Windows security Archives

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 10, 2026

Windows 11 Settings You Should Change in 2026：A 9-Point Speed, Privacy, and Security Checklist

On June 9, 2026, Microsoft released a major security update addressing around 200 vulnerabilities, including three critical zero-day exploits. This update coincides with the expiration of Secure Boot certificates that have been in place since 2011. Users are advised to review their Windows 11 settings to ensure security and optimization during this transition. Key actions include installing the June update, enabling faster delivery of updates, turning on Core Isolation memory integrity, activating Controlled folder access against ransomware, confirming drive encryption, disabling the advertising ID, minimizing diagnostic data, auditing camera and microphone permissions, disabling unnecessary startup applications, enabling Storage Sense, adjusting power mode settings, and tuning visual effects for better performance.

Winsage

June 10, 2026

Microsoft releases Windows 10 KB5094127 extended security update

Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.

Winsage

June 9, 2026

Troubleshoot common Windows 11 Pro security alerts and what to do next

Windows 11 Pro includes a suite of security features under Windows Security, which continuously protects the PC. Common security alerts include: 1. "Turn on virus protection" or "Real-time protection is off" alerts: These occur after installing or removing a third-party antivirus. To restore protection, open Windows Security, select Turn on in the Virus & threat protection section, and confirm. 2. "Threat found" or "Threat found - action needed" alerts: Indicate that Windows Defender has detected a potential threat. To manage these, open Windows Security, navigate to Virus & threat protection, click on Protection history, select Threat blocked, and use the Actions dropdown to quarantine or allow the file. 3. "Threat quarantined" or "Threat blocked" alerts: A Threat quarantined alert means a file is isolated for review, while a Threat blocked alert indicates successful removal by Defender. Investigate how the threat entered the system. 4. SmartScreen alerts: SmartScreen protects against malicious websites and downloads. If a threat is identified, a red warning page appears. Users can report the site as safe or proceed at their own risk. Blocked downloads can be managed in Edge's Downloads menu. 5. "This app has been blocked" alerts: Smart App Control prevents the installation of untrusted applications. Disabling this feature should only be done if the application is deemed safe. Settings can be found under Windows Security > App & browser control > Smart App Control settings.

Winsage

June 8, 2026

Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

Microsoft has rolled out new Defender patches for Windows 11 ISOs, aligning with its commitment to security updates. Updates for Microsoft Defender for Endpoint's endpoint detection and response (EDR) will no longer be included with monthly Windows security updates or Patch Tuesdays; they will now be delivered via Microsoft Update. This change aims to allow faster deployment of EDR enhancements independently of the operating system's update cycle. The rollout for Windows 10 began in late May 2026, with plans to extend support to Windows 11 and other versions by fall 2026. EDR updates will be delivered using KB5005292, contingent on prerequisite updates. Systems must run Sense version 10.8798.25857.1000 or later and have specific Windows updates installed to qualify for the new delivery method. Organizations should align their update policies with this new approach before the broader rollout. In case of significant issues, the EDR update can be reverted using a specific command. Further details are available in the Microsoft 365 Admin Center under message ID MC1381119.

Tech Optimizer

June 8, 2026

What Is OneLaunch.exe? Pros, Cons, and How to Remove It

OneLaunch is a software application that creates a personalized dock and desktop environment on Windows computers, often pre-installed or bundled with other software. It has received mixed reviews, with concerns about system slowdowns and its legitimacy. OneLaunch.exe is a background process supporting the OneLaunch application, which provides quick access to applications and updates but can consume system resources. The OneLaunch browser, installed alongside the main application, can alter browser settings and redirect searches, potentially leading to unwanted advertisements. While OneLaunch is not classified as traditional malware, it is often categorized as a Potentially Unwanted Program (PUP) due to its bundled installation and ability to modify system settings. It can monitor browsing habits and share data with third-party advertisers. Users report intrusive behavior, such as altering default browser settings, and it can negatively impact system performance. To remove OneLaunch, users should end the running process, uninstall the application, delete leftover folders, remove startup entries, and reset browser settings. OneLaunch may reappear due to accidental reinstallations, active browser extensions, lingering scheduled tasks, or hidden companion programs. Preventative measures include downloading from official sources, reading installation screens carefully, keeping systems updated, and performing regular system checks.

