Windows Server 2022 Archives

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Winsage

March 27, 2025

Windows Server 2025 updates cause problems

Microsoft has acknowledged a known issue affecting Remote Desktop sessions on Windows Server 2025 systems after the installation of the February 2025 security update (KB5051987), where mouse and keyboard inputs become unresponsive, requiring users to disconnect and reconnect to regain control. A fix is forthcoming in a future Windows update. Additionally, Microsoft has implemented a Known Issue Rollback (KIR) to resolve Remote Desktop and RDS connection challenges related to Windows 11 24H2 updates, which may cause RDP disconnections lasting up to 65 seconds on affected devices. A comprehensive solution for these issues is expected in next month’s cumulative updates.

Winsage

March 26, 2025

New Windows Zero-Day Vulnerability Exposes NTLM Credentials – Unofficial Patch Now Available

A zero-day vulnerability has been identified in the Windows operating system, affecting versions from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2025. This vulnerability allows attackers to obtain NTLM credentials by tricking users into opening malicious files in Windows Explorer. Microsoft has been notified, and while there is no official CVE number yet, an unofficial patch is available through 0patch. The flaw is similar to previous vulnerabilities related to NTLM hash disclosures but has not been widely discussed. To exploit it, attackers need network access to the victim's system or a way to relay stolen credentials. 0patch has created micropatches for all affected Windows versions, which are available for free until Microsoft provides an official fix. This is the fourth zero-day vulnerability reported by 0patch recently, with previous vulnerabilities including those in Windows Theme files and the Mark of the Web issue on Server 2012. 0patch also offers patches for NTLM-related vulnerabilities that Microsoft has classified as “wont fix.” Users can create a free account with 0patch for automatic protection against these vulnerabilities. Micropatches are available for various Windows versions, including both legacy and currently supported systems, and will remain free until an official Microsoft fix is released.

Winsage

March 19, 2025

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Microsoft has identified a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071, with a CVSS score of 7.5. This vulnerability affects various versions of Windows, including Windows 10 (multiple versions), Windows 11 (multiple versions), and Windows Server (multiple versions). Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files containing a malicious SMB path, potentially exposing the user's NTLM hash. Microsoft has released a security patch for supported product versions, and affected users are advised to install it promptly. Users can check their system's vulnerability status by verifying their version and patch information through specific commands.

Winsage

February 14, 2025

Windows Server 2022 KB5051979 released, direct download .msu

The February 2025 security patch for Windows Server 2022, KB5051979, resolves issues with Digital-to-Analog Converter (DAC) devices and USB peripherals that previously displayed error code 10. It upgrades the system to Build 20348.3207, fixing a memory leak related to predictive input ideas and issues with the Device Health Attestation service. The update also addresses crashes related to symbolic links and acknowledges lingering harmless errors from the January 2025 update, specifically concerning the System Guard Runtime Monitor Broker Service. Users of OpenSSH and Citrix may face conflicts due to the January update. Some fixes are also applied to Windows 10 with KB5051974. Additionally, Microsoft has resolved a boot error in Windows Server 2025 and released cumulative updates KB5051989 and KB5051987 for Windows 11.

Winsage

December 10, 2024

Critical Windows Zero-Day Alert: No Patch Available Yet for Users

A newly identified zero-day vulnerability in Windows allows attackers to steal NTLM credentials through methods such as opening a malicious file in Windows Explorer. This vulnerability affects multiple versions of Windows, including Windows Server 2022, Windows 11 (up to v24H2), Windows 10, Windows 7, and Server 2008 R2. The exploitation requires minimal user interaction, such as accessing shared folders or USB disks. In response, 0patch is providing a complimentary micropatch to registered users until Microsoft issues an official fix. The vulnerability is part of a larger trend of unresolved issues in Windows, and cybersecurity experts emphasize the need for enterprises to adopt robust security measures beyond automated patch management.

Winsage

December 6, 2024

Disk Management: How To Free up Disk Space on Windows Server 2022

A reader, referred to as the "Disk Space Detective," is experiencing unexplained disk space depletion on their Windows Server 2022 despite checking for large files, enabling disk quotas, and reviewing logs. They seek advice on potential causes, such as hidden files or misconfigured storage settings. Suggested steps include examining disk configuration, particularly RAID setups, checking for memory dump files, assessing shadow copies for excessive space usage, and looking for orphaned files from Hyper-V virtual machines. If these do not resolve the issue, using a disk space analyzer tool is recommended for further insights.

Winsage

December 6, 2024

0patch uncovers a security vulnerability in all versions of Windows — and releases free fixes

0patch has disclosed a 0day vulnerability affecting all desktop versions of Windows, including Windows Server, identified as a URL File NTLM Hash Disclosure vulnerability. This flaw impacts 21 different editions of the operating system, spanning from Windows 7 and Server 2008 R2 to Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to extract a user's NTLM credentials by having the user open a malicious file in Windows Explorer. 0patch has reported the issue to Microsoft, which has not yet provided a remedy, and has released free micropatches for all affected versions. Users can obtain the micropatch by creating a complimentary account in 0patch Central. The affected Windows editions include both legacy versions and those still receiving updates.

Winsage

December 6, 2024

Critical Windows Zero-Day Vulnerability Lets Attackers Steal Users NTLM Credentials

A significant vulnerability has been discovered that affects all versions of Windows Workstation and Server, from Windows 7 and Server 2008 R2 to Windows 11 (v24H2) and Server 2022. This flaw allows attackers to extract NTLM credentials by tricking users into opening a malicious file in Windows Explorer. The vulnerability can be exploited through shared folders, USB drives, or downloaded files. Researchers have released micropatches for affected systems, including Windows 7, Windows 10 (versions 1803 to 21H2), and fully updated versions of Windows 10 and 11, as well as various Server editions. These micropatches are available at no cost and can be applied without rebooting the system. Organizations can protect themselves by installing these micropatches through the 0patch Agent, which will continue to provide updates for unsupported Windows versions even after Microsoft's end-of-support dates.

Winsage

December 5, 2024

Understand the limitations of running Hyper-V in Windows 11

Organizations can use Hyper-V on Windows 11 to leverage virtualization for local desktops, assisting both end users and IT administrators. Hyper-V is included in Windows 11 Pro and Enterprise editions but is not enabled by default. To activate it, users must access the Control Panel and enable the Hyper-V feature, followed by a system restart. Hyper-V requires processors that support second-level address translation (SLAT) and a minimum of 4 GB of RAM. Limitations of Hyper-V on Windows 11 include the absence of VM clustering, replication, migration, single-root I/O virtualization, and RemoteFX support. Each VM typically requires around 4 GB of memory and at least one CPU core, which can restrict the number of VMs that can be effectively run on endpoint systems with limited resources. Performance can also be affected by various hardware and system architecture factors. To overcome these limitations, users should regularly update Windows 11, system BIOS, and drivers. For those needing more robust virtualization capabilities, transitioning to Windows Server or exploring alternative virtualization platforms may be beneficial.