Windows 11’s security situation continues to deteriorate. Users and businesses, especially the latter, are facing two risky developments: first, a new AI-powered malware threat, and second, additional emergency updates from Microsoft fixing critical security vulnerabilities.
This combination highlights just how rapidly the threat landscape in the Windows environment is changing these days.
AI malware uses new tricks
At the center is a new piece of malware called “DeepLoad,” which differs from conventional malware: instead of delivering suspicious files to the computer, it relies on a so-called “fileless” attack method.
Specifically, users are tricked into entering seemingly harmless commands into Command Prompt or PowerShell. It’s through this action that the infection is actually triggered—and traditional antivirus scanners, which primarily react to known files, often fail to detect it.
Once the system has been compromised, malware can establish a permanent foothold and communicate with the attackers’ servers via legitimate Windows tools. The primary goal is to steal login credentials, particularly in corporate environments.
AI is changing the threat landscape
For you as a user, this means one thing above all: traditional protection mechanisms are increasingly reaching their limits. AI-powered malware can dynamically adapt its code, making it significantly harder to detect.
At the same time, the time between a security vulnerability being discovered and the first attacks is shrinking.
For home users, the risk is currently lower than in corporate environments. Nevertheless, even everyday attacks are increasingly relying on deception rather than technology.
What you should do now
Even though many current attacks specifically target businesses, there are some basic measures you can start taking right now:
- Install Windows updates as soon as possible.
- Never execute any commands in PowerShell or Command Prompt if you don’t know exactly what they’re doing 100%.
- Be suspicious of instructions found online or in emails—especially in unsolicited emails, which is a red flag of a phishing scam.
- Use up-to-date security software as an additional layer of protection. If you don’t have security software, start with PCWorld’s picks for the best antivirus apps on Windows.
Emergency Windows 11 updates
In parallel, Microsoft already released emergency security updates in mid-March. These primarily affect Windows 11 Enterprise versions such as 24H2 and 25H2, as well as the LTSC variant.
Several critical vulnerabilities in Routing and Remote Access Service (RRAS) have been patched. Attackers could exploit these flaws to execute malicious code remotely and take complete control of a system. In some scenarios, simply connecting to a compromised server was enough for an attack to succeed.
Microsoft Office also affected
The current issues are part of a wider trend. On Patch Tuesday in March, Microsoft patched more than 80 vulnerabilities, including critical flaws in Excel and other Office applications. In some cases, simply opening the preview pane in Outlook was enough to execute malicious code.
Furthermore, initial examples show that AI features such as Copilot can also create new attack vectors—for instance, when data is inadvertently passed on via automated processes.
By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro. To learn more, see our comparison of Windows 11 Home and Pro. If you want to upgrade, snag it for cheap in the PCWorld Software Store: now just $59 instead of $99.
