Windows Server 2025 Archives

Winsage

November 25, 2025

Microsoft to remove WINS support after Windows Server 2025

Microsoft will remove the Windows Internet Name Service (WINS) from all future Windows Server releases after November 2034. WINS was officially deprecated with Windows Server 2022 in August 2021, and Windows Server 2025 will be the last version to support it. Standard support for WINS will continue until November 2034. Organizations are encouraged to migrate to DNS-based name resolution solutions before this deadline. The removal will include the WINS server role, management console snap-in, automation APIs, and related interfaces. Microsoft recommends auditing services dependent on NetBIOS name resolution and migrating to DNS solutions. Static host files are not advised as a workaround. Organizations should begin migration planning to avoid operational disruptions.

Winsage

November 24, 2025

Microsoft Retires WINS in Windows Server 2025

Microsoft has officially retired the Windows Internet Name Service (WINS) as part of the transition to modern DNS-based solutions. WINS, which resolved NetBIOS names to IP addresses, is being phased out due to its outdated nature and security vulnerabilities. It was deprecated with the release of Windows Server 2022 and will be completely removed in future releases, although support will continue until November 2034. Organizations are encouraged to transition to DNS and identify systems relying on WINS for name resolution. They should implement features like conditional forwarders and update or retire legacy applications that depend on WINS.

Winsage

November 21, 2025

CVE-2025-50165: Critical Flaw in Windows Graphics Component

In May 2025, Zscaler ThreatLabz identified a critical remote code execution vulnerability, CVE-2025-50165, with a CVSS score of 9.8, affecting the Windows Graphics Component within the windowscodecs.dll library. Applications relying on this library, including Microsoft Office documents, are vulnerable to exploitation via a malicious JPEG image. When a user opens such a file, their system can be compromised, allowing remote code execution. Microsoft released a patch for this vulnerability on August 12, 2025, affecting several versions of Windows, including Windows Server 2025 and Windows 11 Version 24H2 for both x64 and ARM64-based systems. ThreatLabz recommends that all Windows users update their applications to the patched versions. The attack chain involves crafting a JPEG image to exploit the vulnerability, which can be triggered directly or indirectly through other files. The vulnerability's analysis revealed issues with uninitialized memory and the need for a Control Flow Guard bypass for exploitation. Attackers can manipulate the instruction pointer through heap spraying and Return-Oriented Programming. ThreatLabz developed a Proof-of-Concept application to demonstrate the exploitation process and has implemented protective measures against the vulnerability.

Winsage

November 19, 2025

Sysmon – Go-to Tool for IT Admins, Security Pros, and Threat Hunters Coming to Windows

Microsoft will integrate native System Monitor (Sysmon) functionality into Windows 11 and Windows Server 2025, enhancing security operations for IT teams. This integration will provide instant threat visibility, automate compliance through Windows Update, and include features such as process monitoring, network connection tracking, credential access detection, file system monitoring, process tampering detection, WMI persistence tracking, and custom configuration support. It will also offer official customer service support and allow seamless access to events through Windows Event Logs or Security Information and Event Management (SIEM) systems. Administrators can enable Sysmon using the command "sysmon -i." Future plans include expanding Sysmon’s capabilities with enterprise-scale management and AI-powered detection.

Winsage

November 19, 2025

Microsoft Integrates System Monitor (Sysmon) into Windows 11

Microsoft will integrate its forensic tool, System Monitor (Sysmon), into the Windows kernel with the upcoming releases of Windows 11 and Server 2025. This integration will transform Sysmon from a standalone utility into a native “Optional Feature” that will be serviced automatically through Windows Update. Administrators will no longer need to manually distribute Sysmon; instead, it can be activated through the “Turn Windows features on or off” dialog or command-line instructions. The integration will ensure that updates flow through the standard Windows Update pipeline, providing official support and Service Level Agreements (SLAs) for Sysmon. Microsoft plans to utilize local computing capabilities for AI inferencing to enhance security measures, focusing on detecting credential theft and lateral movement patterns. Sysmon will maintain backward compatibility with existing workflows, allowing the use of custom configuration files and adhering to the XML schema while continuing to log events to the Windows event log. Community-driven configuration repositories will remain operational, preserving established community knowledge.

