Microsoft issued out-of-band updates to fix two critical issues affecting Windows 10, Windows 11, and Windows Server. One problem disrupts remote desktop access to Microsoft 365 Cloud PC sessions, while the other prevents some Windows 11 devices with Secure Launch from shutting down or hibernating.

Microsoft addressed a problem where third-party security software falsely flagged WinSqlite3.dll, a core Windows component, as vulnerable. The company updated the DLL in January 2026, encouraging users to install the latest updates for their devices. This issue affected both Windows 10 and 11, as well as Windows Server versions 2012 to 2025.

Microsoft’s November 2025 Patch Tuesday updates resolved 63 vulnerabilities, including a critical zero-day in the Windows kernel actively under attack. The updates also addressed an Office vulnerability allowing unauthorized code execution. This month saw a significant decrease in reported flaws compared to October.

Microsoft is rolling out smartphone-like app permission prompts in Windows 11, allowing users to control access to sensitive resources like files and cameras. This change aims to enhance user consent and privacy, addressing issues with apps overriding settings or installing unwanted software. The updates are part of the Secure Future Initiative following a recent security breach.

Microsoft has identified a new malware, Lumma, which has been found on approximately 394,000 Windows PCs. The Lumma password stealer is designed to capture sensitive login information, raising significant security concerns for users. Microsoft is urging users to take precautions to protect their devices from this threat.

Microsoft's August 2025 Patch Tuesday addressed 107 vulnerabilities, including a critical zero-day in Windows Kerberos that could allow domain administrator privilege escalation. The update also fixed thirteen critical vulnerabilities, predominantly related to remote code execution and information disclosure, highlighting ongoing security challenges for Windows users.