This project is part of Microsoft's Future of Scalable Software Engineering group and is not a roadmap for Windows 11 or future versions. Microsoft has been integrating Rust into its products, including rewriting segments of the Windows kernel in 2023, as part of its commitment to adopting memory-safe programming languages.

Winsage

December 25, 2025

Microsoft engineer clarifies post on eliminating C, C++ languages: Windows is…

A Microsoft engineer, Galen Hunt, clarified that his earlier statements about phasing out all C and C++ code by 2030 were misinterpreted. He emphasized that the initiative he discussed is a research project focused on developing technology for large-scale code migration between programming languages, not a definitive plan for Windows. The goal of the project is to enable "1 engineer, 1 month, 1 million lines of code" using AI agents and algorithmic infrastructure. Hunt's team is looking for a Principal Software Engineer with Rust experience to assist in this research. Microsoft has been integrating Rust into its products, including rewriting parts of the Windows kernel in Rust, as it aims to improve security and reduce programming errors. However, Hunt noted that Rust is not necessarily the final destination for all Microsoft code.

Winsage

December 24, 2025

Microsoft engineer says Windows isn’t being rewritten to Rust with AI

Galen Hunt, a Distinguished Engineer at Microsoft, has proposed a plan to phase out all C and C++ code within the company, emphasizing that this initiative is focused on developing technologies for smoother transitions between programming languages rather than a complete rewrite of Windows in Rust. Microsoft aims to eliminate technical debt and address memory-related vulnerabilities, which account for about 70 percent of vulnerabilities in its products, by adopting Rust, a language known for its memory safety features. The company is leveraging advanced tooling and AI to facilitate the transition, and Hunt is seeking a Principal Software Engineer with Rust expertise to support these efforts. Microsoft’s commitment to Rust reflects a broader trend of increasing adoption of the language, with significant growth in enterprise settings. Major tech companies are also integrating Rust into their infrastructure, highlighting its importance for critical systems.

Winsage

December 24, 2025

Microsoft engineer says Windows isn’t being rewritten to Rust with AI

Galen Hunt, a Distinguished Engineer at Microsoft, has proposed to eliminate all C and C++ code within the company, focusing on transitioning to Rust. This initiative aims to address technical debt and improve memory safety, as C and C++ are responsible for approximately 70% of vulnerabilities in Microsoft products. Microsoft plans to leverage AI and modern tooling to facilitate this transition, which includes rewriting portions of the Windows kernel in Rust. Hunt is seeking a Principal Software Engineer with Rust expertise to support this effort. The adoption of Rust is growing globally, with a reported 2.3 million developers using it, and major tech companies are increasingly integrating it into their infrastructure.

Winsage

December 24, 2025

“My goal is to eliminate every line of C and C++ from Microsoft by 2030” — Microsoft bets on AI to finally modernize Windows

Microsoft is planning to replace C and C++ with Rust across its codebases by 2030, as stated by engineer Galen Hunt. The company aims to eliminate every line of C and C++ using artificial intelligence and advanced algorithms, targeting a goal of “1 engineer, 1 month, 1 million lines of code.” Microsoft has developed a code processing infrastructure to support this initiative, which is already operational for various code understanding challenges. In 2023, Microsoft began rewriting parts of the Windows Kernel using Rust due to vulnerabilities associated with C and C++. The new role advertised by Hunt is part of the Future of Scalable Software Engineering group within Microsoft CoreAI, indicating a significant investment in modernizing Microsoft's code for enhanced security and efficiency.