security updates

Microsoft’s April 14, 2026 Windows 11 security update KB5083769, and the later optional preview update KB5083631, can stop some third-party backup tools from mounting disk images because Windows is now blocking vulnerable versions of the Macrium-associated psmounterex.sys kernel driver. That is...

Microsoft’s April 2026 Windows security updates have created an awkward Remote Desktop moment: a security feature designed to make RDP files safer can itself become hard to read on some multi-monitor systems. The confirmed issue affects the new warning dialog shown when users open Remote Desktop...

Windows 11 users are getting a clearer warning system for one of the platform’s most important security foundations, and that matters far beyond a simple UI tweak. Microsoft is now surfacing Secure Boot certificate status directly in the Windows Security app, giving people a fast answer to a...

Microsoft’s April 2026 Windows 11 quality updates are doing exactly what modern Patch Tuesdays so often do: tightening security in one area while creating friction in another. KB5083769 for Windows 11 25H2 and 24H2 introduces new Remote Desktop safeguards meant to blunt spoofing attacks tied to...

Microsoft has assigned CVE-2026-35431 to a Microsoft Entra ID Entitlement Management spoofing vulnerability, but the public confidence signal attached to the entry is what makes this disclosure especially important. Microsoft’s Security Update Guide uses that metric to express how certain it is...

Microsoft’s entry for CVE-2026-32086 is a reminder that some of the most operationally important Windows flaws arrive with very little fanfare but a clear tactical message: patch quickly, because the bug sits in a core local privilege boundary and Microsoft is signaling that the issue is real...

Although Microsoft’s Exchange Server security-update cadence has been unusually quiet in the months after Exchange 2016 and Exchange 2019 reached end of support, April 2026 is different for one important reason: it is the final month of the temporary Extended Security Update program, and...

Microsoft’s latest Windows update strategy is drawing fresh criticism because it extends a familiar pattern into territory that many users will find hard to ignore: if your PC is running an eligible consumer edition of Windows 11 and falls behind support, the company is increasingly willing to...

Windows 11 is getting a fresh round of Insider-only refinements in Build 26300.8142, and this flight is less about flashy consumer features than about sharpening the platform’s underpinnings. Microsoft is using the Dev Channel to test Administrator Protection, a touchpad control for the...

CVE-2026-23253 is another reminder that not every security-relevant kernel issue begins with a dramatic buffer overflow or a flashy exploit chain. In this case, Microsoft’s Security Response Center has published a vulnerability entry tied to the Linux media stack, specifically the dvb-core...

Microsoft’s CVE pages are often the first place administrators, analysts, and reporters look when a new flaw lands in Windows, Office, Exchange, or another Microsoft product. When that page is unavailable, slow, or difficult to navigate, it can feel like the whole disclosure process has gone...

Windows 10 has reached a genuine turning point: Microsoft ended mainstream security support on 14 October 2025, and the clock is already ticking on the one-year consumer Extended Security Updates bridge that runs only until 13 October 2026. For millions of households and small businesses, that...

Microsoft Edge’s security story has become less about isolated browser patches and more about following the flow of Chromium fixes as they move from Google’s upstream codebase into Microsoft’s release train. For enterprise admins, that means the real question is not simply whether a...

Chromium’s CVE‑2026‑3926 — an out‑of‑bounds read in the V8 JavaScript engine — was cataloged in Microsoft’s Security Update Guide (SUG) because Microsoft Edge (the Chromium‑based browser) consumes upstream Chromium open‑source code; the SUG entry exists to tell Edge users whether Microsoft’s...

Mozilla's latest posture on legacy Windows is a study in trade-offs: the organization will continue shipping security patches for Firefox 115 ESR to machines still running Windows 7, Windows 8, and Windows 8.1 — but it admits doing so is increasingly expensive, fragile, and ultimately risky for...

Mozilla has quietly given Windows 7 and its siblings another lease on life by keeping the Firefox 115 Extended Support Release (ESR) safety net open for a little while longer — but that extra time is both a pragmatic lifeline for legacy users and a final countdown that IT teams and hobbyists...

Microsoft shipped the March 10, 2026 cumulative update for Windows 11 version 26H1 — KB5079466 — moving eligible systems to OS Build 28000.1719 and delivering a mix of security hardening, reliability fixes, and servicing updates aimed at the new 26H1 platform. While the release contains no...

The Go standard library's html/template package has a newly disclosed security flaw — tracked as CVE-2026-27142 — that can leave web applications vulnerable to cross-site scripting (XSS) when untrusted values are templated into the content attribute of HTML meta tags, particularly those using...

Microsoft’s March 2026 Patch Tuesday brings a sizeable cumulative update for Windows 11 that folds a handful of user-facing conveniences and several enterprise-grade capabilities into the monthly security rollup — and, importantly, it introduces Sysmon as an optional, in‑box feature for the...

Microsoft has issued coordinated security updates to fix CVE-2026-26115, a newly disclosed elevation of privilege (EoP) vulnerability in Microsoft SQL Server; if you run any supported SQL Server release, your immediate action is to identify the exact build you’re running, match it to Microsoft’s...