Winsage

November 18, 2025

Microsoft is bringing native Sysmon support to Windows 11, Server 2025

Microsoft is integrating Sysmon into Windows 11 and Windows Server 2025, eliminating the need for separate deployments of Sysinternals tools. This integration will allow users to utilize custom configuration files for filtering captured events, which will be logged in the Windows event log. Sysmon is a free tool that monitors and blocks suspicious activities while logging events such as process creation, DNS queries, and executable file creation. It will be easily installable via the "Optional features" settings in Windows 11, with updates delivered through Windows Update. Sysmon will retain its standard features, including support for custom configuration files and advanced event filtering. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025, eliminating the need for standalone deployment. Sysmon will allow users to utilize custom configuration files for event filtering, logging events in the Windows event log. It tracks events such as process creation, DNS queries, executable file creation, changes to the clipboard, and auto-backup of deleted files. Users can access Sysmon through "Optional features" in Windows 11 and receive updates via Windows Update. Key events logged by Sysmon include process creation, network connections, process access, file creation, process tampering, and WMI events. Comprehensive documentation and new enterprise management features will be released next year.

Winsage

November 18, 2025

Microsoft Unveils Windows 11 Security, Resilience Features

Microsoft is enhancing the security framework of Windows through the Secure Future Initiative, focusing on trust, privacy, and enterprise controls. Key features include the introduction of Post-Quantum Cryptography (PQC) APIs for quantum-safe encryption, and an upgrade to BitLocker with hardware-accelerated support for improved disk encryption, set to roll out on new Windows 11 devices in Spring 2026. Microsoft is also integrating passkey manager support with Windows Hello, allowing users to choose from various passkey managers. Windows 11 employs App Control for Business to ensure only trusted applications run, while Microsoft Intune’s Managed Installer helps IT teams manage business applications. Additionally, Sysmon functionality will be integrated into Windows 11 and Windows Server 2025 for better threat detection. Microsoft is implementing Zero Trust DNS for encrypted name resolution and supporting Wi-Fi 7 for Enterprise with WPA3-Enterprise authentication. The Windows Resiliency Initiative (WRI) includes stricter driver standards, a shift in antivirus enforcement from kernel to user mode, and new safeguards like driver isolation and DMA remapping to enhance system stability.

Winsage

November 12, 2025

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft has identified a vulnerability in its Windows operating system, designated as CVE-2025-62215, which allows for elevation of privilege within the Windows Kernel. This flaw is currently being exploited in real-world scenarios. Published on November 11, 2025, CVE-2025-62215 is classified as an Important issue and arises from a race condition and improper memory management leading to a double-free scenario. Exploiting this vulnerability requires a high complexity attack and can grant SYSTEM-level privileges to an attacker who is already an authorized user. The affected Windows versions include: - Windows 10 (various builds): KB5068858, November 12, 2025 - Windows 11 version 22H2: KB5068865, November 12, 2025 - Windows 11 version 23H2: KB5068862, November 12, 2025 - Windows 11 version 24H2: KB5068861, November 12, 2025 - Windows Server 2019: KB5068859, November 12, 2025 - Windows Server 2022: KB5068860, November 12, 2025 - Windows Server 2025: KB5068861, November 12, 2025 Organizations are urged to prioritize patching CVE-2025-62215, especially on servers and administrative workstations, as there are currently no workarounds available.

Winsage

November 12, 2025

Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege

Microsoft has identified a critical vulnerability, CVE-2025-62215, affecting the Windows Kernel, which is currently being exploited. This flaw, rated as Important, involves an elevation of privilege issue due to improper synchronization of shared resources, categorized under race condition (CWE-362) and double free (CWE-415). Exploitation requires high complexity and local authorization, allowing attackers to gain SYSTEM privileges for significant control over the system. The vulnerability affects various versions of Windows, including Windows 10, Windows 11 (multiple versions), and Windows Server (2019, 2022, and 2025), with patches released on November 12, 2025. Organizations are advised to prioritize swift patching and detection efforts, especially for servers and administrative workstations.