patch tuesday

Microsoft’s March 10, 2026 Patch Tuesday closed a race‑condition hole in the Windows Device Association Service that could allow a local, authorized user to escalate privileges to a more powerful account on affected machines, forcing administrators to prioritize testing and deployment of the...

Microsoft has published a vendor-acknowledged security update fixing CVE-2026-24294, an elevation-of-privilege (EoP) defect in the Windows SMB Server component that Microsoft classifies as Important and maps into the March 10, 2026 Patch Tuesday rollup; administrators should treat this as a...

Microsoft pushed emergency fixes on March 10, 2026 to address CVE-2026-24293, a high-impact elevation-of-privilege vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys) that can allow a locally authenticated low-privileged user to gain SYSTEM-level rights. The bug is...

Microsoft’s March Patch Tuesday added another Windows kernel elevation-of-privilege entry to the list: CVE-2026-24289, an Important-rated Windows Kernel vulnerability that Microsoft patched as part of the March 10, 2026 security updates. This is one of dozens of elevation-of-privilege (EoP)...

Microsoft shipped an urgent fix on Patch Tuesday for a newly catalogued elevation-of-privilege flaw in the Windows Universal Disk Format File System Driver (UDFS), tracked as CVE-2026-23672, closing a local attack path that could let low‑privilege users escalate to SYSTEM on affected machines...

Microsoft’s March 2026 Patch Tuesday brings a sizeable cumulative update for Windows 11 that folds a handful of user-facing conveniences and several enterprise-grade capabilities into the monthly security rollup — and, importantly, it introduces Sysmon as an optional, in‑box feature for the...

Microsoft’s Exchange engineering team has told administrators there are no security updates for on‑premises Exchange Server this month — an explicit, scheduled announcement that matters because a subset of customers remain on the vendor’s short, paid Extended Security Update (ESU) runway that...

Microsoft’s February security update closed a dangerous loophole in the modern Windows Notepad app that let a crafted Markdown (.md) document turn into a remote code execution (RCE) trap when a user clicked a malicious link—an issue tracked as CVE‑2026‑20841 and fixed as part of Patch Tuesday...

Microsoft's February cumulative, KB5077181, is Microsoft's formal response to a class of boot failures that first surfaced after the January 13, 2026 security rollup (KB5074109), but the fix's arrival has exposed a complex truth: the problem was real, Microsoft has declared it resolved for...

Microsoft’s Windows story this week is less about headline-grabbing new features and more about course corrections, security hardening, and the quiet work required to keep a decades‑old platform usable for millions of workflows — from vertical monitor power users to enterprise administrators...

Microsoft’s February 10, 2026 cumulative updates for Windows 11 quietly carried more than routine security fixes — they continued a staged rollout that will refresh the operating system’s Secure Boot certificate chain ahead of a looming expiry window that begins in June 2026. What looks like a...

If you’re running Windows 11, update now — Microsoft has closed a high‑severity remote code execution flaw in the modern Notepad app that could let a single click in a Markdown file turn into code execution under your user account. Background: Notepad’s unexpected attack surface Notepad has been...

Microsoft issued an urgent fix this week for a high‑severity vulnerability in the modern Windows Notepad app that could allow an attacker to execute arbitrary commands on a target PC simply by getting a user to open a specially crafted Markdown (.md) file and click a link inside it. The flaw...

Microsoft’s February Patch Tuesday closed a dangerous loophole in the modern Windows Notepad app that could let a deceptively simple Markdown (.md) file become an engine for remote code execution when a user clicked a crafted link. Background / Overview Notepad’s recent transformation from a...

Microsoft’s February Patch Tuesday closed a dangerous loophole in the modern Notepad app that could let an attacker turn a simple Markdown (.md) file into a remote code execution (RCE) trap — a single click on a crafted link inside Notepad’s Markdown view could launch unverified protocols and...

Microsoft’s February 2026 Patch Tuesday for Windows 11 arrived as a workmanlike but meaningful quality release: KB5077181 (OS Build 26200.7840 / 26100.7840) stitches together months of Release Preview testing, restores several long‑requested controls, modernizes niche platform stacks (notably...

A widely deployed January servicing update has created a surprising reliability problem: some Windows PCs now refuse to power off cleanly, instead restarting, hanging on “Shutting down,” or powering back on after appearing to shut down — and the same regression that showed up first on Windows 11...

Microsoft’s leaders no longer dispute that Windows 11 has serious, real-world reliability problems — the company has publicly acknowledged the fallout from January’s updates, called engineers back from feature work to “swarm” on fixes, and has begun shipping emergency out‑of‑band patches to stem...

Microsoft’s own release notes now show the shutdown-and-hibernate regression that began with January’s Patch Tuesday is not fully fixed: while Microsoft’s mid‑January out‑of‑band (OOB) update addressed many machines, a residual population of PCs — specifically those with System Guard Secure...

Microsoft moved quickly to contain a damaging January 2026 update cycle that introduced multiple high‑impact regressions across Windows 11 branches, shipping targeted out‑of‑band (OOB) fixes within days and publicly committing engineering resources to a reliability‑first posture aimed at...