Windows Server Archives

Winsage

March 17, 2026

Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

Microsoft is implementing a two-phase initiative to disable the hands-free deployment feature in Windows Deployment Services (WDS) due to a critical remote code execution vulnerability (CVE-2026-0386) identified on January 13, 2026. This vulnerability arises from improper access control related to the Unattend.xml file, which is transmitted over an unauthenticated RPC channel, allowing attackers on the same network segment to exploit it. Successful exploitation could grant SYSTEM-level privileges and compromise OS deployment images. The initiative includes: - Phase 1 (January 13, 2026): The hands-free deployment feature will remain operational but can be disabled. New Event Log alerts and registry key controls will be introduced to enforce secure practices. - Phase 2 (April 2026): The hands-free deployment feature will be completely disabled by default for administrators who have not modified registry settings. Administrators can temporarily re-enable the feature by setting AllowHandsFreeFunctionality = 1, but this is not secure. Recommendations include reviewing WDS configurations, applying security updates, setting registry keys for secure behavior, monitoring Event Viewer for alerts, and considering alternative deployment methods. Microsoft’s KB article 5074952 provides further guidance for impacted organizations.

Winsage

March 11, 2026

I tested Windows 11 March 2026 Updates: Everything new, improved, and fixed

Microsoft has rolled out the March 2026 Patch Tuesday update for Windows 11 (KB5079473, Build 26200.8037) and Windows 10, focusing on enhancements and functional upgrades. The update applies to Windows 11 versions 25H2 and 24H2, introducing new features, security enhancements, system fixes, and reliability improvements. Key features include: - Support for Emoji 16.0, allowing users to insert new emojis through the Emoji panel. - Windows Backup restore adapted for organizational use, enabling restoration of user settings and applications during sign-in. - Quick Machine Recovery (QMR) enabled by default on more Windows 11 Pro PCs. - A Bing-powered Internet speed test tool accessible from the taskbar. - Sysmon included as a native component for system activity monitoring. - Support for WebP images as desktop wallpapers. - Remote Server Administration Tools (RSAT) supported on Windows 11 Arm64 devices. - Minor enhancements in Accounts and Camera settings. The update also includes reliability and stability improvements, such as enhanced responsiveness of the Windows Update settings page, improved sign-in screen reliability, and better performance for the Windows printing service. It lays groundwork for Secure Boot certificate updates and addresses BitLocker reliability issues. Additionally, internal AI components have been updated, and a servicing stack update (SSU) has been released to enhance Windows Update infrastructure reliability. Microsoft is also expanding the updated Start menu and battery icons to more devices and warns users about the importance of updating Secure Boot certificates before their expiration in June 2026.

Winsage

March 11, 2026

New Windows-native NVMe driver benchmarks reveal transformative performance gains, up to 64.89% — lightning-fast random reads and breakthrough CPU efficiency

Microsoft's native NVMe driver, initially released for Windows Server 2025, is now available for Windows 11, enhancing SSD performance. Users can achieve performance gains through registry tweaks. Benchmark tests showed significant improvements in random read bandwidth and input/output operations per second (IOPS). In a test with AMD EPYC 9754 processors and Solidigm P5316 SSDs, the following results were observed: - 4K Random Read: Non-Native Driver 6.1 GiB/s, Native Driver 10.058 GiB/s (+64.89%) - 64K Random Read: Non-Native Driver 74.291 GiB/s, Native Driver 91.165 GiB/s (+22.71%) - 64K Sequential Read: Non-Native Driver 35.596 GiB/s, Native Driver 35.623 GiB/s (+0.08%) - 128K Sequential Read: Non-Native Driver 86.791 GiB/s, Native Driver 92.562 GiB/s (+6.65%) - 64K Sequential Write: Non-Native Driver 44.67 GiB/s, Native Driver 50.087 GiB/s (+12.13%) - 128K Sequential Write: Non-Native Driver 50.477 GiB/s, Native Driver 50.079 GiB/s (-0.79%) Random read latency decreased significantly, with 4K and 64K read times dropping by 38.46% and 13.39%, respectively. However, 64K sequential write latency increased by 39.85%, while 128K sequential write latency rose by 12.43%. The NVMe driver also showed favorable CPU usage results during sequential read and write operations. It is not enabled by default in Windows 11, requiring users to make registry changes to activate it.

