Windows Kernel Archives

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Tech Optimizer

February 25, 2026

Fix “kernel security check failure”: Step-by-step guide

The "kernel security check failure" error on Windows indicates corruption in critical system memory or internal data structures, triggering a bug check to prevent further damage. It is marked by the Blue Screen of Death (BSOD) displaying the message “KERNELSECURITYCHECK_FAILURE” and stop code 0x139. Causes include outdated or incompatible drivers, corrupted system files, faulty RAM, disk errors, third-party software conflicts, faulty Windows updates, overclocking, and malware threats. Common fixes involve updating Windows and drivers, scanning for corrupted files, using Check Disk (CHKDSK), running Windows Memory Diagnostic, and performing System Restore. If unresolved, a clean installation of Windows may be necessary. Regular updates and avoiding unnecessary software installations can help prevent future occurrences.

Winsage

February 11, 2026

Microsoft fixes six actively exploited flaws in latest Windows 11 update

Microsoft's February 2026 Patch Tuesday addressed 59 vulnerabilities in Windows 11, with six confirmed as actively exploited. The most critical vulnerability is CVE-2026-21510, a Windows Shell security feature bypass with a CVSS rating of 8.8, allowing attackers to evade warnings by tricking users into opening malicious files. Another significant vulnerability, CVE-2026-21513, also rated at 8.8, affects MSHTML and allows remote attackers to bypass execution prompts through malicious code in HTML or shortcut files. CVE-2026-21514 impacts Microsoft Word and enables adversaries to disable OLE mitigations, posing risks through document-based attacks. Two local privilege escalation vulnerabilities are CVE-2026-21519 in Desktop Window Manager and CVE-2026-21533 in Windows Remote Desktop Services, with CVSS scores of 7.8. CVE-2026-21525 is a denial-of-service vulnerability in Remote Access Connection Manager. The update includes 53 additional vulnerabilities across various Microsoft products and services, with CVE-2026-21531 in Azure SDK rated at 9.8 and CVE-2026-20841 affecting Windows Notepad rated at 8.8. The cumulative update for Windows 11 (KB5077181) also includes enhancements and resolves WPA3 Wi-Fi connectivity issues. Microsoft reminded users of the June 2026 expiration of Secure Boot certificates, which requires timely updates to ensure secure booting. Users can install the updates via Windows Update.

Tech Optimizer

January 22, 2026

Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware

A large-scale campaign is exploiting the truesight.sys Windows security driver from Adlice Software’s RogueKiller antivirus to disable endpoint detection and response (EDR) and antivirus solutions, facilitating the deployment of ransomware and remote access malware. This attack utilizes over 2,500 validly signed variants of the driver, allowing attackers to manipulate legacy driver signing rules to load pre-2015 signed drivers on Windows 11 machines. The vulnerable TrueSight driver exposes an IOCTL command that enables attackers to terminate security processes, providing them with kernel-level access to bypass user-mode protections. The infection chain typically starts with phishing emails or compromised sites, leading to the installation of a downloader that retrieves additional malicious components. The malware establishes persistence and deploys an EDR killer module targeting nearly 200 security products. Once defenses are disabled, the final payload, often a remote access trojan or ransomware, executes with minimal visibility, completing the attack in as little as 30 minutes.

Winsage

January 20, 2026

Microsoft veteran explains the one weird trick that made Windows 95 restart faster

Microsoft's Raymond Chen discussed the "Shift during Restart" trick in Windows 95, which allowed users to bypass a lengthy reboot process. This was achieved by sending the EW_RESTARTWINDOWS flag to the 16-bit ExitWindows function, leading to a series of shutdowns involving the 16-bit Windows kernel and the 32-bit virtual memory manager. The CPU would then revert to real mode, allowing win.com to take control and initiate protected-mode Windows. Chen explained that .com files are allocated all available conventional memory upon launch, which can be returned to the system. Win.com efficiently releases excess memory, but if another program occupies that space, memory fragmentation can occur, preventing win.com from restoring the system and resulting in a full reboot. This engineering solution provided a smoother user experience, contrasting with modern Windows users who face disruptive update notifications.

Winsage

January 1, 2026

Windows Reborn: Microsoft Moves Copilot into the Kernel, Launching the Era of the AI-Native OS

Microsoft is transitioning its Windows operating system to an "AI-native" platform, embedding AI capabilities directly into the Windows kernel, marking a significant architectural shift not seen in three decades. This new approach, called the "Agentic OS," allows AI to manage files, system settings, and workflows proactively. The updated kernel, partially rewritten in Rust, includes a new NPU-aware scheduler that treats the Neural Processing Unit as a primary resource. Microsoft has introduced "Agent Workspace" and "Agent Accounts" for autonomous agents, ensuring actions are logged and audited for compliance. Communication between agents and the system is facilitated by the Model Context Protocol (MCP). Hardware requirements for the new OS have increased, with benchmarks set for NPUs achieving 80 to 100 TOPS. Major PC manufacturers are adjusting their portfolios to accommodate "Agentic PCs." The competitive landscape is evolving, with companies like Alphabet and Apple developing their own AI-native platforms. The introduction of the AI-native kernel raises privacy and security concerns, with Microsoft implementing measures to restrict third-party access to the kernel. Future updates may include "self-healing" capabilities and "Cross-Device Agency," leading to a more integrated personal AI experience.

Winsage

December 28, 2025

Microsoft puts the brakes on speculation about a full Rust port of Windows

Microsoft has clarified that its initiative to explore migrating C and C++ codebases to Rust is primarily a research project, not a definitive plan to rewrite Windows in Rust by 2030. The company has been integrating Rust into specific areas of its operations, particularly in newer versions of Windows 11, to enhance security without overhauling existing systems. Microsoft has incorporated certain components of the Windows kernel in Rust but has not announced plans for a full migration of all kernel and user-space components. The project aims to develop tools for efficient analysis and partial automation of transferring large codebases to other programming languages, with AI-supported processes involved. Assertions that this research will lead to a complete Rust version of Windows are unsubstantiated.

Winsage

December 25, 2025

Microsoft engineer clarifies post on eliminating C, C++ languages: Windows is…

A Microsoft distinguished engineer, Galen Hunt, clarified that a project aimed at rewriting parts of Microsoft's code using AI and Rust is strictly research-focused and not an official plan to phase out C and C++ from Windows by 2030. His team is developing technology for large-scale code migration between programming languages, aiming for "1 engineer, 1 month, 1 million lines of code." This project is part of Microsoft's Future of Scalable Software Engineering group and is not a roadmap for Windows 11 or future versions. Microsoft has been integrating Rust into its products, including rewriting segments of the Windows kernel in 2023, as part of its commitment to adopting memory-safe programming languages.

Winsage

December 25, 2025

Microsoft engineer clarifies post on eliminating C, C++ languages: Windows is…

A Microsoft engineer, Galen Hunt, clarified that his earlier statements about phasing out all C and C++ code by 2030 were misinterpreted. He emphasized that the initiative he discussed is a research project focused on developing technology for large-scale code migration between programming languages, not a definitive plan for Windows. The goal of the project is to enable "1 engineer, 1 month, 1 million lines of code" using AI agents and algorithmic infrastructure. Hunt's team is looking for a Principal Software Engineer with Rust experience to assist in this research. Microsoft has been integrating Rust into its products, including rewriting parts of the Windows kernel in Rust, as it aims to improve security and reduce programming errors. However, Hunt noted that Rust is not necessarily the final destination for all Microsoft code.

Winsage

December 24, 2025

Microsoft engineer says Windows isn’t being rewritten to Rust with AI

Galen Hunt, a Distinguished Engineer at Microsoft, has proposed a plan to phase out all C and C++ code within the company, emphasizing that this initiative is focused on developing technologies for smoother transitions between programming languages rather than a complete rewrite of Windows in Rust. Microsoft aims to eliminate technical debt and address memory-related vulnerabilities, which account for about 70 percent of vulnerabilities in its products, by adopting Rust, a language known for its memory safety features. The company is leveraging advanced tooling and AI to facilitate the transition, and Hunt is seeking a Principal Software Engineer with Rust expertise to support these efforts. Microsoft’s commitment to Rust reflects a broader trend of increasing adoption of the language, with significant growth in enterprise settings. Major tech companies are also integrating Rust into their infrastructure, highlighting its importance for critical systems.