Stay secure with patchingandsecuritystuff

Welcome to the Patchingandsecuritystuff blog, your go-to source for the latest security alerts, Microsoft vulnerabilities, and remediation strategies. We provide clear, actionable information to help you protect your Microsoft computers. Join us in staying ahead of cyber threats and ensuring a safer digital environment for everyone.

Read our latest news

November 23, 2025 -

Table of vulnerabilities

November 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses affect all versions of Windows, including Windows 10.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent. The zero-day threat concerns a memory corruption bug deep in the Windows innards called CVE-2025-62215. Despite the flaw’s zero-day status, Microsoft has assigned it an “important” rating rather than critical, because exploiting it requires an attacker to already have access to the target’s device.

Microsoft patched a critical bug in Office — CVE-2025-62199 — that can lead to remote code execution on a Windows system. Alex Vovk, CEO and co-founder of Action1, said this Office flaw is a high priority because it is low complexity, needs no privileges, and can be exploited just by viewing a booby-trapped message in the Preview Pane.

November 30, 2025 - I have been viewing and following some Microsoft windows problems this week . Here they are for your review.

Microsoft: Windows updates make password login option invisible

Microsoft has not released a workaround beyond using the invisible button functionality and said that it's working to resolve the problem, but has yet to provide a timeline for a fix.

However, it added that hovering over the space where the icon should appear reveals the button, allowing users to sign in with their password.

Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional.

On Windows 11, the password icon appears only if multiple sign-in options (e.g., PIN, security key, password, fingerprint) are available. If you only use a password, the icon may not appear at all since Windows will just show the password field by default.

As Microsoft revealed in updated support documents this week, users with multiple sign-in options enabled may still not see the password icon on the lock screen if they installed the August 2025 KB5064081 non-security preview update or subsequent updates on Windows 11 24H2 and 25H2 systems.

Item 2 - PATCHING OVER AND OVER in windows 11

Microsoft rolls out emergency fix for Windows Update issue | PCWorld

Microsoft has begun rolling out update KB5072753, a new emergency out-of-band patch for Windows 11 that fixes a bug that was introduced in November’s KB5068966 update. The bug in question caused Windows Update to try to install the same update over and over again, even though it was already installed.

Microsoft describes the problem as follows: “After you install the November 2025 Hotpatch update (KB5068966) on Windows 11, version 25H2, Windows Update might download and install the update again. This doesn’t affect functionality. Only the update history will show the latest installation time.”

According to BleepingComputer, update KB5068966 is fully replaced by the newer out-of-band update KB5072753, so if you install the latter, you don’t need to install the former as well. Windows 11 users don’t need to take any action themselves, as Microsoft will automatically roll out KB5072753 to all Windows 11 25H2 machines via Windows Update.

Item 3 - Windows may attempt to install and run 2 'copilot' sessions

Windows 11 is about to get a lot more confusing

Some Copilot+ PC users might come across the fact that they now have two Copilot icons instead of one. Microsoft is testing a new feature labeled "Ask Microsoft 365 Copilot" located specifically within the "Home" tab. When a user hovers over a file in the "Recommended" or "Recent" sections, the new option will appear. Clicking "Ask M365 Copilot" sends the selected file to the Microsoft 365 Copilot app.

December 8, 2025 - The day before patch Tuesday. This will be catchup, odds and ends in the press for Windows before new patches

Credit original to Sergiu Gatlan , https://www.bleepingcomputer.com/author/sergiu-gatlan/

Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks.

Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files.

Threat actors distribute these files in ZIP or other archives because email platforms commonly block .lnk attachments due to their risky nature.

More detailed info at this link - Microsoft "mitigates" Windows LNK flaw exploited as zero-day

item 2 for December 8th, 2025

Windows 11 KB5070311 update fixes File Explorer freezes, search issues

This is an optional update.

Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues.

However, unlike Patch Tuesday cumulative updates, the monthly non-security preview updates contain only quality improvements and do not include security fixes.

With the KB5070311 November optional update, Microsoft addressed a known issue that occurred after installing the latest updates, causing the explorer.exe process and the taskbar to stop responding after certain notifications.

It also fixes a bug that caused File Explorer search issues with some SMB (Server Message Block) shares, as well as an issue affecting the Local Security Authority Subsystem Service (LSASS) that made it unstable due to an access violation.

January 27, 2026 - This has been a VERY interesting and VERY eventful time in my job duties and awareness in providing cybersecurity and patching for my employer . This month in my personal home computers and my working environment, I have had to delay ( and glad i did ) the rollout of some windows 11 patches that have ended up causing problems with RDP and booting of windows 11 laptops. I will also be adding to the "remediation" section some directions on rolling back patches that have failed . Some of the steps are fairly easy, especially if you took a

'restore point' prior to starting to patch your windows 11 system. I will also post some info regarding 'how to set a restore point'.

Please see below for some links explaining the various issues that users have been having this January 2026 patch cycle with windows 11.

I have been tracking this series of problems this month and it seems to begin being reported about January 19th - Microsoft released the first Patch Tuesday updates of 2026 on Windows 11 under KB5074109 and KB5073455. They caused problems of RDP and booting. Patch fixes were released under following numbers - They are available under KB5077744 for Windows 11 25H2, 24H2, KB5077797 on Windows 11 23H2, KB5077796. It seems there were then some problems with those patches as well and more were released. I will get to that in a moment.

These Out of Band updates are only available for manual downloading. Head over to the official Microsoft support articles on instructions on how to get them from the Update Catalog: KB5077744 / KB5077797 / KB5077796 / KB5077795.

After 23 January, another bug in patched windows 11 systems appeared and manifested in some systems working with cloud apps or connecting remotely and or via cloud to dropbox, outlook or Onedrive. If you are affected , you can apply this patch OVER existing patches without needing to roll back or do a patch uninstall for the OUTLOOK , dropbox or onedrive errors only. I am not seeing an indication that this fixed the boot problems or RDP.

HERE is the KB number for the the outlook dropbox issue patch in windows 11 .

KB5078127 update for version 24H2 and 25H2 should mitigate this need.

"An out-of-band (OOB) update was released today, January 24, 2026, to address this issue," Microsoft says in newly published documentation. "This cumulative update includes all protections and improvements from the January 2026 Windows security update released January 13, 2026, as well as from the OOB update released on January 17, 2026 (which introduced fixes for two known issues: remote desktop connections and hibernation failures)."

If you would like 'system restore' point and tool use directions , proceed over to "remediation" in this blog website and look for January 27th entry please.