Winsage

March 11, 2026

How to disable Hyper-V for Windows 11

Microsoft's Hyper-V is a hardware virtualization platform integrated into Windows 11 Professional, Enterprise, and Education editions, allowing users to host multiple virtual machines (VMs) on a single computer. It operates using a type 1 hypervisor directly on hardware, enabling VMs to share resources like CPU, memory, and storage. Hyper-V includes features such as dynamic memory allocation, software-defined networking, and saved checkpoints. IT administrators may need to disable Hyper-V due to compatibility issues with third-party virtualization software, high-precision applications, or driver conflicts. Disabling Hyper-V can also affect security features reliant on it, such as virtualization-based security (VBS) and Device Guard. Methods to disable Hyper-V include: 1. Using the Windows Features dialog. 2. Executing a PowerShell command: Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All, HypervisorPlatform, VirtualMachinePlatform. 3. Running a DISM command:

dism /Online /Disable-Feature /FeatureName:Microsoft-Hyper-V-All /FeatureName:HypervisorPlatform /FeatureName:VirtualMachinePlatform

. 4. Using the bcdedit command: bcdedit /set hypervisorlaunchtype off. 5. Modifying Group Policy to disable VBS. 6. Editing the Windows Registry to disable VBS or Credential Guard. For multiple managed computers, administrators can create and execute a PowerShell script or use Group Policy Objects to streamline the process. Testing in a controlled environment is recommended to ensure desired outcomes without compromising security or functionality.

Winsage

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. has released security updates addressing at least 77 vulnerabilities across its Windows operating systems and various software applications. Key vulnerabilities include: - CVE-2026-21262: Allows an attacker to elevate privileges on SQL Server 2016 and later, with a CVSS v3 base score of 8.8. - CVE-2026-26127: Affects applications running on .NET, potentially leading to denial of service. - CVE-2026-26113 and CVE-2026-26110: Remote code execution flaws in Microsoft Office exploitable by viewing malicious messages in the Preview Pane. - CVE-2026-24291, CVE-2026-24294, CVE-2026-24289, and CVE-2026-25187: Privilege escalation vulnerabilities rated CVSS 7.8. - CVE-2026-21536: A critical remote code execution bug identified by an AI agent, marking a shift toward AI-driven vulnerability discovery. Additionally, Microsoft previously addressed nine browser vulnerabilities and issued an out-of-band update on March 2 for Windows Server 2022. Adobe has released updates for 80 vulnerabilities across its products, and Mozilla Firefox version 148.0.2 has resolved three high-severity CVEs.

Winsage

March 6, 2026

Windows 11 is making big changes to printing, because printers are awful

Microsoft is transitioning to a universal printer driver system to address issues related to legacy printer drivers in Windows. Starting with Windows 10 version 21H2, a universal printer driver compatible with Mopria standards has been integrated and is being enhanced through updates. A phased approach to legacy printer drivers will begin in January 2026, when Windows Update will stop allowing new legacy drivers for Windows 11 and Windows Server 2005. Existing drivers for older printers will continue to function. In July 2026, Windows 11 will prioritize the universal driver over legacy drivers, and by July 2027, updates for legacy drivers will be limited to security fixes. There is no set timeline for the complete discontinuation of old printers and their drivers.

Winsage

March 6, 2026

Windows Server 2025 Native NVMe: Storage Stack Overhaul and Benchmark Results

On December 15, 2025, Microsoft announced native NVMe support in Windows Server 2025, marking a significant evolution in data management and access. The new architecture replaces Disk.sys with NVMeDisk.sys, allowing direct communication from the filesystem to hardware via StorMQ, eliminating latency and enhancing performance. Testing revealed increased read speeds, particularly in random 4K and 64K benchmarks, with significant reductions in average read latency and lower CPU usage during sequential operations. Write operations showed modest improvements. A registry modification is required to enable this feature, and caution is advised due to potential complications with NVMe drives when deduplication is enabled.

Winsage

March 5, 2026

Microsoft is fundamentally redesigning NVMe drivers for Windows; initial tests show significant performance shifts

Microsoft is developing a new NVMe storage driver for Windows 11 25H2 and Windows Server 2025, moving away from the existing storNVMe.sys driver to better align with modern I/O mechanisms. This new driver utilizes the IoRing framework to enhance efficiency by allowing the processor to manage multiple storage requests simultaneously, reducing latency and administrative overhead. Initial tests show significant performance improvements in random read accesses, particularly benefiting applications like databases and virtualization systems. However, sequential access performance may be lower due to ongoing optimizations. The new driver is currently in preview and not activated by default, with practical use limited until further refinements are made.

Winsage

March 4, 2026

PoC Exploit Released for Microsoft Windows Error Reporting ALPC Privilege Escalation

A proof-of-concept exploit for CVE-2026-20817, a local privilege escalation vulnerability in the Windows Error Reporting (WER) service, has been released by security researcher oxfemale on GitHub. This vulnerability allows low-privileged users to gain SYSTEM-level access through crafted Advanced Local Procedure Call (ALPC) messages. The flaw is located in the WER service's SvcElevatedLaunch method, which fails to validate caller privileges before executing WerFault.exe with user-supplied command line parameters. The CVSS v3.1 base score for this vulnerability is 7.8, indicating a high severity level. It affects unpatched versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 prior to the January 2026 update. Demonstrations have shown successful exploitation on Windows 11 23H2. Security teams are advised to monitor for unusual processes related to WerFault.exe, investigate missing SeTcbPrivilege in SYSTEM tokens, and review WER-related activities from low-privilege users. Immediate application of the January 2026 security patches is recommended, and a temporary workaround involves disabling the WER service.

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.