security update

Mozilla pushed a small but important maintenance release for the stable channel this week: Firefox 147.0.4 ships a targeted user-experience fix that stops some users from seeing a blank New Tab (about:home/about:newtab) and closes a heap-buffer-overflow in the libvpx video codec (tracked as...

I’m on Windows 11 Home 25H2, OS Build 26200.7623. KB5077181 repeatedly fails to install with error 0x800f0983 (download completes, install phase fails, retries). I’ve already run the usual integrity checks (SFC/DISM) and they report no corruption, but the update continues to fail. I also tried...

Microsoft has quietly begun enforcing a long‑announced cleanup of Windows’ printing stack: starting with January 2026 updates, Windows 11 will stop servicing legacy V3 and V4 printer drivers through Windows Update and will prefer Microsoft's modern IPP inbox class driver and Print Support Apps...

Microsoft’s February 2026 cumulative for Windows 11, tracked as KB5077181, is now available and arrives as a focused security-and-quality rollup that folds in fixes from January preview packages while adding targeted hardenings and platform updates for both consumer and enterprise systems. The...

Microsoft’s Security Update Guide has recorded CVE‑2026‑0391 — a spoofing or UI‑misrepresentation flaw affecting Microsoft Edge (Chromium‑based) on Android — and organizations should treat it as an operational phishing‑enabler that demands immediate verification and patching. Background /...

Microsoft’s January cumulative for Windows 11, KB5074109, intended to harden Secure Boot and fix NPU power-drain problems, has instead introduced a cluster of high-impact regressions — from intermittent black screens on GPU systems to Outlook POP freezes, Azure Virtual Desktop authentication...

Short answer Microsoft lists CVE‑2026‑0905 in its Security Update Guide because the bug is an upstream Chromium (OSS) vulnerability that Microsoft Edge (Chromium‑based) consumes. The SUG entry tells Edge customers whether/when Microsoft has ingested the Chromium fix and shipped an Edge build...

Microsoft released the January 13, 2026 security baseline today — published as KB5074109 — and enterprise administrators should treat this as both a mandatory security checkpoint and a practical reminder about the new Hotpatch servicing cadence for Windows 11 Enterprise (24H2 and 25H2). The...

Microsoft’s first security update for Windows 10 in 2026, KB5073724, is a compact but consequential patch: it’s a security-only cumulative for Extended Security Update (ESU) and LTSC devices that removes legacy modem drivers, prepares devices for Microsoft’s replacement Secure Boot certificates...

Microsoft has confirmed that an August 2025 security update intended to close a Windows Installer privilege‑escalation hole instead changed MSI repair behavior in ways that produced unexpected User Account Control (UAC) prompts and silent repair failures for many non‑administrator users across a...

Microsoft’s advisory record and community triage indicate a local Elevation of Privilege vulnerability affecting the Capability Access Management Service (camsvc) identified as CVE‑2026‑21221, but the public technical footprint remains deliberately sparse: the MSRC Security Update Guide entry...

Microsoft has published a Security Update Guide entry for CVE-2026-20951, a Microsoft Office SharePoint Server remote code execution (RCE) vulnerability included in the January 2026 security rollup, and administrators running on‑premises SharePoint should treat it as a high‑priority...

A time‑of‑check/time‑of‑use (TOCTOU) race condition in the Windows Installer service has been cataloged as CVE‑2026‑20816 and is being treated as a high‑priority local elevation‑of‑privilege (EoP) vulnerability that can allow an authorized local account to escalate to administrative or SYSTEM...

A newly disclosed elevation‑of‑privilege issue affecting Windows Admin Center (WAC) stems from improper verification and handling of trusted artifacts and allows a local, authorized attacker to escalate privileges on a host running WAC; operators should treat affected management hosts as...