Long Live Windows 10. With 0patch.

If your organization is using Office 2016 or 2019 and isn’t ready for Microsoft’s end of support this October, we have a quick, simple, and affordable solution. A single 0patch license will cover Windows patches, Office patches, 0day patches and "wontfix" patches. Don't wait!.

End Of Security For Microsoft Office 2016 and 2019? Not With 0patch!

We'd like to thank Filip Dragović (@filip_dragovic). for sharing their finding and their POC, which allowed us to reproduce the issue and create patches for our users.

Micropatches Released for Windows Update Service Elevation of Privilege Vulnerability (CVE-2025-48799)

We'd like to thank @moiz_hehe  for sharing their finding and their POC, which allowed us to reproduce the issue and create patches for our users.

Micropatches have already been distributed to, and applied on, all affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings prevented that). As always, no reboot was required.

Micropatches were written for the following fully updated security-adopted Windows versions:. Windows 11 v21H2.Windows 10 v21H2.Windows 10 v21H1.Windows 10 v20H2.Windows 10 v2004.Windows 10 v1909.Windows 10 v1809.Windows 10 v1803.

Micropatches Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability (CVE-2025-21420)

Our researchers have confirmed this issue on freshly installed fully updated Windows Server 2025 domain controller, using a regular domain user as attacker. Instant domain controller BSOD by any domain user.

We'd like to thank Simon Lemire (@snowscan) for sharing their finding and their tool, which allowed us to reproduce the issue and create patches for our users.

Micropatches Released for "WSPCoerce" Coerced Authentication via Windows Search Protocol (NO CVE/WONTFIX)

We'd like to thank Remco van der Meer ( with Warpnet ( for sharing their research on this vulnerability.

Micropatches Released for Windows Local Session Manager (LSM) Denial of Service Vulnerability (CVE-2025-26651)

We would like to thank security researchers Alexandra Gofman and David Driker with @_CPResearch_ for detecting the exploitation and publishing their analysis, which made it possible for us to create a micropatch for this issue.

It turned out that all our security-adopted Windows versions were affected by this issue, so we created micropatches for them all. These are already distributed and applied to all online affected systems.

This exploited-in-the-wild issue is an interesting twist on binary planting that we were working on a decade and a half ago. The DLL/EXE search order just keeps on giving (to attackers, that is).

Micropatches Released for WEBDAV Remote Code Execution Vulnerability (CVE-2025-33053)

We would like to thank security researcher Zhiniang Peng (@edwardzpeng) for publishing their analysis, which made it possible for us to create a micropatch for this issue.

CVE-2025-29957 is a denial of service vulnerability allowing an attacker in the network to easily consume all available memory on a Windows Server with Windows Deployment Service installed. Our patch properly frees memory allocated by incoming requests (just like Microsoft's).

Micropatches Released for Preauth DoS on Windows Deployment Service (CVE-2025-29957)