windows
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. Task Host is a core Windows system component that serves as a container for DLL-based processes, allows them to operate in the background, and ensures they close properly during shutdown […]
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. BitLocker is a Windows security feature that encrypts storage drives to prevent data theft. Windows computers typically enter BitLocker recovery mode after hardware changes or events such as TPM (Trusted Platform […]
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to “unexpectedly” upgrade to Windows Server 2025. The issue was first acknowledged by Microsoft in September 2024, following widespread reports from Windows admins regarding servers that had been automatically upgraded overnight to a Windows Server version for which they didn’t even have a license. […]
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. This Patch Tuesday also addresses eight “Critical” vulnerabilities, 7 of which are remote code execution flaws and the other is a denial of service flaw. The number of bugs in each vulnerability category is listed below: When GeekFeed reports on […]
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. Last week, the company suspended Windows Hardware Developer accounts used to publish Windows drivers and updates for widely used tools like WireGuard, VeraCrypt, MemTest86, and Windscribe. The suspensions […]
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. macOS users will benefit from this security feature in a future Chrome release that has yet to be announced. The new protection has been announced in 2024, and it works by cryptographically linking […]
Microsoft suspends dev accounts for high-profile open source projects
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. The list of affected projects includes, but is not limited to, Virtual Private Network (VPN) software WireGuard, on-the-fly encryption […]
Microsoft rolls out fix for broken Windows Start Menu search
Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. In a Windows release health update (WI1273488) seen by GeekFeed, Microsoft said these problems have affected only a small number of users since April 6 and are caused by a server-side […]
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process. Since, the security issue has no official patch and there […]
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. SaRA is a free scriptable tool that helps troubleshoot and resolve common issues with Office, Microsoft 365, Outlook, and Windows by running a series of automated diagnostic tests on Windows 7, Windows […]