Tech Optimizer

June 5, 2026

Microsoft quietly deletes Windows 11 guide that claimed you don’t need third-party antivirus

In April 2026, a blog post from Microsoft's Windows Learning Center claimed that most Windows 11 users could rely solely on Windows Security (Defender) for antivirus protection, citing features like Microsoft Defender Antivirus, SmartScreen, and ransomware mitigation. The blog was later removed without explanation, leading to speculation about its definitive claims. Microsoft stated that Windows Defender was sufficient for typical users with default settings and regular updates, while cautioning against using multiple antivirus engines. Independent testing from AV-Test consistently ranks Microsoft Defender highly, but AV-Comparatives noted limitations in offline protection and the reliance on cloud-based intelligence. The blog's removal was viewed by some as a constructive step towards realistic security guidance. Microsoft continues to provide third-party antivirus vendors with significant access to Windows, and the rise of AI-generated threats is complicating the cybersecurity landscape. Despite the controversies, Microsoft has made significant advancements in Windows Security, making it a viable option for many users.

Winsage

June 3, 2026

Build 2026: Furthering Windows as the trusted platform for development

Build is an annual event focused on connecting with the global developer community and sharing innovations. Feedback from developers emphasizes the need for a frictionless and adaptable platform for seamless development across various environments. Key announcements include: - Coreutils for Windows: A suite of Linux-like command line utilities available natively on Windows. - WSL containers: A forthcoming public preview feature for creating and interacting with Linux containers. - Windows Development Skills: Structured knowledge for building native Windows apps using WinUI3 and WinApp CLI, now generally available. - Intelligent Terminal: An experimental feature integrating context-aware intelligence into the terminal for improved debugging and task execution. - Windows Developer Configurations: A WinGet-powered setup for distraction-free development, now generally available. - Windows 365 with Developer Configuration: A pre-configured cloud-based development environment in public preview. For security, the announcements include: - Microsoft Execution Containers (MXC) SDK: A policy-driven execution layer for agent access and containment, available in early preview. - Agent 365 integration: Enhances security for agents with protections from Defender, Entra, Intune, and Purview, available in preview. - OpenClaw: Runs securely on Windows using MXC for easy installation of agent connections. - NVIDIA's OpenShell: A deployment package for autonomous agents on Windows, built on MXC. - Windows 365 for Agents: Secure Cloud PCs for executing enterprise workflows, now generally available. For AI capabilities: - Aion 1.0 Instruct: An on-device small language model for local workloads, available soon. - Expanded Windows AI APIs: Now accessible on more Windows 11 PCs, enhancing local AI capabilities. - Surface RTX Spark Dev Box: A device for developers featuring NVIDIA RTX Spark silicon for local AI workloads. - DGX Station for Windows: A powerful AI supercomputer for developing agents, coming in Q4. - Project Solara: A platform for agent-driven experiences, simplifying development across environments. - New Speech Recognition API: Real-time, on-device transcription capabilities. - Expansion of Windows AI APIs across GPUs and CPUs: Now available for broader hardware support. Windows is enhancing its security framework to reduce risks and ensure robust protection for applications.

Tech Optimizer

June 2, 2026

Microsoft no longer claims that Windows 11 has all the protection that you need

In April, Microsoft published a blog post discussing the security features of Windows 11, emphasizing that its built-in protections, such as Microsoft Defender Antivirus and SmartScreen, may eliminate the need for third-party antivirus solutions for many users. The blog highlighted that adequate security could be maintained with default settings, regular updates, and intentional software downloads. However, it also noted that users with specific needs, like managing multiple devices or requiring additional features, might still consider third-party software. The blog post was removed from the Microsoft Learning Center without formal announcement, raising questions about the company's communication strategy.