patch management

Nearly nine out of ten large organisations exposed to vulnerabilities that are already being exploited in the wild leave those critical weaknesses unpatched for six months or longer, a new analysis of more than 2,000 firms indicates — a finding that sharpens focus on a long‑running problem in...

Microsoft’s January Windows 11 cumulative update left a narrow but disruptive footprint: on some devices running Windows 11, version 23H2 with System Guard Secure Launch enabled, the system may restart instead of powering off or entering hibernation — and Microsoft published an emergency...

Microsoft’s January update cycle took an unexpected detour this week when a Patch Tuesday release introduced a narrowly scoped but disruptive regression that left some Windows 11 systems unable to shut down or enter hibernation, forcing Microsoft to ship emergency out‑of‑band (OOB) updates on...

Microsoft’s January Patch Tuesday brought a familiar trade‑off: a broad security rollup that closed dozens of vulnerabilities — and, for a narrowly defined set of systems, an unexpected regression that prevents shutdown and hibernation from completing as intended. The bug, tied to the Windows 11...

Microsoft has acknowledged that its January 2026 Windows 11 cumulative updates introduced multiple regressions — notably a shutdown/hibernation failure tied to System Guard Secure Launch and authentication breaks for Azure Virtual Desktop (AVD) and Windows 365 — and within days shipped targeted...

Microsoft has publicly and unequivocally said it will not deliver a packaged “Windows 8.1 Update 2,” choosing instead to continue delivering improvements through its regular monthly servicing cadence. Background / Overview Windows 8.1 launched as Microsoft’s response to early criticism of...

Microsoft’s Security Update Guide (SUG) lists CVE-2026-0908 — a use-after-free in ANGLE inside Chromium — not because Microsoft created the bug, but because Microsoft Edge (the Chromium-based builds) consumes Chromium’s open-source components and Microsoft needs to tell Edge customers when a...

Microsoft’s assignment of CVE‑2026‑20960 to a Microsoft Power Apps Remote Code Execution (RCE) issue is an operational red flag for administrators and developers, but it is also a textbook case in why the vendor’s confidence signal matters as much as the CVE label itself. The MSRC entry confirms...

Microsoft has quietly pushed an out‑of‑cycle set of patches that touches a wide swath of Windows platforms — from legacy desktop builds to server editions and even Windows RT — and includes cumulative fixes for Internet Explorer that close severe, remotely exploitable bugs. The releases, which...

Microsoft quietly closed the book on another long‑running Windows codebase this week — the Vista‑era Server 2008 line reached the absolute end of vendor updates after 18 years — even as a handful of high‑profile patches, rollbacks and component updates kept administrators busy: Microsoft shipped...

Microsoft has quietly shipped a set of emergency, out‑of‑band updates to repair a Kerberos authentication regression that broke sign‑ins and remote access on domain controllers after the November 8, 2022 Patch Tuesday rollup — and administrators must install the fixes manually on every Domain...

Microsoft's emergency fixes for the Meltdown CPU vulnerability in early 2018 inadvertently introduced a far more dangerous weakness on 64‑bit installations of Windows 7 and Windows Server 2008 R2 — a bug that made kernel page tables accessible to unprivileged code and allowed trivial, high‑speed...

CISA has added a Microsoft Windows information‑disclosure vulnerability tracked as CVE‑2026‑20805 to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and triggering urgent remediation expectations under Binding Operational Directive (BOD) 22‑01 for...

A newly logged elevation‑of‑privilege flaw in the Host Process for Windows Tasks (taskhostw.exe / taskhostex.exe) gives local authenticated users a path to SYSTEM‑level effects by abusing improper link resolution (commonly called “link following”) in scheduled‑task/hosted‑task file operations —...

Microsoft’s public record does not currently include a detailed technical advisory for CVE-2026-20941, but the operational realities and mitigation priorities are clear: this identifier is logged as an elevation‑of‑privilege issue tied to the Host Process for Windows Tasks (taskhostw/taskhostex)...

Microsoft's advisory listing for CVE-2026-20958 places the vulnerability squarely in the category security teams take most seriously: a vendor‑acknowledged SharePoint flaw tied to information disclosure that demands immediate patch‑and‑hunt workflows, careful exposure reduction, and post‑patch...

Microsoft’s registration of CVE‑2026‑20931 confirms a real elevation‑of‑privilege defect in the Windows Telephony Service, but the vendor’s public advisory intentionally withholds low‑level exploit primitives — making rapid patching and cautious, evidence‑based mitigations the right operational...

Microsoft has logged CVE-2026-20949 as a Security Feature Bypass affecting Microsoft Excel, and the entry in the Microsoft Security Response Center’s Update Guide highlights a constrained public description and an explicit report‑confidence signal that security teams must interpret when triaging...

Microsoft's security advisory entry for CVE-2026-20939 lists a new Windows File Explorer information disclosure vulnerability that was addressed in the January 13, 2026 security updates; affected systems should be treated as potentially exposed until updates are applied and mitigations are in...

Microsoft has recorded CVE-2026-20936 as an NDIS (Network Driver Interface Specification) information‑disclosure vulnerability in its Security Update Guide, and the entry — while terse — confirms a real defect affecting Windows’ networking driver stack that administrators should treat as a...