Windows security Archives

Winsage

June 21, 2026

Microsoft reveals how to verify Windows 11’s Secure Boot update, what to do if your PC missed it

The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.

Winsage

June 15, 2026

Microsoft released the Windows 11 Secure Boot update for all PCs, how to verify yours

Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 10, 2026

Windows 11 Settings You Should Change in 2026：A 9-Point Speed, Privacy, and Security Checklist

On June 9, 2026, Microsoft released a major security update addressing around 200 vulnerabilities, including three critical zero-day exploits. This update coincides with the expiration of Secure Boot certificates that have been in place since 2011. Users are advised to review their Windows 11 settings to ensure security and optimization during this transition. Key actions include installing the June update, enabling faster delivery of updates, turning on Core Isolation memory integrity, activating Controlled folder access against ransomware, confirming drive encryption, disabling the advertising ID, minimizing diagnostic data, auditing camera and microphone permissions, disabling unnecessary startup applications, enabling Storage Sense, adjusting power mode settings, and tuning visual effects for better performance.

Winsage

June 10, 2026

Microsoft releases Windows 10 KB5094127 extended security update

Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.

Winsage

June 9, 2026

Troubleshoot common Windows 11 Pro security alerts and what to do next

Windows 11 Pro includes a suite of security features under Windows Security, which continuously protects the PC. Common security alerts include: 1. "Turn on virus protection" or "Real-time protection is off" alerts: These occur after installing or removing a third-party antivirus. To restore protection, open Windows Security, select Turn on in the Virus & threat protection section, and confirm. 2. "Threat found" or "Threat found - action needed" alerts: Indicate that Windows Defender has detected a potential threat. To manage these, open Windows Security, navigate to Virus & threat protection, click on Protection history, select Threat blocked, and use the Actions dropdown to quarantine or allow the file. 3. "Threat quarantined" or "Threat blocked" alerts: A Threat quarantined alert means a file is isolated for review, while a Threat blocked alert indicates successful removal by Defender. Investigate how the threat entered the system. 4. SmartScreen alerts: SmartScreen protects against malicious websites and downloads. If a threat is identified, a red warning page appears. Users can report the site as safe or proceed at their own risk. Blocked downloads can be managed in Edge's Downloads menu. 5. "This app has been blocked" alerts: Smart App Control prevents the installation of untrusted applications. Disabling this feature should only be done if the application is deemed safe. Settings can be found under Windows Security > App & browser control > Smart App Control settings.

Winsage

June 8, 2026

Microsoft making much needed change to Windows 11, 10 Patch Tuesday security updates

Microsoft has rolled out new Defender patches for Windows 11 ISOs, aligning with its commitment to security updates. Updates for Microsoft Defender for Endpoint's endpoint detection and response (EDR) will no longer be included with monthly Windows security updates or Patch Tuesdays; they will now be delivered via Microsoft Update. This change aims to allow faster deployment of EDR enhancements independently of the operating system's update cycle. The rollout for Windows 10 began in late May 2026, with plans to extend support to Windows 11 and other versions by fall 2026. EDR updates will be delivered using KB5005292, contingent on prerequisite updates. Systems must run Sense version 10.8798.25857.1000 or later and have specific Windows updates installed to qualify for the new delivery method. Organizations should align their update policies with this new approach before the broader rollout. In case of significant issues, the EDR update can be reverted using a specific command. Further details are available in the Microsoft 365 Admin Center under message ID MC1381119.

Tech Optimizer

June 8, 2026

What Is OneLaunch.exe? Pros, Cons, and How to Remove It

OneLaunch is a software application that creates a personalized dock and desktop environment on Windows computers, often pre-installed or bundled with other software. It has received mixed reviews, with concerns about system slowdowns and its legitimacy. OneLaunch.exe is a background process supporting the OneLaunch application, which provides quick access to applications and updates but can consume system resources. The OneLaunch browser, installed alongside the main application, can alter browser settings and redirect searches, potentially leading to unwanted advertisements. While OneLaunch is not classified as traditional malware, it is often categorized as a Potentially Unwanted Program (PUP) due to its bundled installation and ability to modify system settings. It can monitor browsing habits and share data with third-party advertisers. Users report intrusive behavior, such as altering default browser settings, and it can negatively impact system performance. To remove OneLaunch, users should end the running process, uninstall the application, delete leftover folders, remove startup entries, and reset browser settings. OneLaunch may reappear due to accidental reinstallations, active browser extensions, lingering scheduled tasks, or hidden companion programs. Preventative measures include downloading from official sources, reading installation screens carefully, keeping systems updated, and performing regular system checks.

Tech Optimizer

June 5, 2026

Microsoft quietly deletes Windows 11 guide that claimed you don’t need third-party antivirus

In April 2026, a blog post from Microsoft's Windows Learning Center claimed that most Windows 11 users could rely solely on Windows Security (Defender) for antivirus protection, citing features like Microsoft Defender Antivirus, SmartScreen, and ransomware mitigation. The blog was later removed without explanation, leading to speculation about its definitive claims. Microsoft stated that Windows Defender was sufficient for typical users with default settings and regular updates, while cautioning against using multiple antivirus engines. Independent testing from AV-Test consistently ranks Microsoft Defender highly, but AV-Comparatives noted limitations in offline protection and the reliance on cloud-based intelligence. The blog's removal was viewed by some as a constructive step towards realistic security guidance. Microsoft continues to provide third-party antivirus vendors with significant access to Windows, and the rise of AI-generated threats is complicating the cybersecurity landscape. Despite the controversies, Microsoft has made significant advancements in Windows Security, making it a viable option for many users.