patch management

Microsoft pushed a string of Windows updates over the weekend that try to clean up several regressions introduced by the January Patch Tuesday rollouts — and at the same time have started a phased, OS-driven refresh of Windows' Secure Boot certificates that will touch millions of devices ahead...

A routine January Patch Tuesday update left a significant slice of Windows users temporarily unable to rely on core productivity workflows after the January 13, 2026 cumulative update (KB5074109) introduced regressions that broke parts of classic Outlook and disrupted remote access for some...

CISA’s Federal KEV feed has been updated to include a new high‑risk VMware flaw: CVE-2024-37079, a critical heap‑overflow / out‑of‑bounds write in Broadcom VMware vCenter Server that can lead to remote code execution, and which CISA says meets the agency’s threshold of “evidence of active...

Johnson Controls’ iSTAR Configuration Utility (ICU) tool has a newly disclosed vulnerability — a stack‑based buffer overflow assigned CVE‑2025‑26386 — that can crash the Windows host running the utility and, in certain conditions, enable more severe host‑impact outcomes if exploited. The...

Nearly nine out of ten large organisations exposed to vulnerabilities that are already being exploited in the wild leave those critical weaknesses unpatched for six months or longer, a new analysis of more than 2,000 firms indicates — a finding that sharpens focus on a long‑running problem in...

Microsoft’s January Windows 11 cumulative update left a narrow but disruptive footprint: on some devices running Windows 11, version 23H2 with System Guard Secure Launch enabled, the system may restart instead of powering off or entering hibernation — and Microsoft published an emergency...

Microsoft’s January update cycle took an unexpected detour this week when a Patch Tuesday release introduced a narrowly scoped but disruptive regression that left some Windows 11 systems unable to shut down or enter hibernation, forcing Microsoft to ship emergency out‑of‑band (OOB) updates on...

Microsoft’s January Patch Tuesday brought a familiar trade‑off: a broad security rollup that closed dozens of vulnerabilities — and, for a narrowly defined set of systems, an unexpected regression that prevents shutdown and hibernation from completing as intended. The bug, tied to the Windows 11...

Microsoft has acknowledged that its January 2026 Windows 11 cumulative updates introduced multiple regressions — notably a shutdown/hibernation failure tied to System Guard Secure Launch and authentication breaks for Azure Virtual Desktop (AVD) and Windows 365 — and within days shipped targeted...

Microsoft has publicly and unequivocally said it will not deliver a packaged “Windows 8.1 Update 2,” choosing instead to continue delivering improvements through its regular monthly servicing cadence. Background / Overview Windows 8.1 launched as Microsoft’s response to early criticism of...

Microsoft’s Security Update Guide (SUG) lists CVE-2026-0908 — a use-after-free in ANGLE inside Chromium — not because Microsoft created the bug, but because Microsoft Edge (the Chromium-based builds) consumes Chromium’s open-source components and Microsoft needs to tell Edge customers when a...

Microsoft’s assignment of CVE‑2026‑20960 to a Microsoft Power Apps Remote Code Execution (RCE) issue is an operational red flag for administrators and developers, but it is also a textbook case in why the vendor’s confidence signal matters as much as the CVE label itself. The MSRC entry confirms...

Microsoft has quietly pushed an out‑of‑cycle set of patches that touches a wide swath of Windows platforms — from legacy desktop builds to server editions and even Windows RT — and includes cumulative fixes for Internet Explorer that close severe, remotely exploitable bugs. The releases, which...

Microsoft quietly closed the book on another long‑running Windows codebase this week — the Vista‑era Server 2008 line reached the absolute end of vendor updates after 18 years — even as a handful of high‑profile patches, rollbacks and component updates kept administrators busy: Microsoft shipped...

Microsoft has quietly shipped a set of emergency, out‑of‑band updates to repair a Kerberos authentication regression that broke sign‑ins and remote access on domain controllers after the November 8, 2022 Patch Tuesday rollup — and administrators must install the fixes manually on every Domain...

Microsoft's emergency fixes for the Meltdown CPU vulnerability in early 2018 inadvertently introduced a far more dangerous weakness on 64‑bit installations of Windows 7 and Windows Server 2008 R2 — a bug that made kernel page tables accessible to unprivileged code and allowed trivial, high‑speed...

CISA has added a Microsoft Windows information‑disclosure vulnerability tracked as CVE‑2026‑20805 to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and triggering urgent remediation expectations under Binding Operational Directive (BOD) 22‑01 for...

A newly logged elevation‑of‑privilege flaw in the Host Process for Windows Tasks (taskhostw.exe / taskhostex.exe) gives local authenticated users a path to SYSTEM‑level effects by abusing improper link resolution (commonly called “link following”) in scheduled‑task/hosted‑task file operations —...

Microsoft’s public record does not currently include a detailed technical advisory for CVE-2026-20941, but the operational realities and mitigation priorities are clear: this identifier is logged as an elevation‑of‑privilege issue tied to the Host Process for Windows Tasks (taskhostw/taskhostex)...

Microsoft's advisory listing for CVE-2026-20958 places the vulnerability squarely in the category security teams take most seriously: a vendor‑acknowledged SharePoint flaw tied to information disclosure that demands immediate patch‑and‑hunt workflows, careful exposure reduction, and post‑patch...