Windows operating systems Archives

Winsage

April 18, 2026

RedSun: Windows 0day when Defender becomes the attacker

A vulnerability has been discovered in Windows Defender that allows standard users to exploit a logic error in the file remediation process, enabling code execution with elevated privileges without administrative access. This flaw, identified by security researcher Chaotic Eclipse, occurs because Windows Defender does not verify if the restoration location of flagged files has been altered through a junction point. The exploit, named RedSun, takes advantage of a missing validation in the MpSvc.dll file, allowing attackers to redirect file restoration to the C:WindowsSystem32 directory. RedSun operates by chaining together four legitimate Windows features: Opportunistic Locks (OPLOCKs), Cloud Files API, Volume Shadow Copy Service (VSS), and Junction Points. The execution of the exploit involves monitoring shadow copies, triggering Defender's detection, synchronizing OPLOCKs, and ultimately writing malicious binaries to the System32 directory. The root cause is the lack of reparse point validation in the restoration process, and currently, no patch or CVE has been assigned for this vulnerability. It affects Windows 10, Windows 11, and Windows Server 2019 and later, and organizations are advised to implement behavioral detection strategies until a fix is available.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A researcher known as “Chaotic Eclipse” has revealed a new zero-day vulnerability in Microsoft Defender, called “RedSun,” which allows local privilege escalation to SYSTEM privileges on Windows 10, Windows 11, and Windows Server when Microsoft Defender is enabled. The exploit has been confirmed to function correctly, and some antivirus vendors have begun detecting it. This follows another vulnerability disclosure by the same researcher, named BlueHammer, which also allows local attackers to elevate permissions. Chaotic Eclipse expressed dissatisfaction with Microsoft’s handling of vulnerability disclosures, claiming they were threatened and experienced frustration with the company’s response. A Microsoft spokesperson stated the company is committed to investigating reported security issues and supports coordinated vulnerability disclosure.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

Winsage

April 10, 2026

Microsoft says Windows’ Secure Lock screen clock deliberately runs up to 30 seconds behind

Users have reported that the clock on the Secure Lock screen of Windows operating systems can lag by up to 30 seconds behind the actual time. Microsoft clarified that this behavior is an intentional design choice, as the Secure Lock screen operates on the Winlogon secure desktop under the SYSTEM account, causing the clock to refresh every 30 seconds. Other time-dependent functions in the system maintain accurate timekeeping. Microsoft has no plans to change this behavior, stating that it is a quirky feature of the Windows experience.

Winsage

March 29, 2026

Samsung Browser now available on Windows operating system

Samsung has launched its web browser for Windows operating systems, expanding from its previous availability on smartphones. The browser allows users to switch seamlessly between mobile devices and Windows computers, with automatic synchronization of bookmarks, browsing history, and open tabs. It is available for Windows 10 and Windows 11 (version 1809 or later) and includes AI-powered features, though some are currently limited to users in South Korea and the United States. One notable feature is the 'Agentic AI' assistant, which can understand natural language queries and analyze web pages to provide relevant information.

Winsage

March 24, 2026

Linux or Windows? How Having Many Operating System Choices Makes Switching Easier on Dedicated Hosting

The choice between Linux and Windows operating systems can significantly impact business operations, influenced by factors such as cost, performance, management, security, and best use cases. Linux is free to use and has lower long-term costs due to its open-source nature, while Windows incurs licensing fees. Linux efficiently utilizes system resources, whereas Windows may consume more resources but can enhance functionality for businesses reliant on Microsoft tools. Linux offers extensive control through command-line interfaces, while Windows provides a user-friendly graphical interface. Security in Linux is supported by a robust permissions system and rapid updates, while Windows offers built-in security measures and centralized updates. Linux is preferred for web hosting and development, particularly with PHP and MySQL, while Windows is favored in enterprise settings using .NET and MSSQL. A multi-cloud strategy is increasingly adopted, with 89% of enterprises planning to implement it by 2025. In 2025, Linux holds 44.25% of the server OS market share, while Windows has a compound annual growth rate of 9.62%. When choosing an operating system, organizations should consider current requirements, future needs, and the ease of switching without significant downtime or complications.

Winsage

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. has released security updates addressing at least 77 vulnerabilities across its Windows operating systems and various software applications. Key vulnerabilities include: - CVE-2026-21262: Allows an attacker to elevate privileges on SQL Server 2016 and later, with a CVSS v3 base score of 8.8. - CVE-2026-26127: Affects applications running on .NET, potentially leading to denial of service. - CVE-2026-26113 and CVE-2026-26110: Remote code execution flaws in Microsoft Office exploitable by viewing malicious messages in the Preview Pane. - CVE-2026-24291, CVE-2026-24294, CVE-2026-24289, and CVE-2026-25187: Privilege escalation vulnerabilities rated CVSS 7.8. - CVE-2026-21536: A critical remote code execution bug identified by an AI agent, marking a shift toward AI-driven vulnerability discovery. Additionally, Microsoft previously addressed nine browser vulnerabilities and issued an out-of-band update on March 2 for Windows Server 2022. Adobe has released updates for 80 vulnerabilities across its products, and Mozilla Firefox version 148.0.2 has resolved three high-severity CVEs.

Winsage

March 6, 2026

Windows Server 2025 Native NVMe: Storage Stack Overhaul and Benchmark Results

On December 15, 2025, Microsoft announced native NVMe support in Windows Server 2025, marking a significant evolution in data management and access. The new architecture replaces Disk.sys with NVMeDisk.sys, allowing direct communication from the filesystem to hardware via StorMQ, eliminating latency and enhancing performance. Testing revealed increased read speeds, particularly in random 4K and 64K benchmarks, with significant reductions in average read latency and lower CPU usage during sequential operations. Write operations showed modest improvements. A registry modification is required to enable this feature, and caution is advised due to potential complications with NVMe drives when deduplication is enabled.

Winsage

March 3, 2026

New Defender deployment tool streamlines Windows device onboarding with single executable

Microsoft has enhanced its Defender deployment tool for Windows to streamline the onboarding process for device security management. The tool now features improved progress visibility and additional administrative controls, consolidating onboarding files into a single downloadable .exe file for both modern and legacy systems. It supports silent and non-interactive options for large-scale deployments, integrates with Group Policy or Configuration Manager, and allows for custom package identifiers. Administrators can monitor deployment events through the device timeline and advanced hunting tabs for real-time insights. The updated tool is accessible via Settings > Endpoints > Onboarding > Windows and extends support to Linux. Comprehensive onboarding and offboarding guides are available on the Defender portal.

Winsage

February 22, 2026

Download KRNL On Windows 8: A Simple Guide

KRNL is an exploit for the Roblox gaming platform that allows users to execute custom scripts to enhance gameplay. It is compatible with various Windows operating systems, including Windows 8, but compatibility issues may arise due to specific system configurations or outdated drivers. To prepare a Windows 8 system for KRNL, users should disable antivirus software temporarily, ensure the latest version of DirectX is installed, update graphics drivers, and create a system restore point. To download KRNL, users should find a reliable source, download the installer, extract files if necessary, run the installer, and complete the installation process. Common issues include KRNL not opening, DLL errors, crashing issues, and script execution problems, which can often be resolved by running as an administrator, reinstalling, updating drivers, or checking script syntax. For safety, users should download KRNL from trusted sources, keep antivirus software active (except during installation), be cautious with scripts, consider using a separate Roblox account for testing, and regularly update KRNL to the latest version.