#kb5070773

#kb5070773

What started in 2019 as a couple of utilities for things like window and shortcut management has gradually expanded to nearly 30 useful tools, including a keyboard shortcut creator, an image-to-text extractor, and a better search bar than the one that's built into Windows proper. PowerToys has become wildly popular among Windows power users, with more than 70 million downloads to date, but it's also completely free, with no ads, Office upsells, or ham-fisted Copilot integrations.

When Windows 10 was released in 2015, it was immediately controversial, with critics zeroing in on one feature in particular: telemetry. I spent many months in those early days reading one article after another on the subject that read, in retrospect, like entries from the diary of a mad conspiracy theorist.

This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon. We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).

But are things getting worse? According to Register readers, and the company's own release health dashboard, the answer has to be yes. It isn't just you. The frequency of emergency out-of-band releases for the company's operating systems has been rapidly increasing to the point where, for every Patch Tuesday update, there'll likely be at least one out-of-band patch to fix whatever got broken.

Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0 "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in an advisory released on February 17, 2026.

January 13 marked another milestone for legacy systems, as support for the software - codenamed Longhorn Server - expired for customers that bought Microsoft Premium Assurance (PA). Extended support ended for Windows Server 2008 on January 14, 2020. It was possible to keep the lights on until January 10, 2023, via Extended Security Updates. A fourth year came courtesy of Azure, which took the code to January 9, 2024, but that was it for anyone without PA.

Microsoft has issued an emergency patch designed to resolve a zero-day security vulnerability affecting several versions of Microsoft Office. Already exploited in the wild, the flaw could allow an attacker to skirt past Office's built-in security measures and send victims a malicious document. Zero-day vulnerability In a note published Monday, Microsoft revealed details behind the flaw, known as a Microsoft Office Security Feature Bypass Vulnerability.