Windows Recovery

Winsage
June 30, 2026
Microsoft has released three optional updates for Windows 11: KB5095186, KB5095615, and KB5102558. - KB5095186 is for Windows 11 26H1 on Snapdragon X2 systems and upgrades the Windows recovery environment (WinRE) to version 10.0.28000.2335. - KB5095615 also improves the WinRE, updating it to version 10.0.26100.8737. - KB5102558 refines Windows setup binaries and related files for feature updates. These updates can be accessed through Windows Update in the Settings app, and no restart is required after installation.
Winsage
June 28, 2026
Microsoft released a preview update identified as C-release under KB5095093, along with new dynamic updates to enhance the Windows experience. Dynamic updates refine the Windows Recovery process and improve the setup experience by updating the Windows Recovery Environment (WinRE) and Setup file binaries. These updates ensure a smoother transition during upgrades and preserve Language Pack (LP) and Features on Demand (FODs) content. The updates include: - KB5095186: Safe OS Dynamic Update for Windows 11, version 26H1, enhancing WinRE to version 10.0.28000.2335. - KB5102558: Setup Dynamic Update for Windows 11, versions 24H2 and 25H2, improving setup binaries and files for feature updates. - KB5095615: Safe OS Dynamic Update for Windows 11, versions 24H2 and 25H2, enhancing WinRE to version 10.0.26100.8737. These updates will be automatically downloaded and installed through the Windows Update channel.
Winsage
June 24, 2026
Point-in-time restore is a new feature for Windows 11 that allows administrators to revert systems to a previous stable state, streamlining recovery from issues like problematic updates or software conflicts. It automatically generates restore points every 24 hours, retaining them for up to 72 hours and using a maximum of 2 percent of disk space. This feature is available on Windows 11 version 24H2 and later across all editions, including Enterprise, Pro, and Home. Administrators can initiate the restore process through the Windows Recovery Environment (Windows RE) by selecting a restore point. Future enhancements will include remote restore capabilities through Microsoft Intune.
Winsage
June 15, 2026
A cybersecurity researcher known as “Nightmare Eclipse” has revealed two zero-day exploits threatening Windows systems: RoguePlanet and GreatXML. RoguePlanet targets Microsoft Defender, allowing attackers to execute privileged actions and gain SYSTEM-level access on Windows machines. It is a local privilege escalation vulnerability that remains effective on fully updated systems. GreatXML claims to bypass BitLocker disk encryption by manipulating the Windows Recovery Environment, potentially granting access to protected files. However, its effectiveness may be overstated, as it might require administrator-level access. Microsoft advises organizations to implement security updates, treat lost or accessible devices as high-risk, enforce stricter policies, and monitor threat intelligence to mitigate exposure to these vulnerabilities.
Winsage
June 14, 2026
Microsoft released Patch Tuesday updates KB5094126 and KB5093998 for Windows 11, and KB5094127 for Windows 10. New Dynamic Update packages were introduced to enhance user experience by preserving Language Pack and Features on Demand content during upgrades. The updates include: - KB5095185: Safe OS Dynamic Update for Windows 11, version 26H1, improving WinRE to version 10.0.28000.2269. - KB5094149: Safe OS Dynamic Update for Windows 11, versions 24H2 and 25H2, enhancing WinRE to version 10.0.26100.8655. - KB5095971: Setup Dynamic Update for Windows 11, version 23H2, refining setup binaries for feature updates. - KB5094156: Safe OS Dynamic Update for Windows 11, version 23H2, improving WinRE to version 10.0.22621.7219. - KB5098815: Windows Recovery Environment update for Windows 10, versions 21H2 and 22H2, applying Safe OS Dynamic Update (KB5094154) to WinRE. - KB5094154: Safe OS Dynamic Update for Windows 10, versions 21H2 and 22H2, enhancing WinRE to version 10.0.19041.7417. - KB5094153: Safe OS Dynamic Update for Windows 10, version 1809 and Windows Server 2019, improving WinRE to version 10.0.17763.8880. - KB5094152: Safe OS Dynamic Update for Windows 10, version 1607 and Windows Server 2016, enhancing WinRE to version 10.0.14393.9234. These updates will be automatically downloaded and installed via the Windows Update channel.
Winsage
June 12, 2026
Nightmare-Eclipse, also known as Chaotic-Eclipse, has introduced two new exploits: RoguePlanet and GreatXML. RoguePlanet exploits a vulnerability in Windows Defender, allowing attackers to gain SYSTEM user access privileges by tricking a user into executing a script. This access enables attackers to execute commands beyond standard Administrator capabilities, siphon sensitive data, and install malware. GreatXML provides a method for bypassing BitLocker encryption by creating a specially crafted "unattend.xml" file and a "Recovery" directory on the Windows recovery partition. Microsoft has shifted its stance from threatening legal action against Eclipse and is now monitoring the situation, while Eclipse has postponed a planned mass disclosure of zero-day Windows vulnerabilities initially set for July 14 due to delays in developing RoguePlanet.
Winsage
June 11, 2026
Security researcher Chaotic Eclipse has released a Windows BitLocker bypass tool named GreatXML, following a previously disclosed exploit targeting Microsoft Defender. The discovery was made accidentally and took four hours. A critical vulnerability exists for users who have used the Windows Defender Offline Scan feature, making them susceptible to the BitLocker bypass. The exploit involves copying an XML file and a recovery folder to the recovery partition and rebooting into the Windows Recovery Environment (WinRE). If the Defender offline scan was not initiated, users must log in to start it or find a way to boot into WinRE in offline scan state. GreatXML is the second BitLocker bypass tool released by Chaotic Eclipse, following the earlier exploit known as YellowKey (CVE-2026-45585), which has been patched by Microsoft.
Winsage
June 9, 2026
Microsoft's June 2026 Patch Tuesday updates for Windows 11 include enhancements for versions 25H2, 24H2, and the new 26H1, which is designed for new PCs with Qualcomm ARM chips. Key features of the update include: - Shared audio allowing two users to listen to the same audio stream via Bluetooth LE audio accessories. - NPU usage displayed in Task Manager for devices with NPUs, including optional columns for NPU and NPU Engine. - Multi-App Camera support enabling multiple applications to access the camera stream simultaneously. - Improvements to the Magnifier feature for clearer announcements and support for magnifying protected content. - Customizable user folder names during setup. - Optimized Windows Search functionality for locating local files with just two characters. - Performance enhancements through a “Low Latency Profile” for faster app launches and core shell experiences. The update also addresses a BitLocker security bypass vulnerability (CVE‑2026‑45585) that could allow attackers to circumvent BitLocker Device Encryption. The KB5095051 patch for version 26H1 includes support for shared audio over Bluetooth LE and features from the previous month's update, such as Xbox mode and expanded archiving support in File Explorer.